Software Engineering (10th Edition)
10th Edition
ISBN: 9780133943030
Author: Ian Sommerville
Publisher: PEARSON
expand_more
expand_more
format_list_bulleted
Textbook Question
Chapter 13, Problem 13.1E
Explain the important differences between application security engineering and infrastructure security engineering.
Expert Solution & Answer
Explanation of Solution
Difference between application security engineering and infrastructure security engineering:
While considering security issues, one needs to consider both application software and the infrastructure on which system is built.
The difference between application security engineering and infrastructure security engineering are mentioned below:
| Application Security Engineering | Infrastructure Security Engineering |
| Application security engineering is a problem in software engineering where engineers should ensure that the system is designed to resist attacks. | Infrastructure Security Engineering is management problem in which the system manages to configure the infrastructure to resist attacks. |
| It is important as software engineering is concerned with the evolution and development of systems that can resist malicious attacks. | As infrastructures components are widely available, the majority of attacks hence focus on system infrastructures. |
| Application security improves the security of an application often by finding, fixing and preventing security vulnerabilities. | System managers have to set up the infrastructure in order to make effective use of infrastructure security features available and fix the infrastructure security vulnerabilities. |
| It uses software, hardware, and procedural methods to protect applications from external threats. |
It is primarily concerned with making sure that data in any form is kept secure in terms of preserving its confidentiality, integrity and availability. |
Want to see more full solutions like this?
Subscribe now to access step-by-step solutions to millions of textbook problems written by subject matter experts!
schedule03:15
Students have asked these similar questions
hi, I need help to resolve the case, thank you
The following table shows the timestamp and actions by two users. Choose the best option that describes the outcome of the actions.
Time JohnSara
10:14 select* from hr.employees;
10:15 Update hr.employees set salary= 100
where employee_id= 206;
10:16 Commit:
Select* from hr.employees;
10:18 Commit:
10:20 Select* from hr.employees;
Commit:
John's query willreturn the same results all three times it is executed as they are run in the same session.
John's queries run at10:16 and10:20 produce the same result, which is different from the one at 10:14
John's query run at 10:16 waits until 10:18 to produce results, waiting for the commit to happen.
John's queries run at 10:14 and 10:16 produce the same result, which is different from the one at 10:20
what's the process used to obtain IP configuration using DHCP in Windows Server.
Additional Engineering Textbook Solutions
Find more solutions based on key concepts
is a graphical language that allows people who design software systems to use an industry-standard notation to ...
Java How to Program, Early Objects (11th Edition) (Deitel: How to Program)
Big data Big data describes datasets with huge volumes that are beyond the ability of typical database manageme...
Management Information Systems: Managing The Digital Firm (16th Edition)
This optional Google account security feature sends you a message with a code that you must enter, in addition ...
SURVEY OF OPERATING SYSTEMS
What are some of the attractive features of gas tungsten arc welding?
Degarmo's Materials And Processes In Manufacturing
If a class has this method, it is called automatically just before an instance of the class is destroyed by the...
Starting Out with Java: From Control Structures through Objects (7th Edition) (What's New in Computer Science)
What output is produced by the following code? for (int n = 4; n 0; n) System.out.println(n);
Java: An Introduction to Problem Solving and Programming (8th Edition)
Knowledge Booster
Similar questions
- Consider the following sequential circuit: CLOCK a. Define the diagram circuit variables (5 pts) b. Derive the Flip-Flop input equations) (5 pts) c. Derive the circuit output equation (5 pts) d. Derive the state table of the circuit (5 pts) e. Derive the state diagram for this circuit (5 pts) Clk A D B B' CIK Question 2 (25 pts) A sequential circuit with two D flip-flops A and B, two inputs x and y, and one output z is specified by the following next-state and output equations: A(t + 1) = xy' + xB B(t + 1) = xA + xB' z = A a. Draw the logic diagram of the circuit. (5 pts) b. List the state table for the sequential circuit. (10 pts) c. Draw the corresponding state diagram. (10 pts)arrow_forward5. Word FrequencyWrite a program that reads the contents of a text file. The program should create a dictio-nary in which the keys are the individual words found in the file and the values are the number of times each word appears. For example, if the word “the” appears 128 times, the dictionary would contain an element with 'the' as the key and 128 as the value. The program should either display the frequency of each word or create a second file containing a list of each word and its frequency.arrow_forward3.) File Encryption and DecryptionWrite a program that uses a dictionary to assign “codes” to each letter of the alphabet. For example: codes = { ‘A’ : ‘%’, ‘a’ : ‘9’, ‘B’ : ‘@’, ‘b’ : ‘#’, etc . . .}Using this example, the letter A would be assigned the symbol %, the letter a would be assigned the number 9, the letter B would be assigned the symbol @, and so forth. The program should open a specified text file, read its contents, then use the dictionary to write an encrypted version of the file’s contents to a second file. Each character in the second file should contain the code for the corresponding character in the first file. Write a second program that opens an encrypted file and displays its decrypted contents on the screen.arrow_forward
- Returns an US standard formatted phone number, in the format of (xxx) xxx-xxxx the AreaCode, Prefix and number being each part in order. Testing Hint: We be exact on the format of the number when testing this method. Make sure you think about how to convert 33 to 033 or numbers like that when setting your string format. Reminder the %02d - requires the length to be 2, with 0 padding at the front if a single digit number is passed in.arrow_forwardThe next problem concerns the following C code: /copy input string x to buf */ void foo (char *x) { char buf [8]; strcpy((char *) buf, x); } void callfoo() { } foo("ZYXWVUTSRQPONMLKJIHGFEDCBA"); Here is the corresponding machine code on a Linux/x86 machine: 0000000000400530 : 400530: 48 83 ec 18 sub $0x18,%rsp 400534: 48 89 fe mov %rdi, %rsi 400537: 48 89 e7 mov %rsp,%rdi 40053a: e8 d1 fe ff ff 40053f: 48 83 c4 18 add callq 400410 $0x18,%rsp 400543: c3 retq 0000000000400544 : 400544: 48 83 ec 08 sub $0x8,%rsp 400548: bf 00 06 40 00 mov $0x400600,%edi 40054d: e8 de ff ff ff callq 400530 400552: 48 83 c4 08 add $0x8,%rsp 400556: c3 This problem tests your understanding of the program stack. Here are some notes to help you work the problem: • strcpy(char *dst, char *src) copies the string at address src (including the terminating '\0' character) to address dst. It does not check the size of the destination buffer. You will need to know the hex values of the following characters:arrow_forwardA ROP (Return-Oriented Programming) attack can be used to execute arbitrary instructions by chaining together small pieces of code called "gadgets." Your goal is to create a stack layout for a ROP attack that calls a function located at '0x4018bd3'. Below is the assembly code for the function 'getbuf', which allocates 8 bytes of stack space for a 'char' array. This array is then passed to the 'gets' function. Additionally, you are provided with five useful gadgets and their addresses. Use these gadgets to construct the stack layout. Assembly for getbuf 1 getbuf: 2 sub $8, %rsp 3 mov %rsp, %rdi 4 call gets 56 add $8, %rsp ret #Allocate 8 bytes for buffer #Load buffer address into %rdi #Call gets with buffer #Restore the stack pointer #Return to caller. Stack Layout (fill in Gadgets each 8-byte section) Address Gadget Address Value (8 bytes) 0x4006a7 pop %rdi; ret 0x7fffffffdfc0 Ox4006a9 pop %rsi; ret 0x7fffffffdfb8 0x4006ab pop %rax; ret 0x7fffffffdfb0 0x7fffffffdfa8 Ox4006ad mov %rax,…arrow_forward
- In each of the following C code snippets, there are issues that can prevent the compilerfrom applying certain optimizations. For each snippet:• Circle the line number that contains compiler optimization blocker.• Select the best modification to improve optimization.1. Which line prevents compiler optimization? Circle one: 2 3 4 5 6Suggested solution:• Remove printf or move it outside the loop.• Remove the loop.• Replace arr[i] with a constant value.1 int sum( int ∗ ar r , int n) {2 int s = 0 ;3 for ( int i = 0 ; i < n ; i++) {4 s += a r r [ i ] ;5 p r i n t f ( ”%d\n” , s ) ;6 }7 return s ;8 }2. Which line prevents compiler optimization? Circle one: 2 3 4 5 6Suggested solution:• Move or eliminate do extra work() if it’s not necessary inside the loop.• Remove the loop (but what about scaling?).• Replace arr[i] *= factor; with arr[i] = 0; (why would that help?).1 void s c a l e ( int ∗ ar r , int n , int f a c t o r ) {2 for ( int i = 0 ; i < n ; i++) {3 a r r [ i ] ∗= f a c t o r…arrow_forward123456 A ROP (Return-Oriented Programming) attack can be used to execute arbitrary instructions by chaining together small pieces of code called "gadgets." Your goal is to create a stack layout for a ROP attack that calls a function located at 'Ox4018bd3'. Below is the assembly code for the function 'getbuf, which allocates 8 bytes of stack space for a 'char' array. This array is then passed to the 'gets' function. Additionally, you are provided with five useful gadgets and their addresses. Use these gadgets to construct the stack layout. Assembly for getbuf 1 getbuf: sub mov $8, %rsp %rsp, %rdi call gets add $8, %rsp 6 ret #Allocate 8 bytes for buffer #Load buffer address into %rdi #Call gets with buffer #Restore the stack pointer #Return to caller Stack each Layout (fill in Gadgets 8-byte section) Address Gadget Address Value (8 bytes) 0x7fffffffdfc0 0x7fffffffdfb8 0x7fffffffdfb0 0x7fffffffdfa8 0x7fffffffdfa0 0x7fffffffdf98 0x7fffffffdf90 0x7fffffffdf88 Original 0x4006a7 pop %rdi;…arrow_forwardCharacter Hex value || Character Hex value | Character Hex value 'A' 0x41 יני Ox4a 'S' 0x53 0x42 'K' 0x4b 'T" 0x54 0x43 'L' Ox4c 0x55 0x44 'M' Ox4d 0x56 0x45 'N' Ox4e 'W' 0x57 0x46 Ox4f 'X' 0x58 0x47 'P' 0x50 'Y' 0x59 'H' 0x48 'Q' 0x51 'Z' Охба 'T' 0x49 'R' 0x52 '\0' 0x00 Now consider what happens on a Linux/x86 machine when callfoo calls foo with the input string "ZYXWVUTSRQPONMLKJIHGFEDCBA". A. On the left draw the state of the stack just before the execution of the instruction at address Ox40053a; make sure to show the frames for callfoo and foo and the exact return address, in Hex at the bottom of the callfoo frame. Then, on the right, draw the state of the stack just after the instruction got executed; make sure to show where the string "ZYXWVUTSRQPONMLKJIHGFEDCBA" is placed and what part, if any, of the above return address has been overwritten. B. Immediately after the ret instruction at address 0x400543 executes, what is the value of the program counter register %rip? (That is…arrow_forward
- Draw out the way each of these structs looks in memory, including padding! Number the offsets in memory. 1 struct okay Name 2 { short a; 3 4 long number; 5 int also_a_number; 6 7 }; char* text; 1 struct badName 2 { 3 4 5 }; short s; struct okay Name n;arrow_forwardYou can create your own AutoCorrect entries. Question 19Select one: True Falsearrow_forwardBy default, all text is formatted using the Normal Style. Question 20Select one: True Falsearrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Principles of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage Learning
Fundamentals of Information SystemsComputer ScienceISBN:9781337097536Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781305971776Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Systems ArchitectureComputer ScienceISBN:9781305080195Author:Stephen D. BurdPublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning