Study Guide for Final

This is simply a guide of topics that I consider fair game for the final. I don't promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these.


  1. Anything from the Study Guide for Midterm
  2. Cryptography
    1. Types of attacks: ciphertext only, known plaintext, chosen plaintext
    2. Caesar cipher, Vigenère cipher, one-time pad, DES
    3. Public key cryptosystems; RSA
    4. Confidentiality and authentication with secret key and public key systems
  3. Key Distribution Protocols
    1. Kerberos and Needham-Schroeder
    2. Certificates and public keyinfrastructure
  4. Passwords (selection, storage, attacks, aging)
    1. One-way hash functions (cryptographic hash functions)
    2. UNIX password scheme, what the salt is and its role
    3. Password selection, aging
    4. Challenge-response schemes
    5. Attacking authentication systems: guessing passwords, spoofing system, countermeasures
  5. Identity
    1. UNIX real, effective, saved, audit UIDs
    2. Host names and addresses
    3. Cookies and state
    4. Anonymous remailers
  6. Saltzer and Schroeder's Principles of Secure Design
    1. Least Privilege
    2. Fail-Safe Defaults
    3. Economy of Mechanism
    4. Complete Mediation
    5. Open Design
    6. Separation of Privilege
    7. Least Common Mechanism
    8. Psychological Acceptability
  7. Access Control
    1. Multiple levels of privilege
    2. UNIX protection scheme
    3. MULTICS ring protection scheme
    4. ACLs, capabilities, lock-and-key
  8. Computerized Vermin
    1. Trojan horse, computer virus
    2. Computer worm
    3. Bacteria, logic bomb

ECS 153, Introduction to Computer Security
Winter Quarter 2002