What are the common
motivations for an attacker to target a specific piece of software?
Give at least three reasons and justify your answer with analysis or
What could an attacker stand to gain from compromising a piece of software? Justify your answers with analysis or examples.
Why would an attacker want to attack a trivial but
widespread software program? Give at least two reasons. Is attacking
trivial but widespread software a better or worse choice than attacking
more complex software that protects sensitive information? Support your
answer with appropriate reasoning.
Consider the need to protect software from
becoming unstable through buffer overflow exploits and answer the
Strong bounds checking
means a programming language must explicitly declare the length of any
variable (including arrays), and these bounds are tested before storing
any information. How could strong bounds checking be both beneficial and
harmful to a language? What is the trade-off that has to occur in a
language with strong bounds checking compared to one without it? Justify
How does string processing allow for possible buffer
overflows even with bounds checking in a language? What types of
software or what languages are most vulnerable to buffer overflow attack
and why? Give at least two examples and support your answer.