This is simply a guide of topics that I consider important for the midterm. I don’t promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these, as well as anything we discussed in class, in the discussion section, or that is in the readings (including the papers).
What is security?
Basics of risk analysis
Relationship of security policy to security
Policy vs. mechanism
Assurance and security
Saltzer’s and Schroeder’s principles of secure design
Injections (SQL, command)
Failure to check inputs
Execution with unnecessary privileges
Flaw hypothesis methodology
Access control matrix
Harrison-Ruzzo-Ullman result (undecidability of safety)