Study Guide for Final

This is simply a guide of topics that I consider fair game for the final. I don't promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these.

  1. Anything from the Study Guide for Midterm
  2. Key Distribution Protocols
    1. Kerberos and Needham-Schroeder
    2. Certificates and public key infrastructure
  3. Passwords (selection, storage, attacks, aging)
    1. One-way hash functions (cryptographic hash functions)
    2. UNIX password scheme, what the salt is and its role
    3. Password selection, aging
    4. Challenge-response schemes
    5. Attacking authentication systems: guessing passwords, spoofing system, countermeasures
  4. Access Control
    1. Access control matrix
    2. Multiple levels of privilege
    3. UNIX protection scheme
    4. MULTICS ring protection scheme
    5. ACLs, capabilities, lock-and-key
  5. Assurance
  6. Computerized Vermin
    1. Trojan horse, computer virus
    2. Computer worm
    3. Bacteria, logic bomb
    4. Countermeasures
  7. Penetration Studies
    1. Flaw Hypothesis Methodology
    2. Using vulnerabilities models
  8. Vulnerabilities Models
    1. RISOS
    2. PA
    3. Aslam
  9. Vulnerabilities
    1. Unknown interaction with other system components
    2. Overflow
    3. Race conditions
    4. Environment variables
    5. Not resetting privileges


Here is a PDF version of this document.