Study Guide for Final

This is simply a guide of topics that I consider fair game for the final. I don't promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these.

  1. Anything from the Study Guide for Midterm
  2. Identity
    1. UNIX real, effective, saved, audit UIDs
    2. Host names and addresses
    3. Cookies and state
    4. Anonymous remailers
  3. Access Control
    1. Multiple levels of privilege
    2. UNIX protection scheme
    3. MULTICS ring protection scheme
    4. ACLs, capabilities, lock-and-key
  4. Information flow
    1. Definition
    2. Compiler-time analysis
    3. Execution-time analysis
  5. Assurance
    1. Role of evidence in assurance
    2. Importance of requirements and specification
    3. Assurance and the software life cycle
  6. Computerized Vermin
    1. Trojan horse, computer virus
    2. Computer worm
    3. Bacteria, logic bomb
    4. Defenses
  7. Penetration Studies
    1. Flaw Hypothesis Methodology
    2. Using vulnerabilities models
  8. Vulnerabilities Models
    1. RISOS
    2. PA
    3. Aslam

Here is a PDF version of this document.