Assignment:
EXAM INSTRUCTIONS
1. There are three Parts to the exam.
2. Part I is short answers. You MUST submit ONLY the answer sheet below for this part.
3. For Parts II & III, descriptions should be provided IN YOUR OWN WORDS. However, when you use the exact words of others in any answer, you MUST use quotation marks and attribute the source right there and provide a separate reference section for each descriptive question following APA style recommendations. For these questions, correctness, logical flow, grammar, and proper references are all important in that order.
4. This is an open-book individual examination. You may use any resourcesuch as books, articles, and the Web. The questions may require research beyond the text, lecture notes, and conferences. You must, however, do your own work and you may not collaborate with your classmates.
5. Do NOT post questions about this exam in any of the class forums. If you have a question about the exam e-mail your instructor directly for a decision on whether the entire class needs to be advised the issue or question.
6. Do NOT provide answers in a separate sheet, separate from the questions.It is very hard to grade, especially if you mess up the order or provide the wrong number for a question. Provide your answers in this sheet EXCEPT for Part I answer which are done on-line.
Part I: Multiple Choice Answers
Choose the right answer(s). SUMBIT ONLY THE ANSWER KEY BELOW.
1. Software assurance is a:
A) Tool used to produce secure software
B) CMMI process to produce reliable software
C) Methodology providing a framework for secure software
D) Theorem prover technique to produce secure software
2. Two of the BEST ways a developer can keep code secure during the software maintenance phase are (choose all that apply):
A) Learn advanced hacking techniques
B) Create a change control board
C) Work closely with business analysts on each requirement
D) Read journal papers on security topics
E) Conduct threat analysis on each change request
F) Read website reporting on the latest attacks
G) Conduct frequent peer reviews
3. Validation is the process to ensure that the:
A) Design meets the requirements
B) Requirements meet the needs
C) Implementation meets the requirements
D) Implementation faithfully satisfied the design
4. Verification is the process to ensure that the:
A) Design meets the requirements
B) Implementation faithfully satisfies the design
C) Requirements meet the needs
D) Implementation meets the requirements
5. Which of the following are secure coding techniques (choose all that apply):
A) Validating request data
B) Error handling
C) Self-monitoring
D) Minimizing number of lines of code
E) Diversity
6. The NRL taxonomy classified flaws using multiple dimensions that include (choose all that apply):
A) Where the flaw occurs
B) Programmer who created the flaw
C) Organization which created the flaw
D) Time the flaw was created
7. Which tool will help in the following situation?
Five developers on a single team are having issues synchronizing their code. Currently, each developer e-mails and merges their files in an ad hoc manner.
A) IDE
B) Version Control
C) Build Tool
D) Merge Tool
8. As an application developer, what is the most relevant element to know about an attack?
A) Who the attacker is
B) What motivates the attacker
C) What preconditions must be met for a successful attack
D) Where the attack started
9. Saltzer and Schroeder define eight design principles. Which principle fits this situation?
The developers should design their code so that proper authorization is checked when the initial request is sent to the server and again when the response is sent back to the client.
A) Fail-safe
B) Complete mediation
C) Least privilege
D) Keep it simple
10. Saltzer and Schroeder define eight design principles. Which principle fits this situation?
The developers designed their code so that no update transaction can execute unless the request comes from a security administrator who is using the update screen from the application.
A) Fail-safe
B) Complete mediation
C) Keep it simple
D) Least privilege
11. Developing software in small chunks of requirements at a time during all stages is which type of methodology?
A) Waterfall
B) -oriented
C) Spiral
D) Iterative
12. An auditing system is an important a priori tool for improving system trust and system assurance.
A) True
B) False
13. CMMI, a brainchild of a FFRDC, is a methodology to improve the development, acquisition, and services of software and systems.
A) True
B) False
14. The success of SRI in mathematically proving the operating system specifications of the first digital-computer flight control system, SIFT, for NASA ushered in three decades of progress in formal methods.
A) True
B) False
15. According to the U.S. Computer Emergency Readiness Team (US-CERT), more attackers circumvent traditional defenses such as anti-virus software and firewalls and malware has shifted from disrupting service to actively seeking financial gain.
A) True
B) False
16. Professional associations employ a code of ethics as a means to (Choose all that apply):
A) Be held accountable to the public
B) Establish status as professionals
C) Clarify ethical imperatives
D) Aide individual decision-making
E) Contribute to society and human well-being
17. In the future of cybersecurity, popular targets include social media, Internet of Things, and mobile devices and threats will be severe, clever, and both state and non-state actors.
A) True
B) False
18. Which of the following is true about formal evaluations (select all that apply):
A) ITSEC was the earliest method adopted by the US
B) Common Criteria (CC) allows for two types of evaluation
C) TCSEC was supported by Britain
D) The concept of trust in computing dates back to the 1970s
E) Federal Criteria replaced TCSEC
F) CC introduced the term Target of Evaluation (ToE)
G) The Protection Profile concept is borrowed from the CC
H) All the above
19. Secure project management includes selecting secure methodology and tools and protecting against off-the-shelf software logic bombs.
A) True
B) False
Part II: Short Essay Answers
1. What are the conceptual differences among a Reference Validation Mechanism (RVM), a Trusted Computing Base (TCB), and Target of Evaluation (TOE) security functions? Be sure to do more than define what each is. Elaborate on their differences.
2. A company develops a new security product using the extreme programming software development methodology - programmers code, then test, then add more code, then test, and continue the iteration. Every day, the code base is tested as a whole. The programmers work in pairs when writing code to ensure that at least two people review the code. The company does not offerany additional evidence of assurance. Explain to the management of this company why their software is NOT highly assured.
3. Security principles/concepts in software development include complete mediation, least privilege, separation of privilege, defense-in-depth, fail securely, nonrepudiation, and secure the weakest link. First, briefly describe each, then give a specific example of each in practice, and then finally rank the relative importance of each (1 highest, 7 lowest). Justify your ranking.
Part III: Long Essay (1 Question, 3-page max double-spaced)
Two popular secure software development methodologies are:
1. Microsoft Security Development Lifecycle (SDL)
2. Open Web Application Security Project (OWASP) Comprehensive Lightweight Application Security Process (CLASP)
Pick ONE of the above methodologies. Explain what the methodology is, how well it addresses security concerns in the life cycle, and drawbacks are,if any. Usingother references is highly recommended.