Computer Systems Security: Winter 2018 Assignment 4: Difference between revisions

Revision as of 06:03, 29 March 2018

This assignment is not yet finalized.

Due: April 9, 2018, 10 AM

[1] When code runs in a "sandboxed environment" does this refer to a specific security technology? Explain briefly.
[1] Why is it harder to implement protection boundaries within a process, as compared to having an operating system implement protection boundaries? Explain briefly.
[1] Which is a better interface for implementing security restrictions, function/method calls or system calls? Why?
[2] How do language runtimes (interpreted and just-in-time compiled) provide opportunities for enforcing security properties? Can these properties also be enforced when code is compiled (and at what cost)?
[4] Choose a specific Chrome or Firefox extension.
1. [1] What does this extension do?
2. [1] What permissions does it need?
3. [1] Why does it need these permissions?
4. [1] Is it possible for the extension to perform actions unrelated to its purpose with these permissions? Explain briefly.
[4] How is iOS runtime security (see Apple's Security Whitepaper, p. 23-24) like OS virtualization, as implemented, for example, by Linux-VServer? How is it different? Explain each and compare/contrast.
[8] Define whitelists, blacklists, anomaly detection, and virtualization. Explain how they are four fundamental strategies in computer security. For each, give an example of a security mechanism that makes use of the strategy.

@@ Line 9: / Line 9: @@
 <li>[2] How do language runtimes (interpreted and just-in-time compiled) provide opportunities for enforcing security properties?  Can these properties also be enforced when code is compiled (and at what cost)?</li>
 <li>[4] Choose a specific Chrome or Firefox extension.
-   <ol>
+   <ol style="list-style-type:lower-alpha">
    <li>[1] What does this extension do?
    <li>[1] What permissions does it need?