TU Wien:Software Security VU (Weippl)/Midterm Exam 2013-05-13

From VoWi
Jump to navigation Jump to search

Here are most of the questions of the exam (approximately)

  • What is/difference between linear sweep and recursive traversal
  • Something like - you have some code and you can use AES and do something with it, can an attacker who has full control of the program extract the information of the program. Why/why not?
  • Difference, pros and cons of static analysis vs. dynamic analysis, examples.
  • What makes disassembling so hard? (question was something other but it was this topic)
  • Explain opaque predicates, how are they used?
  • Explain the cloud service models
  • What is a hybrid cloud, what a community cloud?
  • 4 things a SLA should contain?
  • 4 issues related cloud service models?
  • name the 5 stages of activity in the RMF and describe the 4th stage
  • who should do software security?
  • Explain Architectural Risk Analysis
  • Explain bug, flaw, vulnerability