CS 4402 DF 3.edited

docx

School

University of the People *

*We aren’t endorsed by this school

Course

4402

Subject

Computer Science

Date

Nov 24, 2024

Type

docx

Pages

4

Uploaded by NeutronPuppyIrene

Report
Big Endian and Little Endian: the advantages and disadvantages. Computers use 1's and 0's to represent and store data. When reading this data, the sequence of these bits can convey different meanings based on the system's design. Just as humans speak different languages, computers have varied "languages" or formats. While a computer understands its own format, another might interpret the same data differently. Two primary conventions dictate how multi-byte data is stored in memory: Big Endian and Little Endian. Big Endian (Big-End First) : In a Big Endian system, the most significant byte (the "big end") is stored at the smallest memory address. So, if we have a sequence like 0x12, 0x34, 0x56, 0x78, the byte stored first (at the lowest memory address) is 0x12 (Azad, 2018). Real-life example : This approach is like reading a book, from left to right. So, in Big Endian, the "biggest" part (5 in our example) is stored first. It's like saving the number 5678 as 5-6-7-8. Common Uses : Network protocols : Internet Protocol (IP), Transport Control Protocol (TCP), and many others use Big Endian format. This is sometimes referred to as "network byte order." File formats : JPEG images and the Java Virtual Machine (JVM) for bytecode interpretation. CPU architectures : Many older architectures like the Motorola 68k and SPARC (except for the V9 variant). Advantages : 1. It is straightforward and easy to read, especially when debugging, because the first byte has the most significant value, just like our normal reading pattern. 2. Mathematical operations like addition and subtraction could be slightly more intuitive since we start operations from the most significant byte. Disadvantages : 1. It is slightly more complicated when handling data streams that arrive one byte at a time - the system has to wait for the first (most significant byte) to decide the value.
Little Endian (Little-End First) : Conversely, in a Little Endian system, the least significant byte (the "little end") is stored first. So, with the same sequence, the byte stored first would be 0x78 (Azad, 2018). Real-life example : Think of year dates. If someone writes a date as '230523', they are using a Little Endian format, emphasizing the day first (23rd), followed by the month (05) and then the year (2023). Advantages : 1. Incrementing a multi-byte value is straightforward because the least significant byte (which is changed most frequently) is always at a fixed address regardless of the value's length. 2. Works more naturally with specific algorithms and hardware, especially when dealing with streams of data byte by byte. Disadvantages : 1. For humans, it can be counter-intuitive to read, especially when debugging. 2. The value's most significant byte can be at different locations depending on its length. The most common byte order issue can be termed the NUXI problem . For instance, the word "UNIX," when stored on a big-endian machine and read on a little-endian machine, might appear as NUXI. This difference exemplifies the challenges in ensuring data compatibility across systems. (Azad, 2018) Endian-ness is crucial when data is shared between different systems or when interpreting data from memory directly. It is essential to be aware of the underlying byte order used by a system, especially for programmers working at the hardware-software interface or developing network protocols. Knowing how your computer stores and retrieves multi-byte data can prevent many potential data interpretation errors. Integer overflow and its risks An integer overflow occurs when an arithmetic operation gives an output beyond the allocated memory space for that integer type (Luqman, 2021). To illustrate, a 16-bit integer can store
values ranging from 0 to 65535. If an arithmetic operation tries to store a value like 65536, compilers may either disregard the error or halt the program. Frequently, compilers opt for the former, storing an unexpected value and sometimes resulting in attacks like buffer overflow, which can pave the way for malicious software execution. A failure to correctly handle integer overflow can lead to grave vulnerabilities, primarily when these overflow errors affect memory allocation, as seen in buffer overflow. Ranked 11th in the 2020 CWE Top 25 Most Dangerous Software Weaknesses, integer overflow is not a threat to be overlooked (Luqman, 2021). The ease of exploitation and the severe consequences, ranging from system takeovers to data theft, render it critical. When considering the CIA Triad, a cornerstone of information security, integer overflow poses threats to (Luqman, 2021): Availability : Often leading to undefined behaviors, crashes, and infinite loops. Integrity : Data corruption might be the least of worries if buffer overflows stem from integer overflow, amplifying the potential damage. Confidentiality, Availability, and Access Control : The vulnerabilities can be exploited for unauthorized code execution or command bypass. Drawing from the Common Vulnerability Exposure (CVE) database, over 1113 vulnerabilities relate to integer overflow attacks, with buffer overflow being a top pick for malicious entities (Luqman, 2021). Preventing integer overflow requires a multi-faceted approach, encompassing several stages of software development (Luqman, 2021): 1. Requirement Phase : Conduct stringent protocols for out-of-bound operations and ensure programming languages handle related exceptions. 2. Architecture & Design : Use libraries and frameworks, such as SafeInt or IntegerLib, that cater to secure coding and implement dual security checks on both client and server ends. 3. Implementation Phase : Offer stringent input validation for user-entered numbers and set clear ranges for signed numbers. Familiarize yourself with how the chosen programming language handles numerical values and swiftly address any compiler errors. In conclusion, integer overflow is a severe software vulnerability that, if not appropriately managed, can lead to catastrophic consequences, including unauthorized data access and system takeovers. Developers must understand and actively prevent such overflows at every stage of software development, ensuring robust and secure applications.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
References: Azad, K. (2018). Understanding Big and Little Endian Byte Order. BetterExplained. https://betterexplained.com/articles/understanding-big-and-little-endian-byte-order/ Luqman, M. (2021, January 10). Integer Overflow Attack and Prevention. Secure Coding. https://www.securecoding.com/blog/integer-overflow-attack-and-prevention/

Related Documents

Assignment 3 – Outline (Point-to-Point Network Topology).docx
Screenshot_2.png
Assessment 5_Unique number 302211 (page 3 of 10).pdf
Version2.asm
AI Assignment (17).doc
Screenshot 2023-11-11 at 10.28.45 AM.png
CSC 340 Module 3 Case.docx
Screen Shot 2023-11-24 at 9.13.39 PM.pdf
BreathingActivity.cs
attachment_1 - 2023-10-24T162315.806.docx
2-Lab13.pdf
Project 4 | CS 188 Spring 2023.pdf
Recommended textbooks for you
Text book image
Programming Logic & Design Comprehensive
Computer Science
ISBN:9781337669405
Author:FARRELL
Publisher:Cengage
Text book image
C++ for Engineers and Scientists
Computer Science
ISBN:9781133187844
Author:Bronson, Gary J.
Publisher:Course Technology Ptr
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
EBK JAVA PROGRAMMING
Computer Science
ISBN:9781337671385
Author:FARRELL
Publisher:CENGAGE LEARNING - CONSIGNMENT
Text book image
Microsoft Visual C#
Computer Science
ISBN:9781337102100
Author:Joyce, Farrell.
Publisher:Cengage Learning,
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Programming Logic & Design Comprehensive
Computer Science
ISBN:9781337669405
Author:FARRELL
Publisher:Cengage
Text book image
C++ for Engineers and Scientists
Computer Science
ISBN:9781133187844
Author:Bronson, Gary J.
Publisher:Course Technology Ptr
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
EBK JAVA PROGRAMMING
Computer Science
ISBN:9781337671385
Author:FARRELL
Publisher:CENGAGE LEARNING - CONSIGNMENT
Text book image
Microsoft Visual C#
Computer Science
ISBN:9781337102100
Author:Joyce, Farrell.
Publisher:Cengage Learning,
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
SEE MORE TEXTBOOKS