The general philosophy of secure programming
is very simple. Remember everything you
learned in programming one the introductory
programming class and apply it, because there your instructors
undoubtedly told you to check your bounds,
check your inputs. Assume assume an error will occur and handled
properly and so forth, and that's the basic idea behind secure and robust programming. Security also adds the need to meet certain
other requirements, but fundamentally, it's
defensive programming. You also need to think with
the mindset of an attacker. In other words, if
I wanted to mess up this program or mess up the system that's
running this program, how would I go about doing it? Since the focus of the course is secure programming
the question is, how could they do it
through your program. One of the advantages of this is also that people make mistakes. So, your program will
be able to handle an unintended errors as well. There's an interesting
contrast here, normally when you
test you look for the most common cases
because that's what people will generally use, and you want to make sure
those are clean, those work. But with security you always look at the corner cases
because that's where people who want to mess your program up
are going to look. The other aspect of
this is to understand the environment in which
your program will be used, because programs interact with both people and with the system, and that system forms
in the environment, may interact with
other devices as well like sensors those also are
part of the environment. One of the issues is,
if you don't know what environment
your program is going to be used in you have to try to
take all of them into account, look for things that
can go wrong anywhere. Also procedures are
important here too, the best program if installed incorrectly can
compromise the system. The best program if configured incorrectly
can also cause problems. So, in this course we're
going to be talking about the principles that underlie
Secure Programming. We're also going to
look at a couple of programs one of
which is non-robust, and one of which is robust. We'll talk about the relationship between robust and secure. Essentially one sentence
encapsulation is, if it's secure it must be robust, if it's robust it
need not be secure. So, we want to do the robustness, and then deal specifically
with security.