Study Guide for Final

This is simply a guide of topics that I consider fair game for the final. I don't promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these.

  1. Anything from the Study Guide for Midterm
  2. Passwords (selection, storage, attacks, aging)
    1. One-way hash functions (cryptographic hash functions)
    2. UNIX password scheme, what the salt is and its role
    3. Password selection, aging
    4. Challenge-response schemes
    5. Attacking authentication systems: guessing passwords, spoofing system, countermeasures
  3. Privileges
    1. UNIX real, effective, saved, audit UIDs
    2. Setuid, setgid
    3. Roles
  4. Memory Management
    1. Tagged architectures
    2. Segmentation
    3. Paging
    4. Access Control
      1. Multiple levels of privilege
      2. UNIX protection scheme
      3. MULTICS ring protection scheme
      4. ACLs, capabilities, lock-and-key
      5. Mandatory Access Control (MAC), Bell-LaPadula model; lattices
      6. Discretionary Access Control (DAC)
      7. Originator Controlled Access Control (ORCON)
    5. Integrity Models
      1. Biba's model
      2. Clark-Wilson model
      3. File signature generation (integrity checksumming, etc.) and checking
      4. Safe practises ("safe hex")
      5. Type checking
    6. Computerized Vermin
      1. Trojan horse, computer virus
      2. Computer worm
      3. Bacteria, logic bomb
    7. Trust
    8. Network Security
      1. ISO Model and security services
      2. Kerberos
      3. Certificates and certificate management

    Send email to

    Department of Computer Science
    University of California at Davis
    Davis, CA 95616-8562

    Page last modified on 12/10/99