Computer Systems Security: Winter 2018 Assignment 4: Difference between revisions
No edit summary |
No edit summary |
||
Line 7: | Line 7: | ||
# [2] Why are system calls a good interface for implementing security protections? Compare system calls to function/method calls in this context. | # [2] Why are system calls a good interface for implementing security protections? Compare system calls to function/method calls in this context. | ||
# [2] How do language runtimes (interpreted and just-in-time compiled) provide opportunities for enforcing security properties? Can these properties also be enforced when code is compiled (and at what cost)? | # [2] How do language runtimes (interpreted and just-in-time compiled) provide opportunities for enforcing security properties? Can these properties also be enforced when code is compiled (and at what cost)? | ||
# [2] Choose a specific Chrome or Firefox extension. What permissions does it need? Is it possible for the extension to perform actions unrelated to its purpose with these permissions? Explain briefly. | |||
# [2] How is iOS runtime security (see [https://www.apple.com/business/docs/iOS_Security_Guide.pdf Apple's Security Whitepaper], p. 23-24) like OS virtualization, as implemented, for example, by Linux-VServer? How is it different? | |||
# [8] Define whitelists, blacklists, anomaly detection, and virtualization. Explain how they are four fundamental strategies in computer security. For each, give an example of a security mechanism that makes use of the strategy. | # [8] Define whitelists, blacklists, anomaly detection, and virtualization. Explain how they are four fundamental strategies in computer security. For each, give an example of a security mechanism that makes use of the strategy. |
Revision as of 05:55, 29 March 2018
This assignment is not yet finalized.
Due: April 9, 2018, 10 AM
- [2] When code runs in a "sandboxed environment" does this refer to a specific security technology? Explain briefly.
- [2] Why is it harder to implement protection boundaries within a process, as compared to having an operating system implement protection boundaries? Explain.
- [2] Why are system calls a good interface for implementing security protections? Compare system calls to function/method calls in this context.
- [2] How do language runtimes (interpreted and just-in-time compiled) provide opportunities for enforcing security properties? Can these properties also be enforced when code is compiled (and at what cost)?
- [2] Choose a specific Chrome or Firefox extension. What permissions does it need? Is it possible for the extension to perform actions unrelated to its purpose with these permissions? Explain briefly.
- [2] How is iOS runtime security (see Apple's Security Whitepaper, p. 23-24) like OS virtualization, as implemented, for example, by Linux-VServer? How is it different?
- [8] Define whitelists, blacklists, anomaly detection, and virtualization. Explain how they are four fundamental strategies in computer security. For each, give an example of a security mechanism that makes use of the strategy.