Best代写-最专业靠谱代写IT | CS | 留学生作业 | 编程代写Java | Python |C/C++ | PHP | Matlab | Assignment Project Homework代写

C++软件安全代写 | COMP SCI 4412 Secure Software Engineering Individual Assignment 3

C++软件安全代写 | COMP SCI 4412 Secure Software Engineering Individual Assignment 3


Part 1 (5 points)

1. Study about strings vulnerabilities, i.e., Buffer Over ow and Arc Injection, on Common Weakness Enumer-
ation and related websites;

2. Identify 3 security threats in open-source GitHub repositories. Each type of vulnerability must have at least
one source code FIle. The projects must satisfy the following conditions:

• The programming languages must be either C or C++
• The repository has more 100 stars and 10 contributors on GitHub

3. Include the following artifacts about each file you have found in the report:

• Link to the file
• Link to the commit that fixes the vulnerable file
• Name of the file
• The programming language used in the file
• Name of the repository
• Number of repository stars
• Number of contributors in the repositories
• Type of vulnerability (CWE)

4. Pinpoint the code lines within the source code files you have identified that contain the vulnerabilities you

5. Also enter the information you have found in tasks 3 and 4 into the Google Sheet along with your name and
student ID to avoid duplicate submission

6. Explain how the vulnerable lines correlate to the definition or causes of the vulnerability you have studied

7. Show how to fix the vulnerability and explain in details. It is not mandatory that the fix has to be executable,
but the explanation must be reasonable. If there is already a fix available, explain how this fix complies with
the standard mitigation techniques for the vulnerability.

8. Write your findings in the report.

9. Please visit Google Sheet to input your identified vulnerable source code files as soon as possible after you find
them. You can do the analyses and put your findings in the report later (but still before the deadline). The
student who submits earlier will claim the authorship of the source code file and the later ones must choose a
different file to work on. In case you accidentally select the same source code file, there will be a red ag to
notify you.

Part 2 (5 points)

1. Based on the threat modeling case study in the Working Session 3, select one software system of your choice

• Identify and draw a use case diagram, with at least 5 misuse cases included
• Write down the description of the (mis)use cases
• Draw a data ow diagram with at least 5 external entities and 5 processes using Lucidchart

2. Identify three security threats in the data ow diagram

3. Perform the following tasks

• Brie y describe the software system you have chosen
• Explain each security threat in details
• Include a use case diagram containing the misuse cases related to your identified threats (You should
highlight such misuse cases.)
• Include a data ow diagram containing your identified threats (You should specify the entities, processes
and data stores involved. It is ok if some elements are missing.)
• Assess the risk of each security threat using the threat library of EMC and/or Common Vulnerability
Scoring System (You should mention which assessment framework you are using)
• Describe how you can potentially fix each security threat

4. Write your findings in the report

The three security threats you report should be relevant to the system you have been involved in the threat modeling
use case in class. If any threat does not match, we will not give any mark for it.