Questões de Concurso Público TCM-RJ 2011 para Analista de Informação

A professor of computer science at the Massachusetts Institute of Technology (MIT) has claimed to have developed software that can find and fix certain types of software bugs within a matter of minutes. Normally when a potentially harmful vulnerability is discovered in a piece of software, it usually takes nearly a month on average for human engineers to come up with a fix and to push the fix out to affected systems. The professor, however, hopes that the new software, called Fixer, will speed this process up, making software significantly more resilient against failure or attack.

Fixer works without assistance from humans and without access to a program’s underlying source code. Instead, the system monitors the behavior of a binary. By observing a program’s normal behavior and assigning a set of rules, Fixer detects certain types of errors, particularly those caused when an attacker injects malicious input into a program. When something goes wrong, Fixer throws up the anomaly and identifies the rules that have been violated. It then comes up with several potential patches designed to push the software into following the violated rules. (The patches are applied directly to the binary, bypassing the source code.) Fixer analyzes these possibilities to decide which are most likely to work, then installs the top candidates and tests their effectiveness. If additional rules are violated, or if a patch causes the system to crash, Fixer rejects it and tries another.

Fixer is particularly effective when installed on a group of machines running the same software. In that case, what Fixer learns from errors on one machine, is used to fix all the others. Because it doesn’t require access to source code, Fixer could be used to fix programs without requiring the cooperation of the company that made the software, or to repair programs that are no longer being maintained.

But Fixer’s approach could result in some hiccups for the user. For example, if a Web browser had a bug that made it unable to handle URLs past a certain length, Fixer’s patch might protect the system by clipping off the ends of URLs that were too long. By preventing the program from failing, it would also put a check on it working full throttle.

Even though it makes lots of sense, implementing encryption in the enterprise has its drawbacks, ranging from performance degradation, a false sense of security to complexity and cost. These potential obstacles in turn, make many businesses balk. They find themselves faced with a serious and complex dilemma. If encryption is used, costs increase, performance suffers, and the network is saddled with numerous complexities, making it very difficult to manage. If encryption is not used, costs are lower; however, the network is extremely vulnerable.

One advantage to encryption is that it separates the security of data from the security of the device where the data resides or the medium through which data is transmitted. When data itself is encrypted, it allows administrators to use unsecured means to store and transport data, since security is encompassed in the encryption. Other key advantages to implementing encryption include the elimination of the pain that co- mes with data breach disclosures, the provision of strong protection for intellectual property, and the fulfillment of myriad regulatory compliance requirements. Nevertheless, just a cursory look at the intricacies behind encryption algorithms and keys is all that is needed to rapidly understand that this is about as close to rocket science.

Take encryption keys. One of the main drawbacks of encryption is the fact that management of encryption keys must be an added administrative task for often overburdened IT staff. In fact, the security of data becomes the security of the encryption key. “Lose that key, and you effectively lose your data”