Guide to this Instructor’s Manual



Download 160.99 Kb.
Date29.01.2017
Size160.99 Kb.
TypeGuide

New Perspectives on Computer Concepts 2011 Instructor’s Manual of

Computer Concepts

Chapter Twelve: Computer Programming

A Guide to this Instructor’s Manual:


We have designed this Instructor’s Manual to supplement and enhance your teaching experience through classroom activities and a cohesive chapter summary.
This document is organized chronologically, using the same heading in blue that you see in the textbook. Under each heading you will find (in order): Lecture Notes that summarize the section, Figures and Boxes found in the section (if any), Teacher Tips, Classroom Activities, and Lab Activities. Pay special attention to teaching tips, and activities geared towards quizzing your students, enhancing their critical thinking skills, and encouraging experimentation within the software.
In addition to this Instructor’s Manual, our Instructor’s Resources CD also contains PowerPoint Presentations, Test Banks, and other supplements to aid in your teaching experience.
For your students:

Our latest online feature, CourseCasts, is a library of weekly podcasts designed to keep your students up to date with the latest in technology news. Direct your students to http://coursecasts.course.com, where they can download the most recent CourseCast onto their mp3 player. Ken Baldauf, host of CourseCasts, is a faculty member of the Florida State University Computer Science Department, where he is responsible for teaching technology classes to thousands of FSU students each year. Ken is an expert in the latest technology and sorts through and aggregates the most pertinent news and information for CourseCasts so your students can spend their time enjoying technology, rather than trying to figure it out. Open or close your lecture with a discussion based on the latest CourseCast.


Table of Contents

Chapter Objectives

2

Section A: Programming Basics

3

Section B: Procedural Programming

6

Section C: Object-Oriented Programming

8

Section D: Declarative Programming

11

Section E: Secure Programming

13

Glossary of Key Terms

17



Chapter Objectives


Students will have mastered the material in Chapter Twelve when they can answer the following questions:


  • How many lines of code are in a typical computer program?

  • Do the activities performed by computer programmers differ from those performed by software engineers and systems analysts?

  • What’s the best computer programming language?

  • What is a programming paradigm?

  • How is a computer program created?

  • What kinds of errors are discovered when programs are tested?

  • In addition to programming languages, what other tools do programmers use?

  • What is an algorithm?

  • What’s the point of flowcharts, pseudocode, and structured English?

  • How do programmers make programs do things in the right order?

  • How does object-oriented programming work?

  • How does declarative programming work?

  • Is it easy to write Prolog rules?

  • What makes computer programs vulnerable to hackers?

  • How can programmers produce more secure code?

  • Can consumers take steps to avoid vulnerabilities that exist in software with code defects?



READING ASSIGNMENT FASTPOLL T/F QUESTIONS



120100 A line of program code typically contains a keyword or command. (Answer: True) (676)

120200 BASIC, COBOL, and C are classified as third-generation languages. (Answer: True) (677)

120300 Programming paradigms include FORTRAN and Ada. (Answer: False) (679)

120400 In a program, a variable represents a value that can change. (Answer: True) (680)

120500 VDE is an example of an object-oriented programming language. (Answer: False) (683)

120600 A programmer who omits a command word from a line of code has made a logic error. (Answer: False) (685)

120700 Programmers use a tool called an errata to step through a program to locate syntax errors. (Answer: False) (685)

120800 Pseudocode is a bug or error in a line of program code. (Answer: False) (692)

120900 A control structure specifies the sequence in which a program is executed. (Answer: True) (695)

121000 FOR…NEXT and DO…WHILE are examples of commands for loops. (Answer: True) (698)

121100 A programmer could define a class called “pizza” to solve the pizza problem using object-oriented programming. (Answer: True) (702)

121200 Inheritance, methods, messages, and polymorphism are associated with the declarative paradigm. (Answer: False) (705)

121300 Goals, rules, and instantiation are associated with the agile paradigm. (Answer: False) (718)

121400 Java is a declarative programming language. (Answer: False) (712)

121500 Prolog facts contain an argument and a predicate. (Answer: True) (714)

121600 Buffer overflows are associated with security vulnerabilities. (Answer: True) (723)

121700 Programmers can use threat modeling and formal methods to create more secure programs. (T) 725

SECTION A: PROGRAMMING BASICS (674)

SECTION A OPENER QUESTION

122100 Computer programming languages have evolved through several generations. Experts are not in agreement about what constitutes a fifth-generation programming language. What is the controversy?


  1. Some experts believe that assembly languages should be included, whereas other experts do not.

  2. Some experts believe declarative languages are fifth-generation languages, whereas other experts believe that fifth-generation languages are those that allow programmers to use graphical tools to construct programs.

  3. Most experts believe that languages like C, BASIC, and Java are fifth-generation languages, but programmers disagree because those languages follow the procedural paradigm.

  4. A few experts don’t believe there is a fifth-generation of programming languages, but most experts think that Japanese computer scientists invented fifth-generation languages when they produced C++.

(Answer: b)

Computer Programming and Software Engineering (674)

LECTURE NOTES



  • Explain that a computer program is a set of step-by-step instructions that tell a computer how to solve a problem. Have the student create a set of step-by-step instructions to solve a very simple problem, like opening their book and finding this chapter.

  • Explain that the first computer programs were written in binary code, and thus, they are often referred to as code.

  • Use Figure 12-1 to discuss a simple computer program.

  • Have students calculate how many days of coding a program they would have to spend to write Vista with 50 million lines of code at 20 lines per day. Could it be written by one person in their lifetime?

  • Discuss the difference between computer programming and software engineering.

FIGURES


  • Figure 12-1, Figure 12-2

CLASSROOM ACTIVITIES



  • Assign a Project: Review binary code. Then, have students write their name in binary code to get an idea of the complexity of writing a program in binary.

  • Quick Quiz:

    1. On average, one person can write, test, and document only _________ lines of code in one day. (Answer: 20)

    2. True/False: Software engineers have the skills to design, code, test, and document software- but they tend to focus on designing and testing activities. (Answer: True)

Programming Languages and Paradigms (676)

LECTURE NOTES



  • Discuss the definition of a programming language.

  • Using Figure 12-3, discuss keywords and parameters. Have the student imagine what other keywords there might be.

  • Discuss the categories of programming languages.

  • Discuss how languages are categorized by low-level and high-level. Ask the students to discuss the factors that place a language in one of these categories. Do the same for program generation.

  • Look at Figure 12-7 and discuss the various languages.

  • Discuss what a programming paradigm is using Figure 12-8.

FIGURES


  • Figure 12-3, Figure 12-4, Figure 12-5, Figure 12-6, Figure 12-7, and Figure 12-8

CLASSROOM ACTIVITIES



  • Assign a Project: As an outside the class activity, have students categorize each language listed in Figure 12-7 by generation. Compare the categories in class.

  • Quick Quiz:

  1. Today, fourth-generation languages are typically used for _________ applications. (Answer: database)

  2. Prolog is an example of a(n) _________ generation language. (Answer: fifth)

Program Planning (680)

LECTURE NOTES



  • Discuss how you must develop a method for solving a problem, whether it is by a computer or by a human.

  • Discuss the characteristics of a good problem statement.

  • Discuss the difference between an assumption, known information, a variable, and a constant.

  • Discuss the difference between predictive methodology and agile methodology.

FIGURES


  • Figure 12-9, Figure 12-10

CLASSROOM ACTIVITIES



  1. Assign a Project: Have students write a problem statement for a problem of your choice. Perhaps use something that is happening on campus or on the news.

Program Coding (682)

LECTURE NOTES



  • Discuss a text editor. Talk about how a word processor and a text editor are not the same. Demonstrate how a text editor can be used to enter code. Show how the editor does not do any automatic indention or coloring.

  • Discuss a program editor and demonstrate it with the same program.

  • Discuss the features that a VDE (visual development environment) provides.

FIGURES


  • Figure 12-11, Figure 12-12, Figure 12-13, Figure 12-14

CLASSROOM ACTIVITIES



  • Classroom Demonstration: Write a small program in an IDE and demonstrate how it works.

  • Quick Quiz:

    1. In the context of a VDE, a(n) _________ is a screen-based object whose behavior can be defined by a programmer. (Answer: control)

    2. True/False: A programmer can select the events that apply to each control. (Answer: True)

Program Testing and Documentation (685)

LECTURE NOTES



  • Discuss syntax and logic errors and show an example of each.

  • Discuss what a debugger does and demonstrate how it works.

  • Discuss documentation and the need of it.

FIGURES


  • Figure 12-15, Figure 12-16

CLASSROOM ACTIVITIES



  • Quick Quiz:

  1. A(n) _________ error is an error in the logic or design of a program (Answer: logic)

  2. A(n) _________ error shows up when you run a program. (Answer: runtime)

  3. True/False: Syntax errors are usually more difficult to identify than logic errors. (Answer: False)

Programming Tools (686)

LECTURE NOTES



  • Describe an SDK and an IDE. If you have an IDE demonstrate how it is used.

  • Discuss what components are and how they are used.

  • Describe an API. Show students the Windows API as an example.

  • Discuss how computer games are developed.

FIGURES


  • Figure 12-17, Figure 12-18

CLASSROOM ACTIVITIES



  • Quick Quiz:

  1. A(n) _________ is a type of SDK that packages a set of development tools into a sleek programming application. (Answer: IDE or integrated development environment)

  2. A(n) _________ is a prewritten module, typically designed to accomplish a specific task. (Answer: component)

  3. True/False: C, Java, and C++ are the most popular programming languages for commercial games. (Answer: True)

SECTION B: PROCEDURAL PROGRAMMING (689)

SECTION B OPENER QUESTION



122200 Procedural programs are based on a step-by-step algorithm. How do programmers devise the algorithms for their programs?

  1. They create objects, classes, and methods, and then figure out the step-by-step way to send messages back and forth between them.

  2. They look at APIs and VDEs, which offer templates for common program functions.

  3. They think about how a task might be carried out manually and devise flowcharts, structured English, or pseudocode to describe the steps.

  4. They first devise facts about the problem, then they come up with the steps based on rules.

(Answer: c)

Algorithms (689)

LECTURE NOTES



  • Explain that algorithms are a series of steps for carrying out a task that can be written down and implemented.

  • Use Figure 12-20 to show the steps contained in one of the pizza program algorithms. Compare this to Figure 12-21, which extends these steps and provides more detail.

FIGURES


  • Figure 12-19, Figure 12-20, Figure 12-21

CLASSROOM ACTIVITIES



  • Group Activity: Divide the class into two groups and have each group write an algorithm for a simple task that can be completed in the classroom. Have the groups exchange algorithms and attempt to carry out each other’s instructions. Were any steps left out? Was each group able to successfully complete the algorithm?

  • Quick Quiz:

  1. A(n) _________ is a set of steps for carrying out a task that can be written down and implemented. (Answer: algorithm)

  2. True/False: The traditional approach to programming uses a procedural paradigm. (Answer: True)

  3. True/False: Algorithms are usually written in a format specific to a particular programming language. (Answer: False)

Expressing an Algorithm (692)

LECTURE NOTES



  • Introduce pseudocode using Figure 12-22, which shows the pizza problem algorithm expressed in pseudocode.

  • Explain that as with structured English, there are variations on the conventions used to write pseudocode, but one standard convention has the following features:

    • A limited set of non-computer language specific command words are used (e.g., display, input, IF...THEN, output).

    • The command words are often indicated in bold.

    • An arrow symbol () indicates that the value of a variable changes (e.g., SquareInches1  Size1 * Size1).

    • The = symbol is used in logical expressions (e.g., If Shape1 = “round”).

    • The commands associated with an IF...THEN statement or other control structures are indented.

    • Output messages are surrounded by quotes.

  • Figure 12-23 shows a flowchart for the pizza program. Review the flowchart symbols before you walk through the program flow.

  • Discuss what a walkthrough is and its importance.

  • Figure 12-24 shows how to conduct a walkthrough and check the pseudocode for the pizza program.

FIGURES


  • Figure 12-22, Figure 12-23, Figure 12-24

CLASSROOM ACTIVITIES



  • Assign a Project: Have students sketch a flowchart for the algorithm they created in the previous section. Make sure they correct any errors that were discovered.

  • Quick Quiz:

  1. _________ is a notational system for algorithms that has been described as a mixture of English and your favorite programming language. (Answer: Pseudocode)

  2. Before finalizing the algorithm for a computer program, what should be performed? (Answer: A walkthrough)

Sequence, Selection, and Repetition Controls (695)

LECTURE NOTES



  • Discuss control structures.

  • Compare a sequence control (Figure 12-25) which changes the order of instructions the computer performs, to a selection control (Figure 12-27), which tells the computer what to do based on whether a condition is true or false.

  • Explain that repetition controls are also called loops or iterations, and repeat one or more instructions until a condition is met. The flowchart in Figure 12-28 demonstrates the looping process.

  • Discuss which types of controls you might use in the pizza program—sequence, selection, or repetition—and for what purpose. Students may need to use all types within the flowchart or program.

TEACHER TIP

Students might need some help with the sections on control structures, depending on the depth of understanding you wish them to develop. The text is written with the goal that students will be able to list the three types of control structures (sequence, selection, and repetition controls) and describe the purpose of each.
FIGURES


  • Figure 12-25, Figure 12-26, Figure 12-27, Figure 12-28, Figure 12-29

CLASSROOM ACTIVITIES



  • Quick Quiz:

  1. During _________ the first instruction in the program is executed first, then the second instruction, and so on, to the last instruction in the program. (Answer: sequential execution)

  2. True/False: Control structures are instructions that specify the sequence in which a program is executed. (Answer: True)

  3. List at least two of the most frequently used repetition commands. (Answers: FOR…NEXT, DO…WHILE, DO…UNTIL, WHILE…WEND)

Procedural Languages and Applications (700)

LECTURE NOTES



  • Discuss what makes a program a procedural language.

  • List some of the most popular procedural languages.

  • Review the advantages and disadvantages of the procedural paradigm, as discussed on page 701.

TEACHER TIP

There is a tendency to classify a computer language into a single category— statements such as “COBOL is a procedural language” and “BASIC is an interpreted language” are typical. However, a computer language has many characteristics. For example, BASIC provides high-level commands, is usually interpreted, and is procedural. The approach in Chapter 12 is to apply characteristics to computer languages, rather than to attempt to classify them into a single category. You should reinforce this idea to your students.

SECTION C: OBJECT-ORIENTED PROGRAMMING (702)

SECTION C OPENER QUESTION

122300 Object-oriented programming has become quite popular. Why?


  1. It allows programmers to structure problems in a cognitively similar way as they perceive the real world.

  2. Object-oriented programs are the fastest, most efficient type of programs for today’s computer hardware.

  3. It creates the most secure programs, with the fewest security holes.

d. It is the best programming paradigm for working with words and concepts.

(Answer: a)



Objects and Classes (702)

LECTURE NOTES



  • Explain that the object-oriented paradigm is based on the idea that the solution for a problem can be visualized in terms of objects that interact with each other.

  • Point out that an object is defined as a unit of data that represents an abstract or real-world entity.

  • Examples of objects are shown in Figure 12-30.

  • Distinguish between an object and a class. There can be many objects, but in order to organize similar objects a class is created. A class is a template for a group of objects with similar characteristics.

  • Discuss class attributes and how they are used to describe the object. Review the examples in Figure 12-31. Discuss that any of these can be public or private, based on the availability of the object.

  • Discuss the data types associated with the class and review the UML (unified modeling language) diagram in Figure 12-32. The class is named, the data types are defined, and the type of attribute is designated.

FIGURES


  • Figure 12-30, Figure 12-31, Figure 12-32

CLASSROOM ACTIVITIES



  • Class Discussion: Display the class attribute data types on an overhead monitor or whiteboard and have students describe each. Be sure to provide an example of each one. Refer to Figure 12-31 if necessary. Discuss what kinds of attributes the pizza program might have and what type of variables those would be.

  • Quick Quiz:

  1. A(n) _________ is a unit of data that represents an abstract or real-world entity (such as a person, place, or thing). (Answer: object)

  2. True/False: The object-oriented paradigm is based on the idea that the solution for a problem can be visualized in terms of objects that interact with each other. (Answer: True)

  3. In terms of object-oriented programming, what is a class? (Answer: A template for a group of objects with similar characteristics)

Inheritance (704)

LECTURE NOTES



  • Explain that in object-oriented terms, inheritance refers to passing certain characteristics from one class to other classes. Compare this to passing genes from a parent to a child. For example, ask where they got the color of their eyes. Ask if they have any special talents that one of their parents has (such as swimming or playing ball). Inheritance in object-oriented terms produces new classes with inherited attributes, creating a superclass and subclasses.

  • Review the hierarchical structure in Figure 12-33.

TEACHER TIP

Consider using examples other than the pizza program to demonstrate the use of inheritance. For example, if a program needs to compute a shipping cost based on the weight of items, they will need the item and its weight. This weight is then added to the weight of other items, producing a total weight. This total weight will then be used in a calculation to determine the shipping cost.
FIGURES


  • Figure 12-33, Figure 12-34

CLASSROOM ACTIVITIES



  • Quick Quiz:

  1. _________ refers to passing certain characteristics from one class to other classes. (Answer: Inheritance)

  2. True/False: A subclass is any class from which attributes can be inherited. (Answer: False)

  3. True/False: A subclass is any class that inherits attributes from a superclass. (Answer: True)

  4. What is the set of superclasses and subclasses that are related to each other called? (Answer: Class hierarchy)

Methods and Messages (705)

LECTURE NOTES



  • Explain that a method is a segment of code that defines an action.

  • A method can perform a variety of tasks (such as exiting a program, a calculation or producing output).

  • Point out that methods can be defined along with the class they affect.

  • Discuss that methods are activated by call statements.

  • Define polymorphism and review the diagram in Figure 12-37 to identify the use of polymorphism. Explain that Java knows which method to use based on the type of pizza or class.

TEACHER TIP

This section uses Java programming code as examples. Most students at this level have not had any programming experience, so this may be difficult for them to understand at this time.
FIGURES


  • Figure 12-35, Figure 12-36, Figure 12-37, Figure 12-38

CLASSROOM ACTIVITIES



  • Assign a Project: Using the algorithm the student’s developed in the earlier section, ask them to identify what actions need to take place and what methods might be used.

  • Quick Quiz:

  1. A(n) _________ is a segment of code that defines an action. (Answer: method)

  2. True/False: A method can perform only one task. (Answer: False)

  3. What is a method activated by? (Answer: A message)

Object-Oriented Program Structure (709)

LECTURE NOTES



  • Discuss the use of classes and methods.

  • In Figure 12-39, the structure of the program is given with the definitions, methods, calculations, and outputs.

  • Use Figure 12-40 to identify each part of the program structure using Java code.

  • Explain that the final step in the program structure is to run the program and display the output.

TEACHER TIP

When discussing classes, objects, and methods, consider comparing the class to a manufacturing plant and the object to the widget. The method then is the action that the widget can perform.
FIGURES


  • Figure 12-39, Figure 12-40, Figure 12-41

Object-Oriented Languages and Applications (711)

LECTURE NOTES



  • Discuss the origin of object-oriented languages, including SmallTalk.

  • Discuss some object-oriented languages in use today. These include C++, Visual Basic, and Java.

  • Point out that advantages of object-oriented languages include an approach that is cognitively similar to the way humans perceive their world, and encapsulation, which allows objects to be reused in different ways.

CLASSROOM ACTIVITIES



  • Class Discussion: Have students review sample Java code, identifying methods and classes.

  • Quick Quiz:

  1. _________ refers to the process of hiding the internal details of objects and their methods. (Answer: Encapsulation)

  2. True/False: Polymorphism provides OO programs with easy extensibility and can help simplify program code. (Answer: True)

  3. True/False: Procedural programs tend to require more memory and processing resources than object-oriented programs. (Answer: False)

SECTION D: DECLARATIVE PROGRAMMING (713)

SECTION D OPENER QUESTION



122400 Declarative languages, such as Prolog, are very powerful for programs that involve words, concepts, and complex logic, but why aren’t these languages a first choice for programming computer games?

  1. They don’t execute as fast as programs written with procedural languages.

  2. They are too difficult to learn.

  3. They have too many security holes.

  4. They require expensive compilers.

(Answer: a)

The Declarative Paradigm (713)

LECTURE NOTES



  • Explain that unlike procedural languages (which tell the computer how to solve a problem), a declarative language describes the problem.

  • Point out that declarative languages are useful for programs that manipulate ideas and concepts, rather than numbers.

  • Discuss the decision table in Figure 12-43. Talk about how it would help to decide which pizza is the best choice.

FIGURES


  • Figure 12-42, Figure 12-43

CLASSROOM ACTIVITIES



  • Class Discussion: Ask students to discuss how the procedural, object-oriented, and declarative paradigms are similar and different.

  • Assign a Project: Have the students create a decision table for a problem and then ask them to demonstrate how it works in making decisions.

Prolog Facts (714)

LECTURE NOTES



  • Explain that in the context of a Prolog program, a fact is a statement that provides the computer with basic information for solving a problem.

  • Discuss what argument and predicates are and their relationship.

  • Review and discuss the coding statements syntax as shown in Figure 12-44.

  • Discuss goals, constants, variables, and their meanings in Prolog.

  • Explain the meaning of instantiation as applied to Prolog.

FIGURES


  • Figure 12-44, Figure 12-45, Figure 12-46, Figure 12-47

CLASSROOM ACTIVITIES



  • Quick Quiz:

  1. A(n) _________ represents one of the main subjects that a fact describes. (Answer: argument)

  2. The _________ describes the relationship between the arguments. (Answer: predicate)

  3. True/False: A Prolog fact follows specific syntax rules. (Answer: True)

  4. Finding a value for a variable is referred to as _________. (Answer: instantiation)

  5. True/False: Prolog is a procedural programming language. (Answer: False)

Prolog Rules (718)

LECTURE NOTES



  • Explain that a Prolog rule consists of a head, body, and connecting symbols, as shown in Figure 12-48.

  • Review the completed code in Figure 12-50.

FIGURES


  • Figure 12-48, Figure 12-49, Figure 12-50

CLASSROOM ACTIVITIES



  • Class Discussion: On an overhead projector or whiteboard, display a Prolog rule. Have students identify the head, the clauses that form the body of the rule, and the connecting symbol.

Input Capabilities (720)

LECTURE NOTES



  • Explain that Prolog, like other languages, allows coding for user input.

  • Use Figure 12-51 to point out the series of prompts that asks the user for the price, size, and shape of pizza 1 and pizza 2. Explain that this data is then used to produce the price of the pizza.

FIGURES


  • Figure 12-51

Declarative Languages and Applications (722)

LECTURE NOTES



  • Explain that declarative languages are most suitable for problems that pertain to words and concepts, rather than numbers.

  • Examples given are genealogy, or street and highway databases for mapping routes.

  • Point out that declarative languages give more flexibility in solving problems.

FIGURES


  • Figure 12-52

CLASSROOM ACTIVITIES



  • Class Discussion: Have students review a problem statement and list the facts needed to solve the problem.




  • Quick Quiz

  1. In the context of a Prolog program a(n) _________ is a statement that provides the computer with basic information for solving a problem. (Answer: fact)

  2. True/False: Currently, declarative languages are commonly used for production applications. (Answer: False)

  3. Given the following Prolog fact: sizeof(room,area), the word “room” is an example of a(n) _________.

  1. variable

  2. argument

  3. end of a fact

  4. beginning of a fact

(Answer: b.)

SECTION E: SECURE PROGRAMMING (723)

SECTION E OPENER QUESTION

122500 Consumers are told to use security software because their computers are vulnerable to security exploits, but what is the source of security vulnerabilities?


  1. Most security vulnerabilities are the fault of the user.

  2. Threat modeling causes many of the vulnerabilities in today’s software.

  3. Faulty programming that allows buffer overflows is one of the main causes of security vulnerabilities.

  4. Operating system patches and DREAD categories are the source of the security vulnerabilities that affect most consumers.

(Answer: c)

Black Hat Exploits (723)

LECTURE NOTES



  • Explain buffer overflow (i.e., buffer overrun).

  • Discuss the error message in Figure 12-54 and why it is problematic.

TEACHER TIP

Consider having students compare their experiences with black-hat exploits. What steps have they taken to prevent them?
FIGURES


  • Figure 12-53, Figure 12-54

CLASSROOM ACTIVITIES



  • Class Discussion: Ask students what types of black hat exploits they have heard of or dealt with.

  • Quick Quiz:

  1. A(n) _________ is a condition in which data in memory exceeds its expected boundaries and flows into memory areas intended for use by other data. (Answer: buffer overflow or buffer overrun)

  2. What are the two languages most commonly used for professional software development? (Answers: C, C++)

  3. True/False: Today’s operating systems, utilities, and application software are impervious to black-hat exploits. (Answer: False)

Secure Software Development (725)

LECTURE NOTES



  • Discuss formal methods and the fact that they are necessary for security and safety crucial applications. Talk about the added cost and time for development that causes them not to be used for every application.

  • Explain that a threat model defines a set of possible attacks to consider.

  • Discuss STRIDE and how it can help software developers anticipate threats from attackers.

  • Point out that a threat model allows you to assess the probability, potential harm, priority, etc. of attacks. From this point on try to minimize or eradicate the threats.

  • Use Figure 12-56 to explain what an attack tree is.

  • Discuss defensive programming and the techniques associated with it.

TEACHER TIP

Figure 12-57 shows a digital certificate. Ask students if they’ve encountered certificates like the one shown. If possible, demonstrate one to the class.
FIGURES


  • Figure 12-55, Figure 12-56, Figure 12-57

CLASSROOM ACTIVITIES



  • Assign a Project: Ask students to sketch an attack tree illustrating a potential attack intended to steal passwords.

  • Quick Quiz:

  1. _________ is a technique that can be used to identify potential vulnerabilities by listing the key assets of an application, categorizing the threats to each asset, ranking the threats, and developing threat mitigation strategies that can be implemented during coding. (Answer: Threat modeling)

  2. _________ categories help software developers anticipate threats from attackers. (Answer: STRIDE)

  3. True/False: Offensive programming is an approach to software development in which programmers anticipate what might go wrong as their programs run and steps to smoothly handle those situations. (Answer: False)

Mitigation (728)

LECTURE NOTES



  • Explain what can happen when bugs are discovered.

  • Ask students if they have ever entered “yes” when asked if they want to debug.

  • Review the use of patches.

  • Discuss the steps consumers can take to avoid security problems, as listed on page 729.

TEACHER TIP

Survey students about their experience with software patches. Are they tolerant of (or exasperated by) the need to install patches to keep their computers safe from security threats?
FIGURES


  • Figure 12-58

CLASSROOM ACTIVITIES



  • Assign a Project: Have students design an attack tree for accessing a password-protected Web site, use the attack tree shown in Figure 12-56.

  • Quick Quiz:

    1. True/False: Before being posted for users, patches should be thoroughly tested. (Answer: True)

    2. True/False: Formal methods add little to the cost and time of software development, so they tend to be used very often. (Answer: False)

    3. Proprietary software can benefit from a(n) _________ with other in-house programmers.

  1. redirection

  2. walkthrough

c. input filtering

d. factcheck



(Answer: b.)





WHAT DO YOU THINK?

123100 Can you think of a specific instance when you have become frustrated with a software user interface?

  1. Yes

  2. No

  3. Not sure


123200 Is it possible to make computer software significantly easier to use?

    1. Yes

    2. No

    3. Not sure


123300 Would you agree that programmers do not understand the viewpoint of a typical computer user and consequently produce bad software?

  1. Yes

  2. No

  3. Not sure

Glossary of Key Terms

  • Ada, 679

  • Agile methodology, 681

  • Algorithm, 689

  • API, 687

  • APL, 679

  • Argument, 714

  • Assembly language, 677

  • Assumption, 680

  • Attack tree, 726

  • BASIC, 679

  • Buffer overflow, 723

  • C, 679

  • C#, 679

  • C++, 679

  • Class, 702

  • Class attribute, 703

  • Class hierarchy, 704

  • COBOL, 679

  • Code, 674

  • Component, 687

  • Computer programming, 675

  • Constant, 680

  • Control, 683

  • Control structures, 695

  • CPL, 679

  • Debugger, 685

  • Decision table, 714

  • Declarative paradigm, 713

  • Defensive programming, 726

  • Eiffel, 679

  • Encapsulation, 712

  • Event, 684

  • Event-driven paradigm, 685

  • Event-handling code, 684

  • Fact, 713

  • Fifth-generation languages, 678

  • First-generation languages, 677

  • Flowchart, 692

  • Form design grid, 683

  • Formal methods, 725

  • Fortran, 679

  • Fourth-generation languages, 678

  • Function, 696

  • Functional paradigm, 713

  • Goal, 715

  • Haskell, 679

  • High-level language, 676

  • IDE, 686

  • Inheritance, 704

  • Instantiation, 717

  • Iteration, 698

  • Java, 679

  • Keyword, 676

  • Known information, 680

  • LISP, 679

  • Logic error, 685

  • Loop, 698

  • Low-level language, 676

  • Message, 706

  • Method, 705

  • Multiparadigm languages, 679

  • Object, 702

  • Object-oriented paradigm, 702

  • Parameters, 676

  • Particle renderer, 687

  • Pascal, 679

  • Pathfinder algorithms, 687

  • PL/1, 679

  • Polymorphism, 707

  • Predicate, 714

  • Predictive methodology, 681

  • Private attribute, 703

  • Problem statement, 680

  • Procedural language, 689

  • Procedural paradigm, 689

  • Procedure, 696

  • Program editor, 682

  • Programming language, 676

  • Programming paradigm, 679

  • Prolog, 679

  • Properties, 683

  • Pseudocode, 692

  • Public attribute, 703

  • REALbasic, 679

  • Remarks, 686

  • Repetition control structure, 698

  • RPG, 679

  • Rule, 713

  • Runtime error, 685

  • Scheme, 679

  • Scratch, 679

  • SDK, 686

  • Second-generation languages, 677

  • Selection control structure, 697

  • Sequence control structure, 695

  • Sequential execution, 695

  • Signed code, 727

  • SIMULA, 679

  • Smalltalk, 679

  • Structured English, 692

  • Subclass, 704

  • Subroutine, 696

  • Superclass, 704

  • Syntax, 676

  • Syntax error, 685

  • Third-generation languages, 677

  • Threat modeling, 725

  • Variable, 680

  • VDE, 683

  • Visual Basic, 679

  • Walkthrough, 694

Top of Document




Download 160.99 Kb.

Share with your friends:




The database is protected by copyright ©ininet.org 2020
send message

    Main page