Lecture 7: April 14, 2021

Reading: text, §24.5, 27.1–27.2
Due: Homework 2, due April 21, 2021; Lab 1, due April 19, 2021


  1. The models and levels of abstraction

  2. Some common vulnerabilities
    1. Catalogues: CVE (Common Vulnerabilities and Exposures), CWE (Common Weakness Enumeration)
    2. 2011 MITRE/SANS Top 25 Most Dangerous Software Errors
    3. OWASP Top 10 – 2017 The Ten Most Critical Web Application Security Risks

  3. Attacks

  4. Representing attacks
    1. Attack trees
    2. Requires/provides model
    3. Attack graphs


UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 135, Computer Security
Version of April 14, 2021 at 12:25AM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh