Answered step by step
Verified Expert Solution
Question
1 Approved Answer
In the following program, the return value of a call to the method retrieveFromDB is a secret value, and printf prints the message that
In the following program, the return value of a call to the method "retrieveFromDB" is a secret value, and printf prints the message that an attacker can observe (public). The program is insecure to allow an attacker to observe its secret data. The violation is through implicit information flow. Note that programmers have written the security requirement as the type qualifiers secret and public. Using tainted flow analysis with the lattice public < secret, how would you precisely identify the implicit flow? Write the constraints and try to solve them. secret int retrieveFromDB(...). void printf(public int i). int ret = retriveFromDB(). int tmp: if(ret == 1){ tmp =Q; } else { } tmp = 1; printf(tmp):
Step by Step Solution
There are 3 Steps involved in it
Step: 1
The program snippet displayed in the image contains a security issue due to an implicit information flow This refers to a situation where information ...
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Automate The Boring Stuff With Python Practical Programming For Total Beginners
Authors: Al Sweigart
1st Edition
1593275994, 978-1593275990
