OSWebSec: Final Exam Study Guide: Difference between revisions

From Soma-notes
Created page with "The final exam will be a series of essay questions on the readings from this term. Like the midterm, you will be able to choose which questions you can answer (you will be ab..."
 
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
The final exam will be a series of essay questions on the readings from this term.  Like the midterm, you will be able to choose which questions you can answer (you will be able to omit some).  Each question should be answered with a short essay.  (If you answer 3 questions, you'll have to write 3 short essays - please don't merge them into one essay.)
The final exam will be a series of essay questions on the readings from this term.  Like the midterm, you will be able to choose which questions you can answer (you will be able to omit some).  Expect to answer around four questions - so you'll have to write four essays in the three hours allocated to the exam.


The final, like the midterm, is open book, open note.  You may write your test on your own laptop that you bring to the exam hall.  I request, though, that you disable Internet connectivity for the exam, as you shouldn't be collaborating with anyone else during the test.
The final, like the midterm, is open book, open note, open Internet.  You may write your test on your own laptop that you bring to the exam hall.  No collaboration with anyone else is allowed during the test, however.  So please disable all communication services during the test.


The final exam is cumulative, covering papers from the beginning of class.  Expect questions similar to those on the midterm exam.  Note that while you will need to discuss details from some papers, you will not need to discuss every paper we covered - you will have the option to choose.  Below are some sample questions regarding the papers covered in the last half of the term.
The final exam is cumulative, covering papers from the beginning of class.  Expect questions similar to those on the midterm exam.  Note that while you will need to discuss details from some papers, you will not need to discuss every paper we covered - you will have the option to choose.  Below are some sample questions regarding the papers covered in the last half of the term.


#
# How can virtualization (and virtualization-like mechanisms) improve the security of commodity operating systems and applications (including mobile)?  Explain in general and give at least 3 specific examples.  Outline threat model(s) in which these defenses work.  Which of these defenses are more "realistic?"  Why?
# Web browsers are increasingly implementing OS-type security mechanisms.  What mechanisms are they implementing, and what benefit do they provide?  Give three examples.  How significant is the improvement in security?  Explain.
# How have mobile operating systems adapted traditional OS security mechanisms?  To what purpose?  Give 3 examples.

Latest revision as of 18:01, 4 December 2012

The final exam will be a series of essay questions on the readings from this term. Like the midterm, you will be able to choose which questions you can answer (you will be able to omit some). Expect to answer around four questions - so you'll have to write four essays in the three hours allocated to the exam.

The final, like the midterm, is open book, open note, open Internet. You may write your test on your own laptop that you bring to the exam hall. No collaboration with anyone else is allowed during the test, however. So please disable all communication services during the test.

The final exam is cumulative, covering papers from the beginning of class. Expect questions similar to those on the midterm exam. Note that while you will need to discuss details from some papers, you will not need to discuss every paper we covered - you will have the option to choose. Below are some sample questions regarding the papers covered in the last half of the term.

  1. How can virtualization (and virtualization-like mechanisms) improve the security of commodity operating systems and applications (including mobile)? Explain in general and give at least 3 specific examples. Outline threat model(s) in which these defenses work. Which of these defenses are more "realistic?" Why?
  2. Web browsers are increasingly implementing OS-type security mechanisms. What mechanisms are they implementing, and what benefit do they provide? Give three examples. How significant is the improvement in security? Explain.
  3. How have mobile operating systems adapted traditional OS security mechanisms? To what purpose? Give 3 examples.