Chapter 3 - Secure Software Design Flashcards

1
Q

What causes the majority of software security issues?

A

Insecure or incomplete design.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What methods can be used for attack surface evaluation?

A

Threat models and misuse case modeling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the benefits to designing security into software?

A
  • Resiliency and recoverability
  • Quality, maintainability, less prone to errors
  • Minimal redesign and consistency
  • Addressed business logic flaws
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a business logic flaw?

A

A flaw where the software is operating as designed, but the design itself makes circumventing the security policy possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the difference between a flaw and a bug?

A

Flaws are design or architectural defects. Coding or implementation constructs that can cause a breach in security are bugs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a semantic issue?

A

A logic flaw.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the core security elements?

A

Confidentiality, Integrity, Availability, Authentication, Authorization, and Auditing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the types of cryptography?

A

Covert and Overt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the types of covert cryptography?

A

Steganography and digital watermarking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the types of overt cryptography?

A

Hashing and encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the types of encryption?

A

Symmetric and asymmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is “work factor”?

A

In cryptanalysis, the amount of work required to defeat an algorithm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the only provably unbreakable encryption?

A

The one time pad

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Describe symmetric encryption

A

It’s characterized by using a single key for encryption and decryption that must be shared between the sender and receiver.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the benefit to symmetric key encrryption?

A

It’s fast and efficient.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the challenges to symmetric key encryption?

A
  • Key exchange and management require a secure, out-of-band mechanism.
  • Scalability. Need a unique key for each pair of sender/recipient
  • No nonrepudiation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What kind of algorithm is RC-2?

A

Symmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What kind of algorithm is RC-4?

A

Symmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What kind of algorithm is RC-5?

A

Symmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the key size of DES?

A

56 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the key size of skipjack?

A

80 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the key size of IDEA?

A

128 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the key size of blowfish

A

128 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is the key size of 3DES?

A

168 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is the key size of twofish?

A

256 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the key size of RC6?

A

256 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is the key size of AES/Rijndael?

A

256 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What other term is used for nonrepudiation protection?

A

Proof-of-origin protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What advantages does public key crypto have?

A
  • Key exhange is easier.
  • Scalability. Each user only needs 2 keys (public/private)
  • Addresses nonrepudiation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is the disadvantage of public key crypto?

A

It’s computationally intensive, so slower.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

List common public key crypto algorithms.

A

RSA
El Gamal
Diffie-Hellman
Elliptic Curve Cryptosystem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is Elliptic Curve Cryptosystem ideal for?

A

Small hardware devices such as smart cards and mobile devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What does a digital certificate include?

A

Public keys, algorithm information, owner and subject data, digital signature of the CA, and a validity date range.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What are the types of digital certificates.

A

Personal
Server
Software publisher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What hsould you use when copyright and IP protection are an issue?

A

Digital watermarking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What should you use if data confidentiality in processing, transit, storage, and archiving need to be assured?

A

Hashing or encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What features can be used to assure integirty?

A

Hashing
Referential integrity
Resource locking
Code signing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is a message digest (according to the book)?

A

The original message and its hash value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What is collision free or collision resistance?

A

A property of hash functions where it is computationally infeasible to find two inputs that hash to the same value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What does salting a hash do (according to the book)?

A

Improve collision resistance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What is a dictionary attack?

A

A brute force attack that attempts to thward security mechanisms using an exhaustive list.

42
Q

What are common hash functions?

A

MD2, MD4, MD5, SHA-[012].

43
Q

Describe hte MD series of hash functions.

A

All use a 128 bit output.

Proven not to be collision resistant.

44
Q

Describe the SHA family of hash functions.

A
SHA-[01] uses a 160 bit output.
SHA-224 generates 256 bit output
SHA-256 generates 256 bit output
SHA-384 generates 512 bit output
SHA-512 generates 512 bit output.

I think those are wrong.

45
Q

Describe HAVAL.

A

HAVAL is a hash function with variable length output (128, 160, 192, 224, 256)

46
Q

Which hash function is considered broken and no longer suitable for use?

A

MD5

47
Q

What is referential integrity?

A

Ensuring that data is not left in an orphaned state.

48
Q

What are cascading deletes?

A

A process that ensures referential integrity by deleting data from other tables when data is deleted in a table that references them if they share a common key.

49
Q

What is resource locking?

A

Disallowing concurrent operations on an object.

50
Q

What is deadlock?

A

A condition that can result from improper resource locking where multiple threads are all waiting for each other to release the object.

51
Q

What is connection pooling?

A

A database access efficiency methanism where a number of connections are cached for reuse.

52
Q

What factors should be considered in authentication design?

A

SSO and multifactor authentication, as well as the type of authentication required as specified int he requirements docs.

53
Q

Why can SSO have a large security impact?

A

Because credentials are only verified once.

54
Q

What should you consider in Authorization design?

A

Impact on performance, separation of duties, least privilege

55
Q

What should auditing data include?

A

Who, What, Where, When

56
Q

What is modular programming?

A

a software design technique in which the entire program is broken down into smaller subunits or modules

57
Q

What does it mean when a module is cohesive?

A

each module is designed to perform one and only one logical operation.

58
Q

What is the Single Responsibility Principle?

A

A software engineering principle related to modularity. EAch code unit should only do one thing and have one purpose.

59
Q

What is coupling.

A

Coupling is a reflection of the degree of dependencies between modules, i.e., how dependent one module is to another.

60
Q

How hsould modules be with respect to cohesion and coupling?

A

They should be highly cohesive and loosely coupled.

61
Q

How hsould modules be with respect to cohesion and coupling?

A

They should be highly cohesive and loosely coupled.

62
Q

What is separation of duties?

A

Compartmentalizing software funcitonality into two or more conditions, all of which must be satisfied before an operation can complete.

Split cryptographic keys, for example.

63
Q

What is defense in depth?

A

Also called layered defense.

Using multiple layers of controls such that a single vulnerability does not result in a compromise.

64
Q

What is “fail secure”?

A

A security principle that ensures that the software reliably functions when attacks, and is rapidly recoverable into a normal business and secure state in the event of design or implementation failure.

65
Q

What does “fail secure” preserve?

A

Resiliency.

66
Q

What is resiliency?

A

Confidentialy, integrity, availability

67
Q

What is economy of mechanism?

A

A secure design principle which states that the more complex the design of the software, the more likely there are vulnerabilties.

Simpler is generally more secure.

68
Q

What considerations should we keep in mind with respect to economy of mechanism?

A
  • Avoid unnessary functionality or unneeded security mechanisms
  • Strive for simplicity
  • Strive for operational ease of use
69
Q

What is complete mediation?

A

A security principle that states that access requests need to be mediated each time, every time, so that authority is not circumvented in subsequent requests.

70
Q

Other hting about complete mediation:

A

In the design phase, identify all possible code paths that access privileged and sensitive resources. The design must require the code paths to use a single interface that performs access control checks before performing the requested operation.

71
Q

What is Kerchoff’s principle?

A

All information about a cryptosystem except the key should be public, and the security of the cryptosystem is dependent on the secrecy of the key.

72
Q

What is hardcoded credentials in source code an example of?

A

Security through obscurity.

73
Q

What are the principles of open design?

A
  • The security of software should not be dependent on the secrecy of the design
  • Security through obscurity should be avoided
  • Design of protection mechanisms should be open for scrutiny by members of the community.
74
Q

What is Least Common Mechanisms?

A

the security principle by which mechanisms common to more than one user or process are designed not to be shared.

75
Q

What is psychological acceptability?

A

the security principle that states that security mechanisms should be designed to maximize usage, adoption, and automatic application.

76
Q

What features should security controls have to promote psychological acceptability?

A
  • Be easy to use
  • Do not affect accessibility
  • Be transparent to the user
77
Q

What are the benefits of using tested and proven existing libraries and common components?

A
  • The attack surface is not increased (you’re already using the code)
  • No new vulnerabilities are introduced
  • Can also increase productivity
78
Q

What is unmanaged code?

A

Code that:

  • isn’t managed by any runtime environment
  • is compiled to native code that will execute only on the processor architecture it’s compiled for
  • memory allocation is not managed. Pointers can be manipulated
  • Requires developers to write routines to check memory allocation, array bounds, etc.
79
Q

What is managed code?

A

Code that has the following characteristics:

  • Is not directly executed by the OS, but is managed by a run-time environment
  • Is not compiled into native code, but into an Intermediate Language (IL)
  • Not generally susceptible to buffer overflows, format string vulnerabilties
  • Relatively shorter development time because memory management, exception handleing, bounds checking, garbage collection, and type safety checking are automatically handled by the runtime environment.
80
Q

What is an inference attack?

A

gleaning sensitive information about the database from presumably hidden and trivial pieces of information using data mining techniques without directly accessing the database

81
Q

What is an aggregation attack?

A

An attack where information at different, security classification levels, which are primarily nonsensitive in isolation, end up becoming sensitive information when pieced together as a whole.

82
Q

What is polyinstantiation?

A

Polyinstantiation means that there exist several instances (or versions) of the database information, so that what is viewed by a user is dependent on the security clearance or classification level attributes of the requesting user.

83
Q

What are the two ways to accompliah database encryption?

A
  • Native DBMS encryption

* Cryptographic resources outside the database.

84
Q

What is TDE?

A

Transparent Database Encryption. Cryptographic operations on a database that are transparent to the application layer. Can have substantial performance impact.

85
Q

What is the primary weakness to using native DBMS encryption?

A

The key is stored in the database.

86
Q

What is normalization?

A

A formal technique to organize data so that redundancy and inconsistency are eliminated.

87
Q

What is first normal form?

A

No Repeating Groups or fields in a table, e.g. fields with multiple values.

88
Q

What is second normal form?

A

No duplicates / eliminate redundant data

Also informally “eliminate non key-dependent duplicate data” rule.

89
Q

What is third normal form?

A

Data not dependent on the primary key of the table must be elminiated and stored in its own table.

90
Q

What is the drawback to database normalization?

A

Performance degradation

91
Q

What is denormalization?

A

Decreasing the normal form of a database deliberately, usually for performance reasons.

92
Q

What is a trigger?

A

A special type of procedure that is automatically executed upon the occurrence of certain conditions within the database.

93
Q

What is a database view?

A

a customized presentation of data that may be held in one or more physical tables (base tables) or another view itself.

A virtual table.

94
Q

What is DML?

A

Database Manipulation Language (INSERT, UPDATE, DELETE, etc).

95
Q

What is a SMI?

A

A Security Management Interface

An interface used to manage the security of the software itself. Administrative. HIgh level of privilege.

96
Q

Why is it important to secure SMIs?

A

They typically run at high privilege levels.

97
Q

What controls should be used for SMIs?

A
  • Avoid remote connectivity and administration
  • Employ data protection in transit, using channel security protection measures (SSL, IPSec)
  • Use least privilege accounts and RBAC
98
Q

What design processes need to be completed for secure software?

A
  • Attack surface evalution
  • threat modelng
  • control identification and prioritization
  • documentation
99
Q

What is attack surface evaluation?

A

A software or application’s attack surface is the measure of its exposure of being exploited by a threat agent, i.e., weaknesses in its entry and exit points that a malicious attacker can exploit to his or her advantage.

100
Q

What is RASQ

A

Relative Attack Surface Quotient

101
Q

What is attack bias?

A

A value, based on its severity, for attack points in attack surface evaluation.