Computer Systems Security: Winter 2018 Assignment 4

From Soma-notes
Revision as of 11:58, 29 March 2018 by Soma (talk | contribs)
Jump to navigation Jump to search

Please answer the following questions. There are 7 questions with 20 points. Submit your answers as a text or PDF file via cuLearn by April 9, 2018 at 10:00 AM. Be sure to put your name and student number at the beginning of your submission.

When answering each question, please indicate the sources of your answer. This could be a man page, your own experiments, discussion with a friend, or a website. Please list all your sources. You are allowed to collaborate; such collaboration should be clearly documented! If you already know an answer because of background knowledge you had before the class, that is fine, just state that this is the case.

Questions

  1. [1] When code runs in a "sandboxed environment" does this refer to a specific security technology? Explain briefly.
  2. [1] Why is it harder to implement protection boundaries within a process, as compared to having an operating system implement protection boundaries? Explain briefly.
  3. [1] Which is a better interface for implementing security restrictions, function/method calls or system calls? Why?
  4. [1] How do language runtimes (interpreted and just-in-time compiled) provide opportunities for enforcing security properties? Why can't binaries compiled to machine code provide the same security guarantees?
  5. [4] Firefox Pinterest save button extension:
    1. [1] What does this extension do?
    2. [1] What permissions does it need?
    3. [1] Why does it need these permissions?
    4. [1] Is it possible for the extension to perform actions unrelated to its purpose with these permissions? Explain briefly.

    Hint: Refer to Firefox's description of permissions.

  6. [4] How is iOS runtime security (see Apple's Security Whitepaper, p. 23-24) like OS virtualization, as implemented by Linux-VServer or similar systems? How is it different? Explain each and compare/contrast.
  7. [8] Define whitelists, blacklists, anomaly detection, and virtualization. For each, give an example of a security mechanism based on that strategy, briefly explaining how the strategy relates to the mechanism.
Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=Computer_Systems_Security:_Winter_2018_Assignment_4&oldid=21600"