100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
Secure Coding Final UPDATED Exam Questions and CORRECT Answers $9.99   Add to cart
Quickly navigate to
Preview
  2.  
  3. Secure Coding
  4.  
  5. Secure Coding

Exam (elaborations)

Secure Coding Final UPDATED Exam Questions and CORRECT Answers
 0 view  0 purchase
  • Course
  • Secure Coding
  • Institution
  • Secure Coding

Secure Coding Final UPDATED Exam Questions and CORRECT Answers In what dimension should objects be separated? - CORRECT ANSWER- logical To what degree should objects be kept separate? - CORRECT ANSWER- Complete isolation, ..., limited sharing, usage control, full sharing What are the objects...

[Show more]

Preview 3 out of 16  pages

Document information

  • August 19, 2024
  • 16
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

Written for

  • Secure Coding
  • Secure Coding

Seller

avatar-seller
MGRADES

Reviews received

Content preview

Secure Coding Final UPDATED Exam
Questions and CORRECT Answers

In what dimension should objects be separated? - CORRECT ANSWER- logical


To what degree should objects be kept separate? - CORRECT ANSWER- Complete isolation,
..., limited sharing, usage control, full sharing


What are the objects that will be kept apart? - CORRECT ANSWER- programs, sets of
programs, OS environments


What mechanisms will provide separation? - CORRECT ANSWER- sandboxes, virtual
machines


Java Virtual Machine (JVM) - CORRECT ANSWER- -sandbox
-java programs use the java api
-cant interact with OS


java - CORRECT ANSWER- better security and isolation


security manager - CORRECT ANSWER- mediates program reaching outside sandbox
-decides if request should be allowed
-throws exception if denied
-Different programs need differentlevels of privilege


security manager trust model - CORRECT ANSWER- JDK 1.0.2
-Untrusted = any applet
-Trusted = application


JDK 1.1

,-Untrusted = unsigned applet
-Trusted = signed applet or application


JDK 1.2 and beyond
-Many shades of gray


security manager untrusted code - CORRECT ANSWER- can
-Access CPU and memory to build its objects and execute
-Connect to the web server from which the applet was downloaded


cant
-Operations on clientʼs file system (read, write, delete, ...)
-Connect to destinations other than its origin
-Make critical system calls, such as System.exit()
-Create a classloader or security manager
-Other dangerous actions


Classloader and bytecode verifier - CORRECT ANSWER- ensure that programsdonʼt
Corrupt each other or Corrupt the security manage


Corrupt - CORRECT ANSWER- interact with in ways not allowed by the API


java classes - CORRECT ANSWER- -a collection of data fields and functions (methods) that
operate on those fields
-Instances of classes are objects


type safety - CORRECT ANSWER- -Memory cannot be accessed directly
-only objects for which the program has a reference can be accessed
-program can perform an operation on an object only if that operation is valid for that object

, Type safety provides memory protection between - CORRECT ANSWER- -java programs in
a VM
-java programs and VM itself


simple stack inspection - CORRECT ANSWER- -only principals are system and untrusted
-privilege available is "full"
-Every stack frame is labeled with principal and a privilege tag
-A system class can set the tag while untrusted code cannot
-Whenever a frame completes its work, the tag disappears
-Algorithm searches frames from newest to oldest
-If a frame with "full" tag is first found, then access is permitted
-If an untrusted frame, access is denied


stack inspection operations - CORRECT ANSWER- enablePrivilege(P)
-gives permission


revertPrivilege(P)
-Removes annotation from stack frame


diablePrivilege(P)
-hide the earlier enabled privilege


checkPrivilege(P)
-check if a frame has proper privilege to make a specific system call


java 2 security policy - CORRECT ANSWER- two identity-defining characteristics
-Origin (where the code comes from)
-Signature (who vouches for it)


policy
-mapping from identity to permissions

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller MGRADES. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $9.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

82871 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$9.99
  • (0)
  Add to cart