Computer Systems Security: Winter 2018 Assignment 4: Difference between revisions
No edit summary |
No edit summary |
||
Line 17: | Line 17: | ||
<li>[1] Is it possible for the extension to perform actions unrelated to its purpose with these permissions? Explain briefly. | <li>[1] Is it possible for the extension to perform actions unrelated to its purpose with these permissions? Explain briefly. | ||
</ol> | </ol> | ||
Hint: Refer to Firefox's [https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions description of permissions]. | |||
</li> | </li> | ||
<li>[4] How is iOS runtime security (see [https://www.apple.com/business/docs/iOS_Security_Guide.pdf Apple's Security Whitepaper], p. 23-24) like OS virtualization, as implemented, for example, by Linux-VServer? How is it different? Explain each and compare/contrast.</li> | <li>[4] How is iOS runtime security (see [https://www.apple.com/business/docs/iOS_Security_Guide.pdf Apple's Security Whitepaper], p. 23-24) like OS virtualization, as implemented, for example, by Linux-VServer? How is it different? Explain each and compare/contrast.</li> | ||
<li>[8] Define whitelists, blacklists, anomaly detection, and virtualization. For each, give an example of a security mechanism base on that strategy, briefly explaining how the strategy relates to the mechanism.</li> | <li>[8] Define whitelists, blacklists, anomaly detection, and virtualization. For each, give an example of a security mechanism base on that strategy, briefly explaining how the strategy relates to the mechanism.</li> | ||
</ol> | </ol> |
Revision as of 14:28, 29 March 2018
This assignment is not yet finalized.
This assignment has 20 points in 7 questions.
Due: April 9, 2018, 10 AM
- [1] When code runs in a "sandboxed environment" does this refer to a specific security technology? Explain briefly.
- [1] Why is it harder to implement protection boundaries within a process, as compared to having an operating system implement protection boundaries? Explain briefly.
- [1] Which is a better interface for implementing security restrictions, function/method calls or system calls? Why?
- [1] How do language runtimes (interpreted and just-in-time compiled) provide opportunities for enforcing security properties? Can these properties also be enforced when code is compiled (and at what cost)?
- [4] Firefox Pinterest save button extension:
- [1] What does this extension do?
- [1] What permissions does it need?
- [1] Why does it need these permissions?
- [1] Is it possible for the extension to perform actions unrelated to its purpose with these permissions? Explain briefly.
Hint: Refer to Firefox's description of permissions.
- [4] How is iOS runtime security (see Apple's Security Whitepaper, p. 23-24) like OS virtualization, as implemented, for example, by Linux-VServer? How is it different? Explain each and compare/contrast.
- [8] Define whitelists, blacklists, anomaly detection, and virtualization. For each, give an example of a security mechanism base on that strategy, briefly explaining how the strategy relates to the mechanism.