6_03_14

6.03.14 home assignment 1. **Pair work** Create slides for 2-min. presentation - final.You are going to get marks! Topic "Bugs" deadline: 4.03.14. - 22.00 upload the file here or send me by e-mail

2. In the text below think of the possible ways of translation for the words and word combinations in **bold**. Write your variants and ideas under the text.

**Types of Flaws**
To aid our understanding of the problems and their **prevention or correction**, we can define categories that **distinguish** one kind of problem from another. For example, Landwehr **et al.** [LAN94] present a taxonomy of program flaws, dividing them first into intentional and **inadvertent flaws**. They further divide intentional flaws into malicious and nonmalicious ones. In the taxonomy, the inadvertent flaws fall into six categories: Other authors, such as Tsipenyuk et al. [TSI05], the OWASP project [OWA05], and Landwehr [LAN93], have produced similar lists. This list gives us a useful overview of the ways in which programs can fail to meet their security requirements. We leave our discussion of the **pitfalls** of identification and authentication for Chapter 4, in which we also investigate **separation into execution domains**. In this chapter, we **address** the other categories, each of which has interesting examples.
 * ** validation error** (incomplete or **inconsistent**): **permission checks**
 * ** domain error**: controlled access to data
 * serialization and ** aliasing **: **program flow order**
 * inadequate identification and authentication : basis for authorization
 * ** boundary condition violation**: failure on first or last case
 * other **exploitable** logic errors

=**prevention ****or ****correction ****– ** предотвращения или разрешения = =**distinguish ****– **отличают/различают = =**et al. – **и другие = =**inadvertent flaws – **ненамеренные (невнимательные/случайные) изъяны = = **validation ** **error – **ошибки при проверке = =**permission checks – **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">проверки прав доступа Stepanov A.P. = =**<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">inconsistent – **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">несовместимые = = **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">domain ** **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">error – **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">ошибка домена = = = **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">domain ** **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">error- **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">ошибка области размещения1393863487 =**<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">aliasing – **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">сглаживание/сцепление = =**<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">program ****<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">flow ****<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">order ****<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">– **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">порядок выполнения программы = =**<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">boundary condition violation – **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">нарушение(изменение) границ = =**<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">exploitable ****<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">– **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">приемлемые(возможные)???? = ===**<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">exploitable - **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">относящиеся к, использующие, затрагивающие Stepanov A.P. === =**<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">pitfalls **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;"> – подводный камень = =**<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">separation into execution domains **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;"> – разбиение на исполняемые домены = =**<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">address **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;"> - обращаем внимание = <span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">1393600418
 * <span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 8pt;">boundary condition violation –выход за границы1393863487 **
 * exploitable****–** **пригодные для использования1393863487**
 * separation into execution domains** –**разделение на области исполнения1393863487**


 * <span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">Prevention ****<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">– **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">предупреждение


 * <span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">Correction ****<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">– **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">коррекция


 * <span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">Distinguish ****<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">– **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">характеризовать


 * <span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">inadvertent flaws ****<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">– **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">непреднамеренный изъян


 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">validation error **<span style="font-family: Arial,sans-serif; font-size: 10pt;"> - ошибкавзначении


 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">inconsistent ****<span style="font-family: Arial,sans-serif; font-size: 10pt;"> - **<span style="font-family: Arial,sans-serif; font-size: 10pt;">несовместимость


 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">permission ****<span style="font-family: Arial,sans-serif; font-size: 10pt;">check ****<span style="font-family: Arial,sans-serif; font-size: 10pt;">– **<span style="font-family: Arial,sans-serif; font-size: 10pt;">проверка прав доступа


 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">domain error ****<span style="font-family: Arial,sans-serif; font-size: 10pt;">– **<span style="font-family: Arial,sans-serif; font-size: 10pt;">ошибка определения домена


 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">aliasing **<span style="font-family: Arial,sans-serif; font-size: 10pt;">– использование псевдоимен для объявления файлов


 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">program ****<span style="font-family: Arial,sans-serif; font-size: 10pt;">flow ****<span style="font-family: Arial,sans-serif; font-size: 10pt;">order **<span style="font-family: Arial,sans-serif; font-size: 10pt;">– некорректное объявление в программе


 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">boundary condition violation ****<span style="font-family: Arial,sans-serif; font-size: 10pt;">– **<span style="font-family: Arial,sans-serif; font-size: 10pt;">нарушение граничных условий


 * <span style="font-family: Arial,sans-serif; font-size: 10pt;">exploitable – **<span style="font-family: Arial,sans-serif; font-size: 10pt;">часто встречающиеся


 * <span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">pitfalls **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;"> - подводные камни


 * <span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">separation ****<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">into ****<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">execution ****<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">domains ****<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">– **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">разделение в используемых доменах


 * <span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">address ****<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;">– **<span style="background-color: #ffffff; font-family: Arial,sans-serif; font-size: 10pt;"> обращаемся