Study Guide for Midterm

This is simply a guide of topics that I consider fair game for the midterm. I don't promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these.

  1. Fundamentals
    1. a. What is security?
    2. b. Basics of risk analysis
    3. c. Relationship of security policy to security
    4. d. Assurance and security
  2. Saltzer's and Schroeder's Principles of Secure Design
  3. Penetration Studies
    1. a. Flaw Hypothesis Methodology
    2. b. Using vulnerabilities models
  4. Vulnerabilities Models
    1. a. RISOS
    2. b. PA
    3. c. Aslam
  5. Security in Programming
    1. a. Unknown interaction with other system components
    2. b. Overflow (both numeric and buffer)
    3. c. Race conditions (TOCTTOU flaw)
    4. d. Environment (shell variables, UIDs, file descriptors, etc.)
    5. e. Not resetting privileges
  6. Robust Programming
  7. Policies
    1. a. Mandatory Access Control (MAC)
    2. b. Discretionary Access Control (DAC)
    3. c. Originator-Controlled Access Control (ORCON)
    4. d. Policy languages
  8. Confidentiality Models
    1. a. Bell-LaPadula Model
    2. b. Lattices and the BLP Model

Here is a PDF version of this document.