Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Topic - SECURE PROGRAMMING Request - Please do keep the answers short. Thank you

ID: 3569530 • Letter: T

Question

Topic - SECURE PROGRAMMING

Request - Please do keep the answers short. Thank you.

1. Why is random() not a good function to use in security?

2. What are your chances of finding useful information that a program left behind a week earlier in a Windows machine? What about a Linux machine?

3. How many Design principles are not being fulfilled in Windows? Which are they? How would you change windows so the principles are fulfilled?

4. How would you validate an input which is supposed to be a person's full name? How about a filename? Does it make a difference where the file is required to reside?

Explanation / Answer

1. Why is random() not a good function to use in security?

Ans :

The security of cryptographic systems depends on some secret data that is known to authorized persons but unknown and unpredictable to others. To achieve this unpredictability, some randomization is typically employed. Modern cryptographic protocols often require frequent generation of random quantities.

Quality in the random number generation (RNG) process is almost always required for security, and lack of quality generally provides attack vulnerabilities and so leads to lack of security, even to complete compromise, in cryptographic systems. The RNG process is particularly attractive to attackers because it is typically a single isolated hardware or software component easy to locate. If the attacker can substitute pseudo-random bits generated in a way he can predict, security is totally compromised, yet generally undetectable by any upstream test of the bits. Furthermore, such attacks require only a single access to the system that is being compromised. No data need be sent back in contrast to, say, a computer virus that steals keys and then e-mails them to some drop point.

2. What are your chances of finding useful information that a program left behind a week earlier in a Windows machine? What about a Linux machine?

Ans : Almost all modern shell allows you to search command history if enabled by user. Use history command to display the history list with line numbers. Lines listed with with a * have been modified by user.

While in the Windows command line, press the F7 key to view a history of all the commands that have been entered in that window. Pressing the up or down keys allows you to browse through all commands and once highlighted pressing enter will perform the previous command.

3. How many Design principles are not being fulfilled in Windows? Which are they? How would you change windows so the principles are fulfilled?

Ans : The big list of fundamental OS principles,

Note that these are ALL reconcilable with each other, both in logic and in practice. IOW, it is possible to create an OS that satisfies all of them.

Of course, it is wise to spend one's time satisfying the most important ones and leave out those, like correctness proofs, which provide little benefit at enormous cost. The question is, which principles are essential to include in any new OS?

The answer is that anything which every other OS project has accomplished or seeks to accomplish ... is completely non-essential. There are dozens of OS projects that sought and have achieved highly-performing, reliable, distributed, secure operating systems. If a new OS is to stand out from the crowd, to challenge the established antediluvian systems, it must do something different. In fact, it must do something which it is impossible for the established OSes to do. Performance, reliability, distribution and even security to some degree, are simply not it!

If you're an OS designer and someone tells you "your OS must have so and so because every other OS already has it", you can choose to comply with the narrow-minded idiot and be a complete loser. (What else to call someone intent on reinventing the wheel?) Or you can choose to do something difficult, risky and new.

4. How would you validate an input which is supposed to be a person's full name? How about a filename? Does it make a difference where the file is required to reside?

Ans : A sample java code would be :

public class MainClass
{
   public static void main( String[] args )
   {
       System.out.println(validateFirstName("Tom"));
       System.out.println(validateLastName("Tom"));
   }
   // validate first name
   public static boolean validateFirstName( String firstName )
   {
      return firstName.matches( "[A-Z][a-zA-Z]*" );
   } // end method validateFirstName

   // validate last name
   public static boolean validateLastName( String lastName )
   {
      return lastName.matches( "[a-zA-z]+([ '-][a-zA-Z]+)*" );
   } // end method validateLastName
   
}

Related Questions

Top of Form CSE1301E Lab Assignment #8 Objectives : Instructions: In this lab, y
Question #3566982
Top of Form Q uestion 1 When two or more firms set prices or quantities in uniso
Question #1198317
Top of Form Question 1 (1 point) Which of the following has an order of growth (
Question #3559187
Top of Form Question 1 and 2 may be difficult to answer- these can be optionally
Question #3558905
Top of Form Question 1 and 2 may be difficult to answer- these can be optionally
Question #3564143
Top of Form With respect to social marketing, nonprofit organizations should do
Question #2400516
Top of Form [The following information applies to the questions displayed below.
Question #2479906
Top of Form in C++ Processing an Array with Functions Objectives: Define an arra
Question #3864367
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Topic - Regression Analysis QUESTION 1 A multiple regression model can incorpora
Next
Topic - federal government contracting Non-price factors in commercial procureme

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.