Computer Systems Security: Winter 2018 Assignment 4: Difference between revisions

From Soma-notes
← Older editNewer edit →
No edit summary
No edit summary
Line 3: Line 3:
Due: April 9, 2018, 10 AM
Due: April 9, 2018, 10 AM


# [2] When code runs in a "sandboxed environment" does this refer to a specific security technology?  Explain briefly.
<ol>
# [2] Why is it harder to implement protection boundaries within a process, as compared to having an operating system implement protection boundaries?  Explain.
<li>[1] When code runs in a "sandboxed environment" does this refer to a specific security technology?  Explain briefly.</li>
# [2] Why are system calls a good interface for implementing security protections?  Compare system calls to function/method calls in this context.
<li>[1] Why is it harder to implement protection boundaries within a process, as compared to having an operating system implement protection boundaries?  Explain briefly.</li>
# [2] How do language runtimes (interpreted and just-in-time compiled) provide opportunities for enforcing security properties?  Can these properties also be enforced when code is compiled (and at what cost)?
<li>[1] Which is a better interface for implementing security restrictions, function/method calls or system calls? Why?</li>
# [2] Choose a specific Chrome or Firefox extension. What permissions does it need? Is it possible for the extension to perform actions unrelated to its purpose with these permissions?  Explain briefly.
<li>[2] How do language runtimes (interpreted and just-in-time compiled) provide opportunities for enforcing security properties?  Can these properties also be enforced when code is compiled (and at what cost)?</li>
# [2] How is iOS runtime security (see [https://www.apple.com/business/docs/iOS_Security_Guide.pdf Apple's Security Whitepaper], p. 23-24) like OS virtualization, as implemented, for example, by Linux-VServer?  How is it different?  
<li>[4] Choose a specific Chrome or Firefox extension.
# [8] Define whitelists, blacklists, anomaly detection, and virtualization.  Explain how they are four fundamental strategies in computer security.  For each, give an example of a security mechanism that makes use of the strategy.
  <ol>
  <li>[1] What does this extension do?
  <li>[1] What permissions does it need?
  <li>[1] Why does it need these permissions?
  <li>[1] Is it possible for the extension to perform actions unrelated to its purpose with these permissions?  Explain briefly.
  </ol>
</li>
<li>[4] How is iOS runtime security (see [https://www.apple.com/business/docs/iOS_Security_Guide.pdf Apple's Security Whitepaper], p. 23-24) like OS virtualization, as implemented, for example, by Linux-VServer?  How is it different? Explain each and compare/contrast.</li>
<li>[8] Define whitelists, blacklists, anomaly detection, and virtualization.  Explain how they are four fundamental strategies in computer security.  For each, give an example of a security mechanism that makes use of the strategy.</li>
</ol>

Revision as of 06:02, 29 March 2018

This assignment is not yet finalized.

Due: April 9, 2018, 10 AM

  1. [1] When code runs in a "sandboxed environment" does this refer to a specific security technology? Explain briefly.
  2. [1] Why is it harder to implement protection boundaries within a process, as compared to having an operating system implement protection boundaries? Explain briefly.
  3. [1] Which is a better interface for implementing security restrictions, function/method calls or system calls? Why?
  4. [2] How do language runtimes (interpreted and just-in-time compiled) provide opportunities for enforcing security properties? Can these properties also be enforced when code is compiled (and at what cost)?
  5. [4] Choose a specific Chrome or Firefox extension.
    1. [1] What does this extension do?
    2. [1] What permissions does it need?
    3. [1] Why does it need these permissions?
    4. [1] Is it possible for the extension to perform actions unrelated to its purpose with these permissions? Explain briefly.
  6. [4] How is iOS runtime security (see Apple's Security Whitepaper, p. 23-24) like OS virtualization, as implemented, for example, by Linux-VServer? How is it different? Explain each and compare/contrast.
  7. [8] Define whitelists, blacklists, anomaly detection, and virtualization. Explain how they are four fundamental strategies in computer security. For each, give an example of a security mechanism that makes use of the strategy.
Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=Computer_Systems_Security:_Winter_2018_Assignment_4&oldid=21591"