Computer Concepts

advertisement
New Perspectives on Computer Concepts 2011 Instructor’s Manual
1 of 18
Computer Concepts
Chapter Twelve: Computer Programming
A Guide to this Instructor’s Manual:
We have designed this Instructor’s Manual to supplement and enhance your teaching
experience through classroom activities and a cohesive chapter summary.
This document is organized chronologically, using the same heading in blue that you see in the
textbook. Under each heading you will find (in order): Lecture Notes that summarize the
section, Figures and Boxes found in the section (if any), Teacher Tips, Classroom Activities, and
Lab Activities. Pay special attention to teaching tips, and activities geared towards quizzing
your students, enhancing their critical thinking skills, and encouraging experimentation within
the software.
In addition to this Instructor’s Manual, our Instructor’s Resources CD also contains PowerPoint
Presentations, Test Banks, and other supplements to aid in your teaching experience.
For your students:
Our latest online feature, CourseCasts, is a library of weekly podcasts designed to keep your
students up to date with the latest in technology news. Direct your students to
http://coursecasts.course.com, where they can download the most recent CourseCast onto their
mp3 player. Ken Baldauf, host of CourseCasts, is a faculty member of the Florida State
University Computer Science Department, where he is responsible for teaching technology
classes to thousands of FSU students each year. Ken is an expert in the latest technology and
sorts through and aggregates the most pertinent news and information for CourseCasts so your
students can spend their time enjoying technology, rather than trying to figure it out. Open or
close your lecture with a discussion based on the latest CourseCast.
Table of Contents
Chapter Objectives
Section A: Programming Basics
Section B: Procedural Programming
Section C: Object-Oriented Programming
Section D: Declarative Programming
Section E: Secure Programming
Glossary of Key Terms
2
3
6
8
11
13
17
New Perspectives on Computer Concepts 2011 Instructor’s Manual
2 of 18
Chapter Objectives
Students will have mastered the material in Chapter Twelve when they can answer the following
questions:
 How many lines of code are in a typical
 What’s the point of flowcharts, pseudocode,
computer program?
and structured English?
 Do the activities performed by computer
 How do programmers make programs do
programmers differ from those performed by
things in the right order?
software engineers and systems analysts?
 How does object-oriented programming work?
 What’s the best computer programming
 How does declarative programming work?
language?
 Is it easy to write Prolog rules?
 What is a programming paradigm?
 What makes computer programs vulnerable to
 How is a computer program created?
hackers?
 What kinds of errors are discovered when
 How can programmers produce more secure
programs are tested?
code?
 In addition to programming languages, what
 Can consumers take steps to avoid
other tools do programmers use?
vulnerabilities that exist in software with code
 What is an algorithm?
defects?
READING ASSIGNMENT FASTPOLL T/F QUESTIONS
120100 A line of program code typically contains a keyword or command. (Answer: True) (676)
120200 BASIC, COBOL, and C are classified as third-generation languages. (Answer: True) (677)
120300 Programming paradigms include FORTRAN and Ada. (Answer: False) (679)
120400 In a program, a variable represents a value that can change. (Answer: True) (680)
120500 VDE is an example of an object-oriented programming language. (Answer: False) (683)
120600 A programmer who omits a command word from a line of code has made a logic error.
(Answer: False) (685)
120700 Programmers use a tool called an errata to step through a program to locate syntax errors.
(Answer: False) (685)
120800 Pseudocode is a bug or error in a line of program code. (Answer: False) (692)
120900 A control structure specifies the sequence in which a program is executed. (Answer: True)
(695)
121000 FOR…NEXT and DO…WHILE are examples of commands for loops. (Answer: True)
(698)
121100 A programmer could define a class called “pizza” to solve the pizza problem using objectoriented programming. (Answer: True) (702)
121200 Inheritance, methods, messages, and polymorphism are associated with the declarative
paradigm. (Answer: False) (705)
121300 Goals, rules, and instantiation are associated with the agile paradigm. (Answer: False)
(718)
121400 Java is a declarative programming language. (Answer: False) (712)
121500 Prolog facts contain an argument and a predicate. (Answer: True) (714)
121600 Buffer overflows are associated with security vulnerabilities. (Answer: True) (723)
New Perspectives on Computer Concepts 2011 Instructor’s Manual
3 of 18
121700 Programmers can use threat modeling and formal methods to create more secure programs.
(T) 725
SECTION A: PROGRAMMING BASICS (674)
SECTION A OPENER QUESTION
122100 Computer programming languages have evolved through several generations. Experts are
not in agreement about what constitutes a fifth-generation programming language. What is the
controversy?
a. Some experts believe that assembly languages should be included, whereas other experts do
not.
b. Some experts believe declarative languages are fifth-generation languages, whereas other
experts believe that fifth-generation languages are those that allow programmers to use
graphical tools to construct programs.
c. Most experts believe that languages like C, BASIC, and Java are fifth-generation
languages, but programmers disagree because those languages follow the procedural
paradigm.
d. A few experts don’t believe there is a fifth-generation of programming languages, but most
experts think that Japanese computer scientists invented fifth-generation languages when
they produced C++.
(Answer: b)
Computer Programming and Software Engineering (674)
LECTURE NOTES
 Explain that a computer program is a set of step-by-step instructions that tell a computer how to
solve a problem. Have the student create a set of step-by-step instructions to solve a very simple
problem, like opening their book and finding this chapter.
 Explain that the first computer programs were written in binary code, and thus, they are often
referred to as code.
 Use Figure 12-1 to discuss a simple computer program.
 Have students calculate how many days of coding a program they would have to spend to write
Vista with 50 million lines of code at 20 lines per day. Could it be written by one person in their
lifetime?
 Discuss the difference between computer programming and software engineering.
FIGURES
 Figure 12-1, Figure 12-2
New Perspectives on Computer Concepts 2011 Instructor’s Manual
4 of 18
CLASSROOM ACTIVITIES
 Assign a Project: Review binary code. Then, have students write their name in binary code to get an
idea of the complexity of writing a program in binary.
 Quick Quiz:
1. On average, one person can write, test, and document only _________ lines of code in one day.
(Answer: 20)
2. True/False: Software engineers have the skills to design, code, test, and document software- but
they tend to focus on designing and testing activities. (Answer: True)
Programming Languages and Paradigms (676)
LECTURE NOTES
 Discuss the definition of a programming language.
 Using Figure 12-3, discuss keywords and parameters. Have the student imagine what other
keywords there might be.
 Discuss the categories of programming languages.
 Discuss how languages are categorized by low-level and high-level. Ask the students to discuss the
factors that place a language in one of these categories. Do the same for program generation.
 Look at Figure 12-7 and discuss the various languages.
 Discuss what a programming paradigm is using Figure 12-8.
FIGURES
 Figure 12-3, Figure 12-4, Figure 12-5, Figure 12-6, Figure 12-7, and Figure 12-8
CLASSROOM ACTIVITIES
 Assign a Project: As an outside the class activity, have students categorize each language listed in
Figure 12-7 by generation. Compare the categories in class.
 Quick Quiz:
1. Today, fourth-generation languages are typically used for _________ applications. (Answer:
database)
2. Prolog is an example of a(n) _________ generation language. (Answer: fifth)
Program Planning (680)
LECTURE NOTES
 Discuss how you must develop a method for solving a problem, whether it is by a computer or by a
human.
 Discuss the characteristics of a good problem statement.
 Discuss the difference between an assumption, known information, a variable, and a constant.
 Discuss the difference between predictive methodology and agile methodology.
FIGURES
 Figure 12-9, Figure 12-10
CLASSROOM ACTIVITIES
1. Assign a Project: Have students write a problem statement for a problem of your choice. Perhaps
use something that is happening on campus or on the news.
New Perspectives on Computer Concepts 2011 Instructor’s Manual
5 of 18
Program Coding (682)
LECTURE NOTES
 Discuss a text editor. Talk about how a word processor and a text editor are not the same.
Demonstrate how a text editor can be used to enter code. Show how the editor does not do any
automatic indention or coloring.
 Discuss a program editor and demonstrate it with the same program.
 Discuss the features that a VDE (visual development environment) provides.
FIGURES
 Figure 12-11, Figure 12-12, Figure 12-13, Figure 12-14
CLASSROOM ACTIVITIES
 Classroom Demonstration: Write a small program in an IDE and demonstrate how it works.
 Quick Quiz:
1. In the context of a VDE, a(n) _________ is a screen-based object whose behavior can be defined
by a programmer. (Answer: control)
2. True/False: A programmer can select the events that apply to each control. (Answer: True)
Program Testing and Documentation (685)
LECTURE NOTES
 Discuss syntax and logic errors and show an example of each.
 Discuss what a debugger does and demonstrate how it works.
 Discuss documentation and the need of it.
FIGURES
 Figure 12-15, Figure 12-16
CLASSROOM ACTIVITIES
 Quick Quiz:
1. A(n) _________ error is an error in the logic or design of a program (Answer: logic)
2. A(n) _________ error shows up when you run a program. (Answer: runtime)
3. True/False: Syntax errors are usually more difficult to identify than logic errors. (Answer: False)
Programming Tools (686)
LECTURE NOTES
 Describe an SDK and an IDE. If you have an IDE demonstrate how it is used.
 Discuss what components are and how they are used.
 Describe an API. Show students the Windows API as an example.
 Discuss how computer games are developed.
FIGURES
 Figure 12-17, Figure 12-18
New Perspectives on Computer Concepts 2011 Instructor’s Manual
6 of 18
CLASSROOM ACTIVITIES
 Quick Quiz:
1. A(n) _________ is a type of SDK that packages a set of development tools into a sleek
programming application. (Answer: IDE or integrated development environment)
2. A(n) _________ is a prewritten module, typically designed to accomplish a specific task.
(Answer: component)
3. True/False: C, Java, and C++ are the most popular programming languages for commercial
games. (Answer: True)
SECTION B: PROCEDURAL PROGRAMMING (689)
SECTION B OPENER QUESTION
122200 Procedural programs are based on a step-by-step algorithm. How do programmers
devise the algorithms for their programs?
a. They create objects, classes, and methods, and then figure out the step-by-step way to send
messages back and forth between them.
b. They look at APIs and VDEs, which offer templates for common program functions.
c. They think about how a task might be carried out manually and devise flowcharts,
structured English, or pseudocode to describe the steps.
d. They first devise facts about the problem, then they come up with the steps based on rules.
(Answer: c)
Algorithms (689)
LECTURE NOTES
 Explain that algorithms are a series of steps for carrying out a task that can be written down and
implemented.
 Use Figure 12-20 to show the steps contained in one of the pizza program algorithms. Compare this
to Figure 12-21, which extends these steps and provides more detail.
FIGURES
 Figure 12-19, Figure 12-20, Figure 12-21
CLASSROOM ACTIVITIES
 Group Activity: Divide the class into two groups and have each group write an algorithm for a
simple task that can be completed in the classroom. Have the groups exchange algorithms and
attempt to carry out each other’s instructions. Were any steps left out? Was each group able to
successfully complete the algorithm?
 Quick Quiz:
1. A(n) _________ is a set of steps for carrying out a task that can be written down and
implemented. (Answer: algorithm)
2. True/False: The traditional approach to programming uses a procedural paradigm. (Answer:
True)
3. True/False: Algorithms are usually written in a format specific to a particular programming
language. (Answer: False)
Expressing an Algorithm (692)
LECTURE NOTES
New Perspectives on Computer Concepts 2011 Instructor’s Manual





7 of 18
Introduce pseudocode using Figure 12-22, which shows the pizza problem algorithm expressed in
pseudocode.
Explain that as with structured English, there are variations on the conventions used to write
pseudocode, but one standard convention has the following features:
 A limited set of non-computer language specific command words are used (e.g., display,
input, IF...THEN, output).
 The command words are often indicated in bold.
 An arrow symbol () indicates that the value of a variable changes (e.g., SquareInches1 
Size1 * Size1).
 The = symbol is used in logical expressions (e.g., If Shape1 = “round”).
 The commands associated with an IF...THEN statement or other control structures are
indented.
 Output messages are surrounded by quotes.
Figure 12-23 shows a flowchart for the pizza program. Review the flowchart symbols before you
walk through the program flow.
Discuss what a walkthrough is and its importance.
Figure 12-24 shows how to conduct a walkthrough and check the pseudocode for the pizza
program.
FIGURES
 Figure 12-22, Figure 12-23, Figure 12-24
CLASSROOM ACTIVITIES
 Assign a Project: Have students sketch a flowchart for the algorithm they created in the previous
section. Make sure they correct any errors that were discovered.
 Quick Quiz:
1. _________ is a notational system for algorithms that has been described as a mixture of English
and your favorite programming language. (Answer: Pseudocode)
2. Before finalizing the algorithm for a computer program, what should be performed? (Answer: A
walkthrough)
Sequence, Selection, and Repetition Controls (695)
LECTURE NOTES
 Discuss control structures.
 Compare a sequence control (Figure 12-25) which changes the order of instructions the computer
performs, to a selection control (Figure 12-27), which tells the computer what to do based on
whether a condition is true or false.
 Explain that repetition controls are also called loops or iterations, and repeat one or more
instructions until a condition is met. The flowchart in Figure 12-28 demonstrates the looping
process.
 Discuss which types of controls you might use in the pizza program—sequence, selection, or
repetition—and for what purpose. Students may need to use all types within the flowchart or
program.
TEACHER TIP
New Perspectives on Computer Concepts 2011 Instructor’s Manual
8 of 18
Students might need some help with the sections on control structures, depending on the depth of
understanding you wish them to develop. The text is written with the goal that students will be able to list
the three types of control structures (sequence, selection, and repetition controls) and describe the purpose
of each.
FIGURES
 Figure 12-25, Figure 12-26, Figure 12-27, Figure 12-28, Figure 12-29
CLASSROOM ACTIVITIES
 Quick Quiz:
1. During _________ the first instruction in the program is executed first, then the second
instruction, and so on, to the last instruction in the program. (Answer: sequential execution)
2. True/False: Control structures are instructions that specify the sequence in which a program is
executed. (Answer: True)
3. List at least two of the most frequently used repetition commands. (Answers: FOR…NEXT,
DO…WHILE, DO…UNTIL, WHILE…WEND)
Procedural Languages and Applications (700)
LECTURE NOTES
 Discuss what makes a program a procedural language.
 List some of the most popular procedural languages.
 Review the advantages and disadvantages of the procedural paradigm, as discussed on page 701.
TEACHER TIP
There is a tendency to classify a computer language into a single category— statements such as “COBOL is a
procedural language” and “BASIC is an interpreted language” are typical. However, a computer language
has many characteristics. For example, BASIC provides high-level commands, is usually interpreted, and is
procedural. The approach in Chapter 12 is to apply characteristics to computer languages, rather than to
attempt to classify them into a single category. You should reinforce this idea to your students.
SECTION C: OBJECT-ORIENTED PROGRAMMING (702)
SECTION C OPENER QUESTION
122300 Object-oriented programming has become quite popular. Why?
a. It allows programmers to structure problems in a cognitively similar way as they perceive
the real world.
b. Object-oriented programs are the fastest, most efficient type of programs for today’s
computer hardware.
c. It creates the most secure programs, with the fewest security holes.
d. It is the best programming paradigm for working with words and concepts.
(Answer: a)
Objects and Classes (702)
LECTURE NOTES
 Explain that the object-oriented paradigm is based on the idea that the solution for a problem can
be visualized in terms of objects that interact with each other.
 Point out that an object is defined as a unit of data that represents an abstract or real-world entity.
New Perspectives on Computer Concepts 2011 Instructor’s Manual




9 of 18
Examples of objects are shown in Figure 12-30.
Distinguish between an object and a class. There can be many objects, but in order to organize
similar objects a class is created. A class is a template for a group of objects with similar
characteristics.
Discuss class attributes and how they are used to describe the object. Review the examples in Figure
12-31. Discuss that any of these can be public or private, based on the availability of the object.
Discuss the data types associated with the class and review the UML (unified modeling language)
diagram in Figure 12-32. The class is named, the data types are defined, and the type of attribute is
designated.
FIGURES
 Figure 12-30, Figure 12-31, Figure 12-32
CLASSROOM ACTIVITIES
 Class Discussion: Display the class attribute data types on an overhead monitor or whiteboard and
have students describe each. Be sure to provide an example of each one. Refer to Figure 12-31 if
necessary. Discuss what kinds of attributes the pizza program might have and what type of variables
those would be.
 Quick Quiz:
1. A(n) _________ is a unit of data that represents an abstract or real-world entity (such as a
person, place, or thing). (Answer: object)
2. True/False: The object-oriented paradigm is based on the idea that the solution for a problem
can be visualized in terms of objects that interact with each other. (Answer: True)
3. In terms of object-oriented programming, what is a class? (Answer: A template for a group of
objects with similar characteristics)
Inheritance (704)
LECTURE NOTES
 Explain that in object-oriented terms, inheritance refers to passing certain characteristics from one
class to other classes. Compare this to passing genes from a parent to a child. For example, ask where
they got the color of their eyes. Ask if they have any special talents that one of their parents has
(such as swimming or playing ball). Inheritance in object-oriented terms produces new classes with
inherited attributes, creating a superclass and subclasses.
 Review the hierarchical structure in Figure 12-33.
TEACHER TIP
Consider using examples other than the pizza program to demonstrate the use of inheritance. For example,
if a program needs to compute a shipping cost based on the weight of items, they will need the item and its
weight. This weight is then added to the weight of other items, producing a total weight. This total weight
will then be used in a calculation to determine the shipping cost.
FIGURES
 Figure 12-33, Figure 12-34
CLASSROOM ACTIVITIES
New Perspectives on Computer Concepts 2011 Instructor’s Manual

10 of 18
Quick Quiz:
1. _________ refers to passing certain characteristics from one class to other classes. (Answer:
Inheritance)
2. True/False: A subclass is any class from which attributes can be inherited. (Answer: False)
3. True/False: A subclass is any class that inherits attributes from a superclass. (Answer: True)
4. What is the set of superclasses and subclasses that are related to each other called? (Answer:
Class hierarchy)
Methods and Messages (705)
LECTURE NOTES
 Explain that a method is a segment of code that defines an action.
 A method can perform a variety of tasks (such as exiting a program, a calculation or producing
output).
 Point out that methods can be defined along with the class they affect.
 Discuss that methods are activated by call statements.
 Define polymorphism and review the diagram in Figure 12-37 to identify the use of polymorphism.
Explain that Java knows which method to use based on the type of pizza or class.
TEACHER TIP
This section uses Java programming code as examples. Most students at this level have not had any
programming experience, so this may be difficult for them to understand at this time.
FIGURES
 Figure 12-35, Figure 12-36, Figure 12-37, Figure 12-38
CLASSROOM ACTIVITIES
 Assign a Project: Using the algorithm the student’s developed in the earlier section, ask them to
identify what actions need to take place and what methods might be used.
 Quick Quiz:
1. A(n) _________ is a segment of code that defines an action. (Answer: method)
2. True/False: A method can perform only one task. (Answer: False)
3. What is a method activated by? (Answer: A message)
Object-Oriented Program Structure (709)
LECTURE NOTES
 Discuss the use of classes and methods.
 In Figure 12-39, the structure of the program is given with the definitions, methods, calculations,
and outputs.
 Use Figure 12-40 to identify each part of the program structure using Java code.
 Explain that the final step in the program structure is to run the program and display the output.
TEACHER TIP
When discussing classes, objects, and methods, consider comparing the class to a manufacturing plant and
the object to the widget. The method then is the action that the widget can perform.
FIGURES
New Perspectives on Computer Concepts 2011 Instructor’s Manual

11 of 18
Figure 12-39, Figure 12-40, Figure 12-41
Object-Oriented Languages and Applications (711)
LECTURE NOTES
 Discuss the origin of object-oriented languages, including SmallTalk.
 Discuss some object-oriented languages in use today. These include C++, Visual Basic, and Java.
 Point out that advantages of object-oriented languages include an approach that is cognitively
similar to the way humans perceive their world, and encapsulation, which allows objects to be
reused in different ways.
CLASSROOM ACTIVITIES
 Class Discussion: Have students review sample Java code, identifying methods and classes.
 Quick Quiz:
1. _________ refers to the process of hiding the internal details of objects and their methods.
(Answer: Encapsulation)
2. True/False: Polymorphism provides OO programs with easy extensibility and can help simplify
program code. (Answer: True)
3. True/False: Procedural programs tend to require more memory and processing resources than
object-oriented programs. (Answer: False)
SECTION D: DECLARATIVE PROGRAMMING (713)
SECTION D OPENER QUESTION
122400 Declarative languages, such as Prolog, are very powerful for programs that involve words,
concepts, and complex logic, but why aren’t these languages a first choice for programming
computer games?
a. They don’t execute as fast as programs written with procedural languages.
b. They are too difficult to learn.
c. They have too many security holes.
d. They require expensive compilers.
(Answer: a)
The Declarative Paradigm (713)
LECTURE NOTES
 Explain that unlike procedural languages (which tell the computer how to solve a problem), a
declarative language describes the problem.
 Point out that declarative languages are useful for programs that manipulate ideas and concepts,
rather than numbers.
 Discuss the decision table in Figure 12-43. Talk about how it would help to decide which pizza is
the best choice.
FIGURES
 Figure 12-42, Figure 12-43
CLASSROOM ACTIVITIES
 Class Discussion: Ask students to discuss how the procedural, object-oriented, and declarative
paradigms are similar and different.
New Perspectives on Computer Concepts 2011 Instructor’s Manual

12 of 18
Assign a Project: Have the students create a decision table for a problem and then ask them to
demonstrate how it works in making decisions.
Prolog Facts (714)
LECTURE NOTES
 Explain that in the context of a Prolog program, a fact is a statement that provides the computer
with basic information for solving a problem.
 Discuss what argument and predicates are and their relationship.
 Review and discuss the coding statements syntax as shown in Figure 12-44.
 Discuss goals, constants, variables, and their meanings in Prolog.
 Explain the meaning of instantiation as applied to Prolog.
FIGURES
 Figure 12-44, Figure 12-45, Figure 12-46, Figure 12-47
CLASSROOM ACTIVITIES
 Quick Quiz:
1. A(n) _________ represents one of the main subjects that a fact describes. (Answer: argument)
2. The _________ describes the relationship between the arguments. (Answer: predicate)
3. True/False: A Prolog fact follows specific syntax rules. (Answer: True)
4. Finding a value for a variable is referred to as _________. (Answer: instantiation)
5. True/False: Prolog is a procedural programming language. (Answer: False)
Prolog Rules (718)
LECTURE NOTES
 Explain that a Prolog rule consists of a head, body, and connecting symbols, as shown in Figure 1248.
 Review the completed code in Figure 12-50.
FIGURES
 Figure 12-48, Figure 12-49, Figure 12-50
CLASSROOM ACTIVITIES
 Class Discussion: On an overhead projector or whiteboard, display a Prolog rule. Have students
identify the head, the clauses that form the body of the rule, and the connecting symbol.
Input Capabilities (720)
LECTURE NOTES
 Explain that Prolog, like other languages, allows coding for user input.
 Use Figure 12-51 to point out the series of prompts that asks the user for the price, size, and shape of
pizza 1 and pizza 2. Explain that this data is then used to produce the price of the pizza.
FIGURES
 Figure 12-51
Declarative Languages and Applications (722)
New Perspectives on Computer Concepts 2011 Instructor’s Manual
13 of 18
LECTURE NOTES
 Explain that declarative languages are most suitable for problems that pertain to words and
concepts, rather than numbers.
 Examples given are genealogy, or street and highway databases for mapping routes.
 Point out that declarative languages give more flexibility in solving problems.
FIGURES
 Figure 12-52
CLASSROOM ACTIVITIES
 Class Discussion: Have students review a problem statement and list the facts needed to solve the
problem.

Quick Quiz
1. In the context of a Prolog program a(n) _________ is a statement that provides the computer
with basic information for solving a problem. (Answer: fact)
2. True/False: Currently, declarative languages are commonly used for production applications.
(Answer: False)
3. Given the following Prolog fact: sizeof(room,area), the word “room” is an example of a(n)
_________.
a. variable
b. argument
c. end of a fact
d. beginning of a fact
(Answer: b.)
SECTION E: SECURE PROGRAMMING (723)
SECTION E OPENER QUESTION
122500 Consumers are told to use security software because their computers are vulnerable to
security exploits, but what is the source of security vulnerabilities?
a. Most security vulnerabilities are the fault of the user.
b. Threat modeling causes many of the vulnerabilities in today’s software.
c. Faulty programming that allows buffer overflows is one of the main causes of security
vulnerabilities.
d. Operating system patches and DREAD categories are the source of the security
vulnerabilities that affect most consumers.
(Answer: c)
Black Hat Exploits (723)
LECTURE NOTES
 Explain buffer overflow (i.e., buffer overrun).
 Discuss the error message in Figure 12-54 and why it is problematic.
TEACHER TIP
Consider having students compare their experiences with black-hat exploits. What steps have they taken to
prevent them?
New Perspectives on Computer Concepts 2011 Instructor’s Manual
14 of 18
FIGURES
 Figure 12-53, Figure 12-54
CLASSROOM ACTIVITIES
 Class Discussion: Ask students what types of black hat exploits they have heard of or dealt with.
 Quick Quiz:
1. A(n) _________ is a condition in which data in memory exceeds its expected boundaries and
flows into memory areas intended for use by other data. (Answer: buffer overflow or buffer
overrun)
2. What are the two languages most commonly used for professional software development?
(Answers: C, C++)
3. True/False: Today’s operating systems, utilities, and application software are impervious to
black-hat exploits. (Answer: False)
Secure Software Development (725)
LECTURE NOTES
 Discuss formal methods and the fact that they are necessary for security and safety crucial
applications. Talk about the added cost and time for development that causes them not to be used
for every application.
 Explain that a threat model defines a set of possible attacks to consider.
 Discuss STRIDE and how it can help software developers anticipate threats from attackers.
 Point out that a threat model allows you to assess the probability, potential harm, priority, etc. of
attacks. From this point on try to minimize or eradicate the threats.
 Use Figure 12-56 to explain what an attack tree is.
 Discuss defensive programming and the techniques associated with it.
TEACHER TIP
Figure 12-57 shows a digital certificate. Ask students if they’ve encountered certificates like the one shown.
If possible, demonstrate one to the class.
FIGURES
 Figure 12-55, Figure 12-56, Figure 12-57
CLASSROOM ACTIVITIES
 Assign a Project: Ask students to sketch an attack tree illustrating a potential attack intended to steal
passwords.
New Perspectives on Computer Concepts 2011 Instructor’s Manual

15 of 18
Quick Quiz:
1. _________ is a technique that can be used to identify potential vulnerabilities by listing the key
assets of an application, categorizing the threats to each asset, ranking the threats, and
developing threat mitigation strategies that can be implemented during coding. (Answer: Threat
modeling)
2. _________ categories help software developers anticipate threats from attackers. (Answer:
STRIDE)
3. True/False: Offensive programming is an approach to software development in which
programmers anticipate what might go wrong as their programs run and steps to smoothly
handle those situations. (Answer: False)
Mitigation (728)
LECTURE NOTES
 Explain what can happen when bugs are discovered.
 Ask students if they have ever entered “yes” when asked if they want to debug.
 Review the use of patches.
 Discuss the steps consumers can take to avoid security problems, as listed on page 729.
TEACHER TIP
Survey students about their experience with software patches. Are they tolerant of (or exasperated by) the
need to install patches to keep their computers safe from security threats?
FIGURES
 Figure 12-58
CLASSROOM ACTIVITIES
 Assign a Project: Have students design an attack tree for accessing a password-protected Web site,
use the attack tree shown in Figure 12-56.
 Quick Quiz:
1. True/False: Before being posted for users, patches should be thoroughly tested. (Answer: True)
2. True/False: Formal methods add little to the cost and time of software development, so they
tend to be used very often. (Answer: False)
3. Proprietary software can benefit from a(n) _________ with other in-house programmers.
a. redirection
b. walkthrough
c. input filtering
d. factcheck
(Answer: b.)
WHAT DO YOU THINK?
123100 Can you think of a specific instance when you have become frustrated with a software user
interface?
a. Yes
b. No
c. Not sure
New Perspectives on Computer Concepts 2011 Instructor’s Manual
16 of 18
123200 Is it possible to make computer software significantly easier to use?
a. Yes
b. No
c. Not sure
123300 Would you agree that programmers do not understand the viewpoint of a typical computer user
and consequently produce bad software?
a. Yes
b. No
c.
Not sure
17 of 18
New Perspectives on Computer Concepts 2011 Instructor’s Manual
Glossary of Key Terms













































Ada, 679
Agile methodology, 681
Algorithm, 689
API, 687
APL, 679
Argument, 714
Assembly language, 677
Assumption, 680
Attack tree, 726
BASIC, 679
Buffer overflow, 723
C, 679
C#, 679
C++, 679
Class, 702
Class attribute, 703
Class hierarchy, 704
COBOL, 679
Code, 674
Component, 687
Computer programming, 675
Constant, 680
Control, 683
Control structures, 695
CPL, 679
Debugger, 685
Decision table, 714
Declarative paradigm, 713
Defensive programming, 726
Eiffel, 679
Encapsulation, 712
Event, 684
Event-driven paradigm, 685
Event-handling code, 684
Fact, 713
Fifth-generation languages, 678
First-generation languages, 677
Flowchart, 692
Form design grid, 683
Formal methods, 725
Fortran, 679
Fourth-generation languages, 678
Function, 696
Functional paradigm, 713
Goal, 715














































Haskell, 679
High-level language, 676
IDE, 686
Inheritance, 704
Instantiation, 717
Iteration, 698
Java, 679
Keyword, 676
Known information, 680
LISP, 679
Logic error, 685
Loop, 698
Low-level language, 676
Message, 706
Method, 705
Multiparadigm languages, 679
Object, 702
Object-oriented paradigm, 702
Parameters, 676
Particle renderer, 687
Pascal, 679
Pathfinder algorithms, 687
PL/1, 679
Polymorphism, 707
Predicate, 714
Predictive methodology, 681
Private attribute, 703
Problem statement, 680
Procedural language, 689
Procedural paradigm, 689
Procedure, 696
Program editor, 682
Programming language, 676
Programming paradigm, 679
Prolog, 679
Properties, 683
Pseudocode, 692
Public attribute, 703
REALbasic, 679
Remarks, 686
Repetition control structure, 698
RPG, 679
Rule, 713
Runtime error, 685
Scheme, 679
Scratch, 679
18 of 18
New Perspectives on Computer Concepts 2011 Instructor’s Manual










SDK, 686
Second-generation languages, 677
Selection control structure, 697
Sequence control structure, 695
Sequential execution, 695
Signed code, 727
SIMULA, 679
Smalltalk, 679
Structured English, 692
Subclass, 704
Top of Document










Subroutine, 696
Superclass, 704
Syntax, 676
Syntax error, 685
Third-generation languages, 677
Threat modeling, 725
Variable, 680
VDE, 683
Visual Basic, 679
Walkthrough, 694
Download