Exam Review
Back to se464
Dependency injection
- Adheres to principles of programming to interfaces and not implementations.
Cloud computing
Characteristics
- On-demand service
- Broad network access
- Resource pooling
- Rapid elasticity (easily add/remove resources)
- Measured service (Metered storage, processing, bandwidth, etc)
Benefits
- Agility
- Scalability
- Cost
- Reliability
- Security
Technologies enabling this
- Virtualization
- Emulation (e.g. QEMO), simulates partial hardware
- Paravirtualization (e.g. Xen), software interface to VM
- Full (e.g. VMWare), complete simulation of hardware
- Network (e.g. VPNs), abstract and virtualize networks
- APIs
What people look for in cloud security
- Confidentiality
- Integrity
- Authenticity
- Anonymity
- Privacy
Static Analysis
Optional type checking (annotations in Java)
- Adds type qualifiers into code (e.g.
@Immutable
, @Nullable
)
- Compiler checks additional properties, guaranteeing additional behaviours
- Uses: String typing (e.g. regex format), command injection vulnerabilities
Formalizations
- Stronger guarantees
- Less practical to implement
e.g. dealing with null
- Make variables non null by default, making the dangerous case explicit
- One null check might not be enough if a method's side effects change state, so we can introduce annotations like
@Pure
, @Deterministic
, @SideEffectFree
to know when we have to re-check
Typesystems need:
- Qualifier hierarchy
- Type introduction rules (make types for expressions)
- Type rules (define checker specific errors)
- Flow refinement (better types than the programmer wrote)