OSWebSec: Final Exam Study Guide

From Soma-notes
Revision as of 18:01, 4 December 2012 by Soma (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

The final exam will be a series of essay questions on the readings from this term. Like the midterm, you will be able to choose which questions you can answer (you will be able to omit some). Expect to answer around four questions - so you'll have to write four essays in the three hours allocated to the exam.

The final, like the midterm, is open book, open note, open Internet. You may write your test on your own laptop that you bring to the exam hall. No collaboration with anyone else is allowed during the test, however. So please disable all communication services during the test.

The final exam is cumulative, covering papers from the beginning of class. Expect questions similar to those on the midterm exam. Note that while you will need to discuss details from some papers, you will not need to discuss every paper we covered - you will have the option to choose. Below are some sample questions regarding the papers covered in the last half of the term.

  1. How can virtualization (and virtualization-like mechanisms) improve the security of commodity operating systems and applications (including mobile)? Explain in general and give at least 3 specific examples. Outline threat model(s) in which these defenses work. Which of these defenses are more "realistic?" Why?
  2. Web browsers are increasingly implementing OS-type security mechanisms. What mechanisms are they implementing, and what benefit do they provide? Give three examples. How significant is the improvement in security? Explain.
  3. How have mobile operating systems adapted traditional OS security mechanisms? To what purpose? Give 3 examples.