Midterm Study Guide

This is simply a guide of topics that I consider important for the midterm. I don't promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these, as well as anything we discussed in class or that is in the reading.

  1. Fundamentals
    1. What is security?
    2. Basics of risk analysis
    3. Relationship of security policy to security
    4. Policy vs. mechanism
    5. Assurance and security
  2. Saltzer's and Schroeder's Principles of Secure Design
  3. Robust Programming
  4. Penetration Studies
    1. Flaw Hypothesis Methodology
    2. Using vulnerabilities models
  5. Vulnerabilities Models
    1. RISOS
    2. PA
    3. NRL
    4. Aslam
  6. Access Control Matrix
    1. Matrix
    2. Primitive Operations
    3. Commands
  7. Policies
    1. Mandatory Access Control (MAC)
    2. Discretionary Access Control (DAC)
    3. Originator-Controlled Access Control (ORCON)
    4. Role-Based Access Control (RBAC)
  8. Confidentiality Models
    1. Bell-LaPadula Model
    2. Lattices and the BLP Model
  9. Integrity Models
    1. Biba Model
    2. Clark-Wilson Model
You can also obtain a PDF version of this. Version of November 5, 2006 at 6:33 PM