Lines of Code and Bugs Conservative estimate: 5 bugs/1000 LOC Do the math Typical computer: 3,000 exe's of 100K each Conservative estimate of 50 bugs/exe About 150k bugs per computer 30,000 node network has 4.5 billion bugs Suppose that only 10% of bugs security-critical and only 10%of those remotely exploitable Then "only"4.5 million critical security flaws 復里大软件学院 LiT
11 LiJT Lines of Code and Bugs • Conservative estimate: 5 bugs/1000 LOC • Do the math – Typical computer: 3,000 exe’s of 100K each – Conservative estimate of 50 bugs/exe – About 150k bugs per computer – 30,000 node network has 4.5 billion bugs – Suppose that only 10% of bugs security-critical and only 10% of those remotely exploitable – Then “only ” 4.5 million critical security flaws!
at Complete Program Security Can we make programs completely secure? Not easy Why? Software testing makes sure that code does what it' s supposed to do for security: must also verify that it doesnt do anything it isn 't supposed to do. much harder programming techniques often change more quickly than security techniques 12 復里大软件学院 LiT
12 LiJT Complete Program Security • Can we make programs completely secure? – Not easy • Why? – Software testing: • makes sure that code does what it's supposed to do – for security: must also verify that it doesn't do anything it isn't supposed to do. much harder – programming techniques often change more quickly than security techniques
Coh Software Security Topics Program flaws(unintentional) Buffer overflow Incomplete mediation Race conditions Malicious software(intentional) Viruses Worms Other breeds of malware 13 復里大软件学院 LiT
13 LiJT Software Security Topics • Program flaws (unintentional) – Buffer overflow – Incomplete mediation – Race conditions • Malicious software (intentional) – Viruses – Worms – Other breeds of malware
rogram Flaws An error is a programming mistake To err is human An error may lead to incorrect state: fault a fault is internal to the program a fault may lead to a failure, where a system departs from its expected behavior a failure is externally observable error- fault- failure 14 復里大软件学院 LiT
14 LiJT Program Flaws • An error is a programming mistake – To err is human • An error may lead to incorrect state: fault – A fault is internal to the program • A fault may lead to a failure, where a system departs from its expected behavior – A failure is externally observable error fault failure
Secure Software In software engineering, try to insure that a program does what is intended Secure software engineering requires that the software does what is intended and nothing more Absolutely secure software is impossible Absolute security is almost never possible How can we manage the risks? 15 復里大软件学院 LiT
15 LiJT Secure Software • In software engineering, try to insure that a program does what is intended • Secure software engineering requires that the software does what is intended … • …and nothing more • Absolutely secure software is impossible – Absolute security is almost never possible! • How can we manage the risks?