Midterm Study Guide

This is simply a guide of topics that I consider important for the midterm. I don’t promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these, as well as anything we discussed in class, in the discussion section, or that is in the readings (including the papers).

  1. Fundamentals
    1. What is security?
    2. Basics of risk analysis
    3. Relationship of security policy to security
    4. Policy vs. mechanism
    5. Assurance and security
  2. Saltzer’s and Schroeder’s principles of secure design
  3. Robust programming
  4. Elections and Electronic Voting
  5. Policies
    1. Mandatory access control (MAC)
    2. Discretionary access control (DAC)
    3. Originator-controlled access control (ORCON)
    4. Role-based access control (RBAC)
    5. Policy languages
  6. Confidentiality Models
    1. Bell-LaPadula Model
    2. Lattices and the BLP Model
    3. Tranquility
  7. Integrity Models
    1. Biba Model
    2. Clark-Wilson model
  8. Cryptography
    1. Types of attacks: ciphertext only, known plaintext, chosen plaintext
    2. Classical ciphers, Cæsar cipher, Vigenère cipher, one-time pad, AES
    3. Public key cryptosystems; RSA
    4. Confidentiality and authentication with secret key and public key systems
    5. Cryptographic hash functions
    6. Digital signatures
  9. Key Distribution Protocols
    1. Kerberos and Needham-Schroeder
    2. Certificates and public key infrastructure
    3. Key generation
  10. Networks and Ciphers
    1. Session, interchange keys
    2. Link vs. end-to-end encryption
    3. TLS protocol
    UC Davis sigil
    Matt Bishop
    Office: 2209 Watershed Sciences
    Phone: +1 (530) 752-8060
    Email: mabishop@ucdavis.edu
    		ECS 153, Computer Security
    Version of October 27, 2019 at 9:42PM

    		 You can also obtain a PDF version of this.

    Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh