Study Guide for Final

This is simply a guide of topics that I consider fair game for the final. I don't promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these.

  1. Access Control Mechanisms
    1. Access control matrix
    2. Access control lists
    3. Capabilities and capability lists
    4. Multics ring-based mechanisms
  2. Firewalls
    1. What they are
    2. Proxy (application layer) vs. filtering (network layer)
    3. Filtering and redirection
    4. How they are used
  3. Applications
    1. Electronic voting
    2. Electronic recordation of real estate
  4. Malicious logic
    1. Trojan horses, computer viruses, computer worms, bacteria (rabbits), logic bombs
    2. Different types of viruses: boot sector infectors, executable infectors, multipartite, TSR, stealth, encrypted, polymorphic, and macro
    3. Theory: can't write a program to detect all computer viruses without error
    4. Practice: type checking, sandboxing, limiting sharing, integrity checking, etc.
  5. Safety on the web
    1. WWW: applets, images, filtering content, CGI and server-side problems, redirection, naming
    2. Email: attachments, spam, anti-spam technologies, phishing
  6. Assurance
    1. Trust, assurance, requirements, and the software life cycle
    2. Evaluation of assurance: Orange Book, Common Criteria, and best practices
  7. Intrusion Detection
    1. Anomaly detection
    2. Misuse detection
    3. Specification detection
    4. Host-based vs. network-based IDS
  8. Any of the handouts
  9. Anything on the Study Guide for Midterm

Here is a PDF version of this document.