Lecture 7: April 14, 2021

Reading: text, §24.5, 27.1–27.2
Due: Homework 2, due April 21, 2021; Lab 1, due April 19, 2021

1. The models and levels of abstraction

2. Some common vulnerabilities
   1. Catalogues: CVE (Common Vulnerabilities and Exposures), CWE (Common Weakness Enumeration)
   2. 2011 MITRE/SANS Top 25 Most Dangerous Software Errors
   3. OWASP Top 10 – 2017 The Ten Most Critical Web Application Security Risks

3. Attacks

4. Representing attacks
   1. Attack trees
   2. Requires/provides model
   3. Attack graphs

Matt Bishop Office: 2209 Watershed Sciences Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu

ECS 135, Computer Security Version of April 14, 2021 at 12:25AM

You can also obtain a PDF version of this.