Lecture 12: Program Security (Mar 3rd)

Lecture 12 was split between a presentation from Jeff on trusted computing and program security. Jeff's presentation covered what trusting computing meant with regards to the internet. He also covered the basics of what a null attack was. The lecture on program security covered how to find and fix faults, types of security flaws, and buffer overflows. The section on finding and fixing faults suggested that the best way to find faults is to allow users to test the program and report faults they find. The types of security flaws mentioned were: malicious, non-malicious, and unintentional. Malicious flaws are created in order to attack a particular system. Non-malicious flaws are sometimes features that are intended to be in the program, but when used by a malicious person can cause problems for the program. Finally non-malicious flaws are errors that were not intended by the programs creates. The last topic covered was buffer overflows. Buffer overflows occur when the program gets an input that is longer than the input that it was expecting. When this happens you don't know if the program is going to overwrite code or data with the extra input.