SystemsSec 2016W Lecture 23: Difference between revisions
No edit summary |
|||
Line 8: | Line 8: | ||
===Midterm Discussion=== | ===Midterm Discussion=== | ||
• Midterms almost all marked | |||
• Midterms will be returned on Thursday (April 7th), on average people did badly, we will discuss them in Thursday’s class | |||
• Question 1 was answered best overall, Anil had issues believing people had actually used the system before when they failed to supply enough detail | |||
• Question 2, most people just did not address all aspects of the question. Or argued for things that just were not true. | |||
o Ex. Very few OS are verified, but lots of people claimed they were. | |||
• Question 3 also had several problems, he was extremely lenient with what qualified as a system (nowhere did the question say it had to be a computer system) | |||
• Example System: A Man carrying a suitcase full of cash | |||
o Threat #1: Someone will steal the case | |||
Defense: Get a bodyguard | |||
• Vulnerability: Guard could be bribed or could abandon you | |||
o Threat #2: Hyperinflation reduces value of case contents to nothing | |||
Defense: Banks/Mints | |||
• Vulnerability: Currency minting plates get stolen | |||
• General Comment: FOLLOW THE FULL INSTRUCTIONS, BE SPECIFIC. | |||
• Concerns of time pressure leading to Anil thinking of 4 questions for the final | |||
===Paper: Boxify=== | ===Paper: Boxify=== |
Revision as of 04:22, 6 April 2016
Topics and Readings
- Boxify
- Michael Backes et al., Boxify: Full-fledged App Sandboxing for Stock Android (USENIX Security 2015)
- Android Permissions
- Primal Wijesekera et al., Android Permissions Remystified: A Field Study on Contextual Integrity (USENIX Security 2015)
Notes
Midterm Discussion
• Midterms almost all marked • Midterms will be returned on Thursday (April 7th), on average people did badly, we will discuss them in Thursday’s class • Question 1 was answered best overall, Anil had issues believing people had actually used the system before when they failed to supply enough detail • Question 2, most people just did not address all aspects of the question. Or argued for things that just were not true. o Ex. Very few OS are verified, but lots of people claimed they were. • Question 3 also had several problems, he was extremely lenient with what qualified as a system (nowhere did the question say it had to be a computer system) • Example System: A Man carrying a suitcase full of cash o Threat #1: Someone will steal the case Defense: Get a bodyguard • Vulnerability: Guard could be bribed or could abandon you o Threat #2: Hyperinflation reduces value of case contents to nothing Defense: Banks/Mints • Vulnerability: Currency minting plates get stolen • General Comment: FOLLOW THE FULL INSTRUCTIONS, BE SPECIFIC. • Concerns of time pressure leading to Anil thinking of 4 questions for the final
Paper: Boxify
- Placeholder
Paper: Android Permissions Remystified
- Placeholder
Anil: "Where the research is"
- Placeholder