Here are the programming generations mentioned in the CBK:
Generation 1 – aka machine language or opcodes, coded in binary or object code and used by the CPU.
Generation 2 – aka assembly language, hexadecimal/binary that uses symbols to abbreviate complicated instructions.
Generation 3 – high level language (aka: High-order language), uses meaningful words in mostly English for commands; e.g. COBOL, Java, and C.
Generation 4 – very high level language, report and application generators.
Two concerns with fourth generation:
- When tailoring of codeless applications occur, environments and applications may require more source code to be written, compiled, and used. The implication here is that it can introduce more vulnerabilities.
- Typically the language is being used by people with no security knowledge or training, and also used by people without knowledge of security.
Generation 5 – natural language interfaces (aka: constraint based or logic programming), requires an expert system or AI, typically has visual tools to help with programming and does not require the developer to learn a specific language.
Terms to be familiar with in relation to object oriented programming:
Encapsulation – or data hiding.
Inheritance – a data class with subclass structure that allows subclasses to inherit the characteristics of the superclass characteristics.
Polymorphism – processing data of a differing class in the case where it needs to change, and thus inherit the attributes of the new subclass and superclass.
Polyinstantiation – allowing different versions of the same object to exist at different classification levels.
Software library – a repository of pre-written code. Definitions, data structures, and reusable mechanisms may include:
- Subroutines
- Macro definitions
- Global variables
- Class definitions
- Templates
- Algorithms
- Data structures
- Interaction with host platform
Additional random secure coding terminology:
Buffer overflow – when a buffer is subject to more data than was intended for it to handle. Buffer overflows can be prevented using the following: prevent attempts to access locations beyond the buffer, leverage a design framework that has specific controls to counter this, using a programming language that enforces strong data typing while isolating code from data, and detecting, intercepting and properly responding to error conditions.
Covert channel – a backdoor that violates security policy. These can be created either “wittingly” or “unwittingly”.
Covert Storage Channel includes memory locations or sectors of a disk that might be shared by two subjects, or the presence of unused bits in the headers of network traffic or records, files, or objects when stored. The paging or swap file is vulnerable to a covert storage channel.
Covert timing channels (CTCs) operate by changing the timing of the behavior of a system resource (such as the CPU, memory, or input/output devices) in a way that they can be used to pass signals to an observing process so that more sensitive information can be inferred.
Malformed input attack – modifying the input of users or using valid user-input mechanisms for attack purposes.
Bypass Attack – the attempt to bypass database management system (DBMS) controls at the front end of a database application by going around the query engine interface or its command line interpreter (CLI) to exfiltrate data.
Database view – a mechanism that restricts what users can see or request from a database. There are risks associated with how the software performs the view processing, the ability to potentially access restricted views, or the ability to modify existing views. Essentially this just restricts what a user can view, and not what actions can be done on the data.
Memory/object reuse – reusing objects that are residual in memory after a process is complete. Memory reassignment (such as in RAM) should ensure that the residual objects are completely overwritten to prevent reuse attacks. This can also be referred to as a memory leak, a type of covert channel.
Mobile code – executables that are transmitted and executed from a remote location. Mobile code presents a number of risks that can be mitigated by the following:
- Run code in a restricted environment such as in a sandbox.
- Use digital certificates and signatures on mobile code elements to authenticate where the code is coming from.
Time of check/time of use – the time between usage of a session vs. when the system checks the authenticity of that session. Session hijacking is an example wherein the system does not re-authenticate frequently enough, allowing an attacker to masquerade as another user, or when too much time is allowed between termination and disabling of user accounts, allowing existing sessions to remain intact.
Between the lines attack – data inserted into a tapped communications line.
Trapdoor/backdoor/maintenance hook – developer mechanisms to bypass access control measures for maintenance and quick access for urgent issues. These are “good” until the application is in production, after which they can be abused.
Covert channel vs. Trapdoor/backdoor/maintenance hook – the best way to remember this is the fact that the “good” ones have the double “oo”s. Notice the bold lettering above. Often in the industry these terms are interchangeable, but for the CISSP exam, remember that the coVert channel Violates security policy.
Trusted computing base – the security kernels and reference monitors – the collection of software and firmware components that contain the elements of the system responsible for supporting the security policy and isolation of objects.
Processor states:
- User state – aka the problem state. Applications should run in this state.
- Supervisor state – the kernel state. Operating systems and device drivers run in this state.
Process isolation – the operating system and CPU use interrupts and time slicing to isolate processes from one another so that processes that are contending for resources are managed properly without issues.
Process encapsulation – hiding the process and data from other processes.
Time multiplexing – allows/enforces access to memory based on a strict time schedule.
Naming distinction – processes are given a unique identity.
Virtual address memory mapping – assigns a set of memory to certain processes.
Memory management – the operating system’s way of providing an abstraction layer for programmers, optimizing performance using physical RAM, and protecting the OS/programs after they are loaded to memory.
Source code: statements representing an implementation of a specific design following the rules for syntax (or structure) and semantics (how meaning is derived from structure) for a given programming language.
Executable code, AKA Object code is the binary representation of machine language instructions that the computer executes.
Intermediate code is somewhere between source and the object code, or binary representation.
Arbitrary code execution is a security flaw allowing criminals to execute arbitrary commands on the target system.
Code reuse is exactly as stated, it’s using someone else’s code so as not to reinvent the wheel to ensure safety and security, as long as it’s been tested and deemed secure.
Refactoring is rewriting all or part of software to perform the same functions, but in a more efficient, straightforward, and maintainable form.
Data modeling identifies all data elements that the system requires during its operational use.
Data quality standards and practices – as it says, practices and standards that relate to the use and quality of data, which includes validation criteria (verifying that it is accurate from another source) and usage constraints.
Pre-approved software libraries should be used for sensitive or mission-critical functions.
Level of abstraction is how close the language is to the binary environment of the CPU.
Lower order languages represent more direct hardware-level interaction and more control for the programmer, but require the programmer to thoroughly understand the hardware at the binary data flow level and control logic.
High (or higher)-order languages (HOL) enable thinking and programming more in the language and form of the problem that needs solving, and what the user needs to accomplish. The HOL compiler can do the translation of the HOL statement into assembly or intermediate language.
Data type enforcement represents how a language protects the programmer from trying to perform operations on conflicting types of data, or in ways that would lead to bad results. For example, you can’t have a zero in a person’s real name (whereas a username would be acceptable). Having a zero in a date field requires enforcing its exact location, and whether its location will indicate the month or day (e.g. 08/04 and 04/08 can mean the same thing or different things depending on where you’re from). Also certain numbers would have to be restricted from being entered, such as a ‘4’ as the first number in the day field, or ‘13’ for the full month field.
Data protection / data hiding restricts one software unit from reading or altering the data of another software unit.
Code protection / logic hiding restricts one software unit from reading or altering the source, intermediate, or executable code of another software unit.
Assembly language: low-level programming language in which there is a strong correspondence between assembly mnemonics and the architecture’s machine code instructions.
Compiled languages: programming languages whose implementations are compilers, not interpreters. Note: any language can be implemented with a compiler or an interpreter. Applications are programmed first in the source code, which is then compiled into object code that the computer can understand – some source code can’t be executed directly, it must be compiled first.
Interpreted languages run line by line and execute each command, interpreting, or translating the source code into machine language, rendering it into a usable form that the computer can understand. Examples of interpreted languages include PHP, Python, and JavaScript.
Data-centric system threat modeling has three concepts to help secure systems rather than relying on generalized best-practice recommendations.
- Input data: have an understanding that input data can cause applications to behave abnormally, expose data, allow arbitrary code, corrupt data, or make the application terminate abnormally.
- Incorrect data: allows false or fraudulent data to enter the system for processing, such as false invoices.
- Improper use: using the system for exfiltration attacks.