Program Security

.
 .

• The 3 important properties which ensures that a program is

secure is
1.Confidentiality
2.Integrity
3.Availability

• An assessment of security can be the quality of the software

• In general ,developers often look at the quantity and types of

flaws for evidence of a product’s quality
• One approach to judging quality in . security has been fixing faults
• “A software that has many faults early on is likely to have many
others still waiting to be found”
• Early work in security was based on the paradigm of “penetrate
and patch”, in which analysts searched for and repaired faults
quickly.
• However, this approach made the system less secure. There are 3
reasons why?
1. It focuses only on the fault and not on the context
2. Had many side effects
3. The system cannot be fixed properly because
system functionality or performance would suffer as a
consequence.
• The inadequacies of “penetrate.
and patch” approach led
researchers to seek a better way to be confident that code
meets its requirements.

• One way to do is to compare the requirements with the

behaviour

• The unexpected behaviour of system is called as program

security flaw

• These flaw are categorized into 2 types

1. Intentional
2. Inadvertent
 .
• Intentional flaws are further divided into
1. Malicious
2. Non- malicious

• Inadvertent flaws are further divided into

1. Validation error
2. Domain error
3. Serialization and aliasing
4. Inadequate identification and authentication
5. Boundary condition violation
6. Other exploitable logic errors