Software Security Week 4 Quiz Answer
In this article i am gone to share Coursera Course Software Security Week 4 Quiz Answer with you..
Week 4 Quiz Answers
Why is waiting to think about security until after the software is built a bad idea?
- You might make critical mistakes in the software’s design
- You might miss important security requirements that necessitate a re-design
- Fixing problems once the software is built is more difficult and more expensive
- All of the above
What is an abuse case?
- A scenario that illustrates a system’s functional requirements
- A scenario that illustrates a potential failure in security under relevant circumstances
- An example of a heated disagreement between the security team and the development team
- An official report made by MITRE Corp that describes a discovered software vulnerability and possible abuse of it
Which of the following is a reason to make an explicit threat model when designing a system?
- So that you avoid an incoherent defense
- So you can defend against the most likely/costly/important attacks
- So you can explicitly list and challenge assumptions that underlie your design
- All of the above
Suppose you design software for a bank and the bank’s customers may remotely log into its site using commodity PCs. These PCs might have malware on them, which could log keystrokes or read files stored on the machine. Which threat model (using terms defined in the lectures) makes the most sense for you to consider, when designing the bank’s site?
- Network user
- Snooping user
- Malicious user
- Co-located user
What is a good defense against powers that are particular to a snooping user?
- Using encryption
- Using a firewall
- Using passwords to authenticate users
- Using a type-safe language
A denial of service attack violates what security policy/goal?
When talking about computer security, what do we mean by the term, principal?
- A method for delegation
- A foundational observation
- A rule of thumb for secure coding
- An actor, or role, that is the subject of a security policy
Passwords, biometrics, and user-owned SMS-receiving mobile phones are useful for what security mechanism?
- Small trusted computing base (TCB)
We identified several categories of secure design principles, with respect to how they deal with attacks. Running each browser tab in a separate OS process (as done by the Chrome browser) is an example of which category?
- Prevention (of an attack)
- Mitigation (of the damage from an attack)
- Recovery (from a successful attack)
- None of the above
Suppose you are implementing a graphical user interface for interacting with an implementation of the RSA cryptosystem, and you want to give users a way to generate new keys. Which of the following designs most takes security into account?
- Use a text box to ask the user to fill in how many bits they want their key to be
- Don’t ask the user about key size at all — always use 256 bits
- Ask the user, but set the default response to be 2048 bits, which is chosen based on the assumption of a strong adversary
- Allow the user to use a slider to choose the number of bits, setting slider initially to point at 2048 bits. As the user moves the slider to larger or smaller values, visualize the difference in relative protective power, e.g., using a meter.
Suppose you are implementing an extensible data management system. You want to accommodate plug-ins that can implement storage rules and query processing functionality for different data formats (e.g., relational data, object data, XML data, etc.). Which of the following designs most takes security into account?
- The plug-ins are linked directly in the address space of the data management software, ensuring high performance
- The plug-ins are implemented as separate OS processes; these processes communicate to/from the main process to handle queries/updates for the data formats they support
- The plug-ins are implemented as separate OS processes but which share memory with the main process (and may access its memory as well), for better efficiency. Queries/updates occur via inter-process communication.
- The plug-ins and the main data management software are linked into the operating system kernel as a special kind of device driver, to give them direct access to stable storage and the network stack, while the OS can enforce their security
Promoting privacy is a goal that follows from which category of secure design principle?
- It is an example of defense in depth because privacy is a deep topic that is often debated.
- It is an example of monitoring and recovery because failure to promote privacy could be discovered by monitoring
- It is an example of favoring simplicity because privacy is quite simply the right thing to do
- It is an example of trusting with reluctance because promoting privacy means sharing private information with as few software components as possible, meaning that fewer need to be trusted to protect the information
Encrypting a password database is an example of what category of design principle?
- It is an example of defense in depth
- It is an example of favoring simplicity
- It is an example of monitoring and recovery
Which of the following vulnerabilities can VSFTPD’s secure string library help protect against?
- Buffer overflow
- Integer overflow
- Privilege escalation
VSFTPD forks a new process to handle each client connection. It could have, instead, spawned a thread within the main process to handle each connection, as is done in many servers. How would this alternative design compare to the original?
- It would be equally secure and would perform better because threads are cheaper to manage than processes
- It would be more secure because threads are not subject to denial of service attacks but processes are
- It would be more secure because we could apply the SecComp system call to these threads, but could not do so for processes
- It would be less secure because a compromise by a malicious client in one thread could (more easily) access data used by another client’s thread, since they share the same address space
FTP servers can be asked to list a directory of files. VSFTPD could do this by calling the system’s ls (or dir) command, displaying the result to a client. But VSFTPD does not do this, and implements directory listings using the relevant system calls directly. Why might you argue that VSFTPD’s design makes sense from a security perspective?
- ls does more than is needed, and thus unnecessarily expands the TCB
- Calling ls doesn’t give us any way to employ fail-safe defaults
- Using ls provides less control over the output, which leaves users open to XSS-style attacks
- Calling ls involves forking a new process, which is less secure than running within the same process