In 1974, Jerome Saltzer and Michael Schroeder wrote a paper that has shaped how

Jan 15th, 2015
DotaCN
Category:
Computer Science
Price: $20 USD

Question description

In 1974, Jerome Saltzer and Michael Schroeder wrote a paper that has shaped how we think about threats to computers. This seminal publication outlines a set of basic principles that define a logical way to classify and respond to threat. It also describes the critical things you should consider while building software. These underlying principles dictate the conditions and requirements of application security and define the goals of application security process.

Supplementing Saltzer's and Schroeder's principles are the Common Weakness Enumeration (CWE), the Common Attack Patterns Enumeration and Classification (CAPEC), and the Common Body of Knowledge (CBK). These resources provide the most up-to-date and detailed way of thinking about threats and provide detailed information about the ways that those threats can be exploited.

The CWE is an industry-supported document that catalogues all of the known vulnerabilities that appear in software and the ways that attackers exploit these vulnerabilities. It also itemizes the common types of attacks and attackers as well as their motivations, the specific methods that they employ, and the attack surfaces that are most vulnerable. This is extremely valuable knowledge because it tells you what to look for when you are checking your code. It also allows you to classify common types of errors into categories, which makes it easier to prioritize those errors by the level of risk they represent.

By combining the IEEE 12207 standard with the high-level principles of Saltzer and Schroeder and the practical advice of the CBK, the CWE and CAPEC, developers have a roadmap for planning and implementing an application security process that will ensure against the occurrence of exploitable defects in their products and services.

For this Application, you will use some of these resources to examine security weaknesses and the methods of exploiting those weaknesses.

To begin the assignment:

•Choose one of the application security weaknesses listed in the CWE Top 25 Most Dangerous Software Errors.
•Choose one method of exploiting that security weakness as listed in the Common Attack Pattern Enumeration and Classification: CAPEC List Release 1.6.
Then, in a 2- to 3-page paper address the following:

•Briefly summarize the weakness and method of attack you chose. In your description, summarize how that weakness operates in practice, how it might be created in software, and how it can be exploited by your chosen method of attack.
•Assess which of Saltzer's and Schroeder's principles would be involved with causing or mitigating that particular attack. For example, where does "economy of mechanism" fit into command injection attacks? Why?
•Assess which IEEE 12207 processes and practices would be affected by or implicated in such an attack. Why?
•Analyze what would happen to those IEEE 12207 processes and practices if that attack was successful. Relate those effects to a business or day-to-day operational problem it could cause

Tutor Answer

(Top Tutor) Daniel C.
(997)
School: Carnegie Mellon University
PREMIUM TUTOR

Studypool has helped 1,244,100 students

8 Reviews


Summary
Quality
Communication
On Time
Value
kevin12622
Nov 30th, 2016
" Goes above and beyond expectations ! "
kiln82
Nov 21st, 2016
" awesome work thanks "
ashleyisgod
Nov 16th, 2016
" Top quality work from this guy! I'll be back! "
likeplum4
Nov 7th, 2016
" Excellent work as usual "
Molly_Moon
Oct 25th, 2016
" AMAZING as always! "
kpcutie
Oct 16th, 2016
" Excellent job "
Hemapathy
Oct 2nd, 2016
" all I can say is wow very fast work, great work thanks "
pmallory
Sep 23rd, 2016
" Totally impressed with results!! :-) "
Ask your homework questions. Receive quality answers!

Type your question here (or upload an image)

1821 tutors are online

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors