PLP Final Flashcards
What does dynamic linking mean?
Dynamic linking means that there is no link phase at compile time. Classes that refer to each other are resolved at runtime
What are the 5 features of java?
Object-oriented
Multi-threaded
Strongly typed
Exception handling
Garbage handling(objects no longer in use are automatically removed)
What is a native method?
A java method whose implementation is also written in another programming language
What is the primordial class loader?
Loads trusted classes(systems classes which are on the boot class path) into the JVM
What are native methods needed for?
Methods needed to access some of the underlying OS functions. Once loaded, they are stored in the native method area
What is the execution engine
A virtual processor that executes bytecode. Performs memory management
What is the JIT - Just in time compiler
Translates bytecode into native code as needed. This happens after the class has been loaded and verified. Has performance overhead
What is the sandbox?
The java security model in which java programs can run safely without risk to the system or other users. Restricted what downloaded code could do.
What did the JDK 1.0 sandbox allow
Trusted code could run without any restrictions. Untrusted code could not access files, and only socket connections to the applets origin server were allowed
What verifies a signed applet
Certificate authority servers
What is a policy file?
A configuration file used by the JRE to determine permissions for each program
What is fine grained access control?
Allows every code access to system resources based on the definition in the policy file
What are the three pillars of java security?
- The security manager - Ensures permissions in policy file are not overridden
- Class loaders - Establish the protection domain/set of permissions for a loaded class
- The bytecode verifier - Checks code to ensure that rules arent violated, stack isnt overflowed, no illegal operations, etc.
What do cookies add to the http protocol?
State
Where does a XSS attack run?
An xss attack runs in client-side code that is executed by a browser
What tags does an XSS attack most commonly run in?
Script or Body
What is a reflected XSS attack?
An XSS attack in which the malicious script comes from the current HTTP request. Malicious JS is sent as part of the victims request
What is a stored XSS attack
An XSS attack in which the malicious script comes from the websites database. When an application receives data from an untrusted source but still includes that data in later HTTP responses
What is a DOM-based XSS attack?
An XSS attack where the vulnerability exists in client-side and not server-side code
What is same origin policy?
A policy used by a browser to separate mutually untrusted scripts. Created from domain name + protocol + port
How to prevent XSS?
Secure input handling - Either encoding or validation.
What are encoding and validation?
Encoding escapes user input so the browser interprets it only as data, not code.
Validation filters user input so that any malicious parts are removed
What is functional programming?
Functional programming is programming that teats computation as the evaluation of mathematical functions
Write a function to check if 1 + 1 = 2 in racket
(=2 (+ 1 1))
Equal vs eqv vs eq
Equal works with the most comparisons(like lists), then eqv, then eq.
What is read-line vs read?
Read line reads strings. Read can take an input value of any type
How are expressions represented in Racket
Expressions are represented as lists
What is the first element of every list in racket?
A function. A ‘ mark leading the expressions will tell racket to not treat the leading element as a function
What does flatten do in racket
Flatten will compact nested lists into one list
What does map do in racket?
Map applies a function to every element in a list and returns a new list with the new values
What does filter do in racket?
Filter will create a new list based on a predicate function(such as filter even? number)
What does foldl do in racket?
(define numbers ‘(1 2 3 4))
Foldl will apply a binary function to the elements of a list cumulatively. Define product(foldl *1 numbers) = 24
What does cons to in racket?
Takes an element and a list and adds the element to the front of the list
What does car do in racket
Car retrieves the first element of a list
What does cdr do in racket?
cdr retrieves every element except the first from a list
What is DEP?
Data execution prevention marks areas of the stack of non-executable, enforced by the NX hardware bit
How is DEP circumvented?
DEP is circumvented by using pieces of already existing code to create a sequence of operations to be carried out
What does stackguard do?
Stackguard places a canary word before each return address in each stack frame
What is a type safe language?
A language that automatically performs array bound checking, such as java
What is code randomization in the context of preventing buffer overflows?
Encrypting code and decrypting it before it is run
What does control flow integrity do?
It prevents a wide variety of malware attacks from redirecting the flow of execution.
It enforces the integrity of a programs execution flow path.
What are the steps of a CFI?
- Build a CFG at compile time
- Rewrite the binary with IDs and ID checks at install time
- Perform ID checks at run time
What is the In-line reference monitor
A rewriting of the program by inserting instructions to check if Control Flow Integrity is maintained
What is simplest labeling in CFI?
Simplest labeling uses the same label for every function. This prevents calls to functions outside of scope, however a function can return to an unintended function in the scope
