Answer To: Note: Answer questions succinctly and clearly, explain your answer, and show your work. Answers,...
Robert answered on Dec 22 2021
1) (12 pts.) Chapter 18 (pgs. 494-495) –Problem#7
A company develops a new security product using the extreme programming software
development methodology. Programmers code, then test, the en add more code, then
test, and continue this iteration. Every day they test the code base as a whole. The
programmers work in pairs when writing code to ensure that at least two people review
the code. How would you explain to this company how their software is in fact not high
assurance” software?
Extreme programming is that programming language in which the result driven approach is
followed and then a methodology is applied to derive the required result. This approach
follows an incremental approach in which the module is continuously tested and then revised
according to the requirements. This approach has various advantages and disadvantages. The
main goals of this approach are as follows:
This approach aims to develop higher quality software products with more
productivity.
The overall cost to develop the product is reduced because the development process
consists of multiple short development cycle instead of having a longer one.
This approach provides flexibility to the system. New requirements can be
accommodated with ease using this technique of software development.
This approach of extreme programming executed by a pair of programmers does not make
the system as highly assurance. This approach suffers from the following disadvantages:
• Unstable Requirements: The requirements are unstable. It keeps on varying and hence
sometimes the product developed so far needs to be recreated from scratch to fulfill
the new requirements.
• Lack of documentation: As the requirements keeps on varying, it results in a lack of
documentation. Documentation is a very important part of the product development
Comment [QM1]: Can we have at least a def and
goals of extreme programming software
development methodology, then show the
disadvantages as they tie to the question ? Please.
Comment [QM2]: This is just a list of the
disadvantages. Can the expert explain them also
please discuss these as it relates to the question. It
not acceptable to have not even half a page of
meaningful material but half a page for references
this makes no sense.
life cycle. This helps the new members to understand the project requirements and its
working. The documentation is really helpful in the maintenance stage of the product.
• Lack of design specification: This results in lack of planning for the software
development.
• Most of the people cannot perform efficiently under tight supervision so it directly
affects their outcome and productivity.
• It is very common that the programmers may have the differences in their logic and
coding styles. This may result in programming conflicts which will directly affect the
quality of the product.
• The product can be developed effectively only if the programmers have the same
level of coding expertise and logic thinking. This approach increases the dependency
on the understanding level of the programmers. And it is very difficult to find the
programmers having the same level of programming expertise and knowledge.
References
1. Emery, P. (n.d.). The Dangers of Extreme Programming. Retrieved April 27, 2013, from
http://members.cox.net: http://members.cox.net/cobbler/XPDangers.htm
2. Hutagalung, W. (2006). Extreme Programming. Retrieved April 27, 2013, from
http://www.umsl.edu: http://www.umsl.edu/~sauterv/analysis/f06Papers/Hutagalung/
3. Jarvis, B. &. (n.d.). Extreme Programing (XP), Six Sigma and CMMI How they can work
together. Retrieved April 27, 2013, from http://www.sei.cmu.edu:
http://www.sei.cmu.edu/library/assets/jarvis-gristock.pdf
2) (15 pts.) Chapter 22 (pgs. 642-643) –Problem#2
Consider how a system with capabilities as its access control mechanism could deal with
Trojan Horses.
A) In general, do capabilities offer more or less protection against Trojan horses than
do access control lists? Justify your answer in light of the theoretical equivalence of
ACLs and C-Lists
B) Consider now the inheritance of properties of new processes. If the creator controls
which capabilities the created process is given initially, how could the creator limit a
damage that a Trojan Horse will do?
A) Yes, Capabilities offer more protection against Trojan Horses than access control lists.
This is because the capabilities works on the "Confused Deputy" scenario in which the
issue in which a process can run is addressed with authorization from 2 different
resources.
In ACL design, multiple authorities are used, which can act simultaneously on the
process. In the capability design, the process can act only as one authority instead of
multiple authority and this helps in resolving the issue by blocking the Trojan Horse
access to the process.
Reference:
Hardy, N. (n.d.). The Confused Deputy. Retrieved April 27, 2013, from http://www.cap-
lore.com: http://www.cap-lore.com/CapTheory/ConfusedDeputy.html
B) As the creator controls the capabilities of the created process, it can limit a damage that a
Trojan Horse will do by executing only the capabilities which are mandatory for the
process to complete its task. The scope of actions is narrowed down and so the damage is
minimized.
References:
1. Hardy, N. (n.d.). The Confused Deputy. Retrieved April 27, 2013, from http://www.cap-
lore.com: http://www.cap-lore.com/CapTheory/ConfusedDeputy.html
2. MEADE, F. G. (n.d.). Retrieved April 27, 2013, from NATIONAL COMPUTER
SECURITY CENTER: http://csrc.nist.gov/publications/secpubs/rainbow/tg003.txt
C) No Capabilities cannot protect against all Trojan horses. The complexity of the system is
extremely...