Secure Software Design - Introduction Flashcards
What are the five primary security objectives in secure software development?
Availability, Authentication, Non-repudiation, Confidentiality, Integrity
Define the concept of availability in security objectives.
Ensuring a service is accessible for authorized users at all times.
Fill in the blank: Ensuring that data is not accessible to unauthorized individuals is called ______.
Confidentiality
What is the purpose of authentication in security?
To verify that only authorized users have access to restricted resources and services.
Explain non-repudiation as a security objective.
Non-repudiation ensures that actions taken by a user cannot be denied or disputed by that user.
List four types of security risks mentioned in the document.
Unauthorized access, identity theft, access to confidential data, data falsification
What is a major vulnerability of automated systems to attack?
They are prone to bot-based attacks which can often be countered with automated protections.
According to Kerckhoff’s principles, what must a secure system not rely on for its security?
Secrecy; security should depend on the strength of the key, not hiding the system’s details.
Fill in the blank: The process of verifying message authenticity and integrity through public-key cryptography is called ______.
Digital Signature
What is the primary function of a certification authority (CA)?
To verify and certify the identity of public key holders, ensuring secure public key exchanges.
What is symmetric encryption, and what is its main limitation?
Symmetric encryption uses a single key for both encryption and decryption. Its main limitation is secure key exchange.
How does asymmetric encryption solve the key exchange problem?
Asymmetric encryption uses a public key for encryption and a private key for decryption, allowing secure communication without sharing the private key.
What is the purpose of a cryptographic hash function?
To create a fixed-size, unique hash of input data that is resistant to inversion, second pre-image, and collision attacks.
Fill in the blank: A cryptographic hash function that is difficult to invert is said to have ______.
Pre-image resistance
Why is the avalanche effect important in cryptographic functions?
The avalanche effect ensures that a small change in input produces a substantial change in output, enhancing security by making patterns harder to detect.