Changes between Version 99 and Version 100 of EducationalAssignments/SecurityLayerPartOne

Changes between Version 99 and Version 100 of EducationalAssignments/SecurityLayerPartOne

Please note that these Trac pages are no longer being updated. Wiki contents/documentation have moved to GitHub.

Changes between Version 99 and Version 100 of EducationalAssignments/SecurityLayerPartOne

Please note that these Trac pages are no longer being updated. Wiki contents/documentation have moved to GitHub.

Changes between Version 99 and Version 100 of EducationalAssignments/SecurityLayerPartOne

Show
Ignore:
Timestamp:
05/23/12 07:17:14 (7 years ago)
Author:
ericms
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • EducationalAssignments/SecurityLayerPartOne

    v99 v100  
    167167=== Code analysis ===  
    168168 
    169 Despite the simplicity of the `writeat()` function, it still follows the design principles of accuracy, efficiency, and security.  Accuracy is preserved, since only "MZ" is blocked.  If any other characters are written, the `writeat()` function executes normally.  Efficiency is preserved because the number of test cases is small.  Also security is preserved.  This is because "MZ" cannot be written to a file as easily.  It is important to note that no security system is perfect.  It is more important to make a security system that is infeasible to break, rather than impossible to break.      
     169The `writeat()` function attempts follow the design principles of accuracy, efficiency, and security.  However it does so inadequately.  Accuracy is attempted by only blocking "MZ" from being written.  If any other characters are written, the `writeat()` function executes normally.  Efficiency is preserved because the number of test cases is small.  Also security is attempted because "MZ" cannot be written to a file as easily.  It is important to note that no security system is perfect.  It is more important to make a security system that is infeasible to break, rather than impossible to break.  However this security layer does not yet create the necessary infeasibility requirements for most attacks.  Thus we see that there is a grey area of what is an acceptable level of impedance.        
    170170 
    171171Now let's look at the structure of `writeat()`.  First off, the if-statement contains the mitigation.  If the "alarm" is not tripped then the `writeat()` function is executed normally.  Within the if-statement `data.startswith("MZ")` is used to check for an illegal write.  Specifically, `data` is a variable used to store information which will be written to the file.  And the method `startswith()` checks to see if the file begins with certain characters, in this case "MZ".