Study Guide for Final
This is simply a guide of topics that I consider fair game for the
final. I don't promise to ask you about them all, or about any of
these in particular; but I may very well ask you about any of
these.
- Fundamentals
- Saltzer and Schroeder's principles of secure design
- The Harrison-Ruzzo-Ullman result
- Relationship of security policy to security
- Cryptography
- Types of attacks: ciphertext only, known plaintext,
chosen plaintext, chosen ciphertext
- Types of ciphers: substitution, transposition, product (both
substitution and transposition)
- Goal of ciphers; what makes a cipher theoretically unbreakable
- Caesar cipher, Vigenere cipher, one-time pad
- What the DES is, characteristics
- Public key cryptosystems
- RSA
- Confidentiality and authentication with secret key and
public key systems
- User and System Authentication
- One-way hash functions (cryptographic hash functions)
- UNIX password scheme, what the salt is and its role
- Challenge-response schemes
- Attacking authentication systems: guessing passwords, spoofing
system, countermeasures
- Access Control
- Multiple levels of privilege
- UNIX protection scheme
- ACLs, capabilities, lock-and-key
- MULTICS ring protection scheme
- MAC, multilevel (military) security model
- Differences between MAC, DAC, ORCON
- Bell-LaPadula model
- Integrity Models
- Biba's model
- Clark-Wilson model
- Chinese Wall model
- File signature generation (integrity checksumming, etc.) and checking
- Safe practises ("safe hex")
-
Computerized Vermin
- Trojan horse
- Computer virus
- Computer Worm
- Bacteria
- Logic Bomb
- Network Security
- Internet Security Architecture model
- Public key management, including certificates, the binding of a
name to a principal (user), and certificate management schemes
- Digital signatures (what it is)
- Security in Programming
- Unknown interaction with other system components
- Overflow (both numeric and buffer)
- Race conditions (TOCTTOU flaw)
- Environment (shell variables, UIDs, file descriptors, etc.)
- Not resetting privileges
You can also see this document as a
Binhex Framemaker version 5 document,
Postscript document,
or a
plain ASCII text document.
Send email to
[email protected].
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 3/17/97