Study Guide for Midterm
This is simply a guide of topics that I consider fair game for the
midterm. I don't promise to ask you about them all, or about any of
these in particular; but I may very well ask you about any of
these.
- Fundamentals
- Basics of risk analysis
- Saltzer and Schroeder's design principles
- Relationship of security policy to security
- Ethics and Law
- Exporting cryptographic programs, enciphered messages
- Ethical and legal problems of break-ins
- License to hack
- Robust Programming
- Security in Programming
- Unknown interaction with other system components
- Overflow (both numeric and buffer)
- Race conditions (TOCTTOU flaw)
- Environment (shell variables, UIDs, file descriptors, etc.)
- Not resetting privileges
Vulnerabilities Models
- RISOS
- PA
- Uses
- Penetration Studies
- Relationship to formal verification and testing
- Flaw Hypothesis Methodology
- Using vulnerabilities models
- Intrusion Detection Systems
- Anomaly detection
- Misuse detection
- Specification detection
- Cryptography
- Types of attacks: ciphertext only, known plaintext, chosen plaintextt
- Types of ciphers: substitution, transposition, product
(both substitution and transposition)
- Goal of ciphers; what makes a cipher theoretically unbreakable
- Caesar cipher, Vigenère cipher, one-time pad
- What the DES is, characteristics
- Public key cryptosystems
- RSA
- Confidentiality and authentication with secret key and public key systems
You can also see this document
in its native format,
in Postscript,
in PDF,
or
in ASCII text.
Send email to
[email protected].
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 11/5/98