Program Security

Venue : BK7, Building FTMK.
Date : 9-9-2009
Time : 9.00 a.m. – 10.50 a.m.

The lecture for this week was about Program Security. Throughout this lecture, I have learnt several important facts about the security of a program such as the non-malicious errors, malicious code, control against the threats and so on. Basically, there are three types of non-malicious program error, and they are the buffer overflows, incomplete mediation – data exposed or uncontrolled and time of check to time of use. I would like to show some examples and give some brief explanations for each type of the non-malicious errors:

Types of error	Example/ Explanation
Buffer Overflows	Example: In C programming, instead of using strcpy(des, src), it would be better if we use strncpy(des, src, n). Explanation: To copy a string from a source to its destination, the case for buffer overflow will occur if the array size for destination is smaller than the array size for its source. For instance: src[10]; des[9]; The error will occur if we copy the whole string by using the coding strcpy(des, src). We can avoid the error by not copying the whole string, but just copying the string partially by using the coding strncpy(des, src, n). For example, strncpy(des, src, 7), where n = 7. In this case, we are copying the seven alphabets from the source (size = 10), to its destination (src = 9), so the buffer overflows can be prevented.
Incomplete Mediation	Example: The link below shows the use of get method in web application development:- http://www.testing.com/order.asp?cutID=115&part=666&qty=3&price=500&total=1500 Explanation: One of the disadvantages of get method is that it exposes too many values for data in the link. The values are to be passed to the databases or as the reference for the next targeted webpage. Just imagine, if the values are being changed by the user before they are passed and stored into databases, what are the possible consequences? To make everything clear, I would like to use the link above to explain. If the user changes the values of price and total to zero, he or she can purchase the item for free, does it make sense? So, it would be better if we use the post method to avoid the data to be exposed in a link.
Time of check to time of use	It is basically the process of executing the instruction. It would process all the data rather than putting them on clipboard.

Next, I have learnt about the Malicious Programs. The table below shows the examples of malicious codes and some of their descriptions:

Type of malicious code	Explanation
Trojan	A program which performs a useful function but also performs an unexpected action.
Virus	A code segment which replicates by attaching copies to existing executables.
Worm	A program which replicates itself and causes execution of the new copy.
Bacteria	Replicates until it fills all disk space, or CPU cycles.
Logic Bomb	Malicious code that actives on an event.
Trap door	Undocumented entry point written into code for debugging that can allow unwanted user.

For the trap door type, Mr Zaki told us about a real life story related to it – “The Salami Attack”. It was very interesting. The story is about a guy named Salami, who was once a programmer for a bank. He came out with a brilliant idea to make money through the program he wrote. He transferred the third decimal place of the value for every transaction to its own bank account through the coding he wrote. As I said just now, he was very brilliant because nobody would notice the third decimal place of a currency as the value is too small and very hard to be traced. However, no one in this world can escape from the punishment after committing a crime, he was caught for whatever he had done. People started to notice and investigate it when he bought houses, branded cars and so on using cash.
Finally, the lecture was end with the pillars of software security. Three of the pillars of software security are risk management, touchpoints and knowledge.