-Origins of open source
-Attacks against open source (netscape era) "they said.."
-Why do people write open source
-good things about open source
-ways that open source is "magic"
"Secure", as in secure programs - Answer-no single definition; never 100% secure
"The Cloud" - Answer-"someone else's computer"
"Upstream Early and Often" - Answer-popular open source motto regarding code
changes
Access Control List - Answer-each object has a list of right per object or user; inverse of
a file directory
Active fault detection - Answer-Programs should watch for errors; redundant (duplicate)
systems should take the place of failed systems if possible
Apache License 2.0 - Answer-can be applied to both copyrights and patents
Appropriate Confidence Level in Trusted Software - Answer-trust matches the sensitivity
of the environment and the data
ASCII - Answer-a stand for representing binary values as human-interpreted characters;
a code sheet
Assembly language - Answer-one step up from machine code; uses words like "push"
and "pop" and "add"
Assurance (Trusted Systems) - Answer-our belief that the O/S in implemented in a way
that enforces that security policy
Audit Logs - Answer-track actions in computer; who did what, when
Base Register - Answer-Variable fence register that sets the lower bound (lower
memory location)
Bell-LaPadula Model - Answer-simple security property (no read up); *-property (no
write down); all about confidentiality
, Biba Model - Answer--simple integrity rule (no read down)
-integrity *-property (no write up)
-all about the integrity of the data
Biometrics - Answer-authentication that relies on physical characteristics of user
BIOS - Answer-the first set of instructions ran by a computer; stored in ROM; the first
thing your computer sees when it wakes
Black Box Testing - Answer-trying to break a program without looking at the code
Bounds Register - Answer-variable fence register that sets the upper memory location
Brain Virus - Answer-early prototype virus; boot sector virus
Brute Force Attack - Answer-trying every possible password combination
BSD License - Answer-fewer restrictions than GPL; New BSD restricts use of
contributor names for endorsement of a derived work
Buffer Overflow - Answer-committing more data to memory than has been allotted; this
pushes data into other memory regions, can allow improper access
Change Control Board - Answer-senior group that reviews and decides on major
software changes
Chinese Wall Security Policy - Answer-confidentiality; working on x bars you from
seeing y; law firm example
Clark-Wilson Commercial Security Policy - Answer-integrity and confidentiality; well-
formed transactions; separation of duty
Clear Box Testing - Answer-trying to break a program while having the advantage of
also seeing the code
Code Red - Answer-very bad virus; exploited IIS; used buffer overflow; different actions
on different days
Cohesion - Answer-we want high cohesion; all code in a module relates to that module
Commercial Security Policies - Answer-no formal clearances; poor regulation of rules;
internal data vs everything else
Common Criteria - Answer-US/Canadian rewrite of the DoD Orange Book; 1992