- It would be less secure because a compromise by a malicious client in one thread could (more easily) access data used by another client's thread, since they share the same address space
- Integer overflow
- Buffer overflow
- It is an example of defense in depth
- It is an example of trusting with reluctance because promoting privacy means sharing private information with as few software components as possible, meaning that fewer need to be trusted to protect the information
- The plug-ins are implemented as separate OS processes; these processes communicate to/from the main process to handle queries/updates for the data formats they support
- Allow the user to use a slider to choose the number of bits, setting slider initially to point at 2048 bits. As the user moves the slider to larger or smaller values, visualize the difference in relative protective power, e.g., using a meter.
- Recovery: You could argue that isolating a tab makes it easier to recover from a breach: You can easily kill the tab's process with less effect on the rest of the system (Mitigation is also a correct answer)
9. When talking about computer security, what do we mean by the term, principal?
- An actor, or role, that is the subject of a security policy: Principals can be people, computer programs, or some other entity acting in a particular role, like manager or client
- Using encryption: Snooping users can view the network message traffic of others interacting with a site, so encrypting that traffic limits the negative effects of snooping
12. Suppose you design software for a bank and the bank's customers may remotely log into its site using commodity PCs. These PCs might have malware on them, which could log keystrokes or read files stored on the machine. Which threat model (using terms defined in the lectures) makes the most sense for you to consider, when designing the bank's site?
- Co-located user
- So that you avoid an incoherent defense
- So you can defend against the most likely/costly/important attacks
- So you can explicitly list and challenge assumptions that underlie your design
- A scenario that illustrates a potential failure in security under relevant circumstances