- •Методическое пособие
- •Contents
- •UnitI Quantum systems Word List
- •Quantum Mechanics
- •Quantum Information
- •Unit II Nanotechnologies and nanomaterials in electronics Word List
- •What Is Nanotechnology?
- •UnitIii Microfabrication Word List
- •Microfabrication
- •Micro Electro Mechanical Systems
- •Unit IV
- •Information protection Word List
- •Basic Principle of Information Protection
- •Descriptor-Based Protection Systems
- •The Personal Information Protection and Electronic Documents Act
- •Unit V Computer security Word list
- •Computer Security
- •Secure Coding
- •Hardware Mechanisms that Protect Computers and Data
- •Unit VI Cryptography Word List
- •Symmetric Key Algorithm
- •From the History of Cryptography
- •Unit VII New electronics: research and development Word List
- •Ferreting out Contraband
- •Spintronics Technology May Cool the Laptop
- •Unit VIII
- •Integrated circuits Word List
- •Integrated Circuits
- •The ic Manufacturing Process
- •Unit IX Semiconductors Word List
- •Semiconductors
- •Return of the Vacuum Valve
- •Appendix Supplementary Reading
- •What are Potential Harmful Effects of Nanoparticles?
- •Information Security
- •Security Classification for Information
- •Методическое пособие
Secure Coding
If the operating environment is not based on a secure operating system capable of maintaining a domain for its own execution, and capable of protecting application code from malicious subversion, and capable of protecting the system from subverted code, then high degrees of security are understandably not possible. While such secure operating systems are possible and have been implemented, most commercial systems fall in a “low security” category because they rely on features not supported by secure operating systems (like portability, et al.). In low security operating environments, applications must be relied on to participate in their own protection. There are “best effort” secure coding practices that can be followed to make an application more resistant to malicious subversion.
In commercial environments, the majority of software subversion vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows1, format string2 vulnerabilities, integer3 overflow, and code/command injection. Some common languages such as C and C++ are vulnerable to all of these defects. Other languages, such as Java, are more resistant to some of these defects, but are still prone to code/command injection and other software defects which facilitate subversion. Recently another bad coding practice has come under scrutiny; dangling pointers4. The first known exploit for this particular problem was presented in July 2007. Before this publication the problem was known but considered to be academic and not practically exploitable. In summary, “secure coding” can provide significant payback in low security operating environments, and therefore worth the effort. Still there is no known way to provide a reliable degree of subversion resistance with any degree or combination of “secure coding”.
Notes:
1bufferoverflow– переполнение буфера (программная ошибка, которая возникает при отсутствии или недостаточном автоматическом контроле выхода операций записи данных за пределы массива в памяти);
2format string – форматирующая строка (строка, используемая в операторах вывода, которая может содержать спецификации форматов, а также литералы);
3integer – целое число, встроенный простой тип данных;
4danglingpointer – указатель на несуществующий (удаленный) объект; висячий (зависший) указатель.
Name the main problem of the text.
Make questions to the text to interview your partner abour secure coding.
Express your attitude to the facts given in the text. You may use the following phrases:
‑ It is full of interesting information …
‑ I find the text rather / very cognitive …
‑ I’ve learnt a lot …
‑ I don’t agree with …
Give your point of view on possibility of using presented in the text information in your future profession.
Part C
Read the title of the text and say what information is presented in it.
Read the title of the text and express your point of view on its main idea.