1. A company develops a new security product using the extreme programming software development methodology. Programmers code, then test, the en add more code, then test, and continue this iteration. Every day they test the code base as a whole. The programmers work in pairs when writing code to ensure that at least two people review the code. How would you explain to this company how their software is in fact not high assurance" software?
2. Consider how a system with capabilities as its access control mechanism could deal with Trojan Horses.
A) In general, do capabilities offer more or less protection against Trojan horses than do access control lists? Justify your answer in light of the theoretical equivalence of ACLs and C-Lists
B) Consider now the inheritance of properties of new processes. If the creator controls which capabilities the created process is given initially, how could the creator limit a damage that a Trojan Horse will do?
C) Can capabilities protect against all Trojan Horses? Either show that they can or describe a Trojan horse process that can C-Lists cannot protect against.
Attachment:- Computer-Security-Art--and--Science-Questions--for-transtutors.docx