1) Are computer-to-computer authentications subject to the weakness of replay? Why or why not?
2) the author argues for a continuous authentication activity. When would such an activity be warranted? How would you determine how often this activity would occur? Explain your answers.
3) Provide the underlying concept for how PGP and S/MIME provide protection. Explain your answer.
4) What countermeasures are available (if nay) against cross-site scripting. What is the effect of these countermeasures? Explain your answer.
5) Which would provide greater security: a monolithic kernel or a minimal kernel (with many functions operating in "user" mode vice "kernel" mode? Explain your answer.
6) A flaw in the protection system of many operating systems is argument passing. Often a common shared stack is used by all nested routines for arguments as well as for the remainder of the context of each calling process.
a) Explain what vulnerabilities this flaw presents.
b) Explain how the flaw can be controlled. The shared stack is still to be used for passing arguments and storing context.