If the program writes the object to a file and then reads it back in the
attacker can inspect the serialized object and change things before it is
read back.
+5a.
+ A class that is not privileged to execute a certain operation can contain
+ an object of a class that does have a permission that is denied in the
+ him. When calling this subroutine on the object it can do stuff it was not
+ permitted to do and therefore violate the permission rule. When walking the
+ entire stack it can see that the caller of the function does not have said
+ permission and therefore deny it.
+5b.
+ try0 will fail because class U does not have permission for P.
+ try1 will fail because class I does not have permission, class T does but
+ class I is also in the stack walk and permission has not been
+ explicitly granted.
+ try2 will succeed because class U does not have permission but class T
+ grants this permission by calling enablePrivilege(P).
+ try4 will succeed in the first call to m2 but later it will fail on m1
+ because when going back up the callstack the permissions are not kept.
+6a.
+ e:t s1:ok t s2:ok t
+ -------------------
+ if e then s1 else s2:ok t
+
+6b.
+ Implicit information flow can reveal information about a H compenent when
+ it is in the conditional part of the if statement. For example the
+ statement: "if (hi > 0) then lo1 else lo2". This doesn't seem illogical
+ since lo1 and l2 are supposed to be both safe. However, execution time
+ analysis may reveal whether hi is bigger than zero which may not happen
+ since high is confidential.
+ This is taken care of in the rule by also needing e to be safe for type t.
+7a.
+ It means that there is no information leaking. For example when we have the
+ statement "if (h > 0) then l=print(l) else print()" this leaks information
+. about h.
+7b.
+ When an exception is thrown this can inform the hacker about information in
+ h.
+8.
+
+9.
+ We can do generational fuzzing. We know that the format and the fact that
+ it is ordered so to test the protocol we can send messages in the wrong
+ order, in the wrong format or even both.
+
+ Moreover some dumb fuzzing can be done by sending a bunch of nonsense, or
+ sending it extremely slow.
+10.
+ Almost all buffer overflows become malicious because the user can influence
+ with which data the buffer overflows. When a language
+11.
+ In the functions add, remove and containts the value of i must be bigger or
+ equal than 0 and smaller than 10. This can be done with an
+ "requires i >= 0" and a "requires i<10"
+
+12.
+ The execution time of i and ii will be the same because the PPC code will
+ not insert runtime checks. It will just statically analyse whether the code
+ is safe and then leave it be. Binary iii will be slower because memory-safe
+ languages like Java and C# often introduce runtime checks for things like
+ array bounds checking.
repositories / ss1617.git / commitdiff