Computer Systems Security: Winter 2018 Assignment 4: Difference between revisions

From Soma-notes
No edit summary
No edit summary
Line 4: Line 4:


# [2] When code runs in a "sandboxed environment" does this refer to a specific security technology?  Explain briefly.
# [2] When code runs in a "sandboxed environment" does this refer to a specific security technology?  Explain briefly.
# [8] Define whitelists, blacklists, anomaly detection, and virtualization.  Explain how they are four fundamental strategies in computer security.  For each, give an example of a security mechanism that makes use of the strategy.
# [2] Why is it harder to implement protection boundaries within a process, as compared to having an operating system implement protection boundaries?  Explain.
# [2] Why is it harder to implement protection boundaries within a process, as compared to having an operating system implement protection boundaries?  Explain.
# [2] Why are system calls a good interface for implementing security protections?  Compare system calls to function/method calls in this context.
# [2] Why are system calls a good interface for implementing security protections?  Compare system calls to function/method calls in this context.
# [2] How do language runtimes (interpreted and just-in-time compiled) provide opportunities for enforcing security properties?  Can these properties also be enforced when code is compiled (and at what cost)?
# [2] How do language runtimes (interpreted and just-in-time compiled) provide opportunities for enforcing security properties?  Can these properties also be enforced when code is compiled (and at what cost)?
# [8] Define whitelists, blacklists, anomaly detection, and virtualization.  Explain how they are four fundamental strategies in computer security.  For each, give an example of a security mechanism that makes use of the strategy.

Revision as of 04:57, 29 March 2018

This assignment is not yet finalized.

Due: April 9, 2018, 10 AM

  1. [2] When code runs in a "sandboxed environment" does this refer to a specific security technology? Explain briefly.
  2. [2] Why is it harder to implement protection boundaries within a process, as compared to having an operating system implement protection boundaries? Explain.
  3. [2] Why are system calls a good interface for implementing security protections? Compare system calls to function/method calls in this context.
  4. [2] How do language runtimes (interpreted and just-in-time compiled) provide opportunities for enforcing security properties? Can these properties also be enforced when code is compiled (and at what cost)?
  5. [8] Define whitelists, blacklists, anomaly detection, and virtualization. Explain how they are four fundamental strategies in computer security. For each, give an example of a security mechanism that makes use of the strategy.