Final Study Guide

This is simply a guide of topics that I consider important for the final. I don’t promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these, as well as anything we discussed in class, in the discussion section, or that is in the textbook or readings.

Anything from before the midterm
Integrity models
1. Biba’s model
2. Clark-Wilson model
3. Trust models
Hybrid models
1. Chinese wall (Brewer-Nash) model
2. Originator-controlled access control (ORCON)
3. Rile-based access control (RBAC)
Cryptography
1. Types of attacks: ciphertext only, known plaintext, chosen plaintext
2. Symmetric ciphers, Cæsar cipher, Vigenère cipher, one-time pad, AES
3. Public key cryptosystems; RSA
4. Confidentiality and authentication with secret key and public key systems
5. Cryptographic hash functions
6. Digital signatures
Key Distribution Protocols
1. Kerberos and Needham-Schroeder
2. Certificates and public key infrastructure
3. Key generation
Network Security
1. Link encryption, end-to-end encryption
2. Firewalls
3. DMZs
4. TLS, SSL
Authentication
1. Passwords (selection, storage, attacks, aging)
2. One-way hash functions (cryptographic hash functions)
3. UNIX password scheme, what the salt is and its role
4. Password selection, aging
5. Challenge-response schemes
6. Biometrics and other validation techniques
Access Control
1. ACLs, C-Lists, lock-and-key
2. UNIX protection scheme
3. Multiple levels of privilege
4. Lock and key
5. MULTICS ring protection scheme
Malware
1. Trojan horse, replicating Trojan horse
2. Computer virus
3. Computer worm
4. Bacteria, logic bomb
5. Keystroke logger
6. Ransomware
7. Botnets
8. Countermeasures
Intrusion detection

Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu

ECS 153, Computer Security
Version of May 23, 2021 at 9:52PM

You can also obtain a PDF version of this.