Study Guide for Midterm

This is simply a guide of topics that I consider fair game for the midterm. I don't promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these.

1. Fundamentals
   1. What is security?
   2. Basics of risk analysis
   3. Relationship of security policy to security
   4. Policy vs. mechanism
   5. Assurance and security
2. Saltzer's and Schroeder's Principles of Secure Design
3. Robust Programming
4. Policies
   1. Mandatory Access Control (MAC)
   2. Discretionary Access Control (DAC)
   3. Originator-Controlled Access Control (ORCON)
   4. Policy languages
5. Confidentiality Models
   1. Bell-LaPadula Model
   2. Lattices and the BLP Model
6. Integrity models
   1. Biba
   2. Clark-Wilson
   1. Cryptography
   2. Types of attacks: ciphertext only, known plaintext, chosen plaintext
   3. Classical cryptosystems: Caesar cipher, Vigenère cipher, one-time pad, DES
   4. Public key cryptosystems; RSA
   5. Confidentiality and authentication with secret key and public key systems
   6. One-way hash functions (cryptographic hash functions)
7. Key Distribution Protocols
   1. Kerberos and Needham-Schroeder
   2. Certificates and public key infrastructure
8. Cryptography and Networks
   1. Forward searches, misordered blocks, repetitions
   2. End-to-end and link encryption
   3. Where to put the encryption
   4. Secure electronic mail
9. Passwords (selection, storage, attacks, aging)
   1. UNIX password scheme, what the salt is and its role
   2. Password selection, aging
   3. Challenge-response schemes
   4. e. Attacking authentication systems: guessing passwords, spoofing system, countermeasures