Study Guide for Midterm
This is simply a guide of topics that I consider fair game for the
mdterm. I don't promise to ask you about them all, or about any of these in
particular; but I may very well ask you about any of these.
- Ethics and Law
- Exporting cryptographic programs, enciphered messages
- Ethical and legal problems of break-ins
- License to hack
- Robust Programming
- Cryptography
- Types of attacks: ciphertext only, known plaintext, chosen plaintextt
- Types of ciphers: substitution, transposition, product (both substitution
and transposition)
- Goal of ciphers; what makes a cipher theoretically unbreakable
- Caesar cipher, Vigenere cipher, one-time pad
- What the DES is, characteristics
- Public key cryptosystems
- RSA
- Confidentiality and authentication with secret key and public key systems
- User and System Authentication
- One-way hash functions (cryptographic hash functions)
- UNIX password scheme, what the salt is and its role
- Challenge-response schemes
- Attacking authentication systems: guessing passwords, spoofing system,
countermeasures
- UNIX identities
- Real UID, effective UID, saved UID, audit/login UID
- Primary and secondary group identities, real and effective GIDs
- Roles and the difference between them and a user identity
- Access Control
- Fence registers, base and bounds registers, tagged architectures
- Multiple levels of privilege
- UNIX protection scheme
- ACLs, capabilities, lock-and-key
- MULTICS ring protection scheme
- MAC, multilevel (military) security
- ORCON, originator-controlled security
- Differences between MAC, DAC, ORCON
- Bell-LaPadula model
- Integrity and Trust
- Relevance of trust
- Trusted Computing Base
- Thompson's compiler modification
You can also see this document
in its native format,
in Postscript,
in PDF,
or
in ASCII text.
Send email to
cs153@csif.cs.ucdavis.edu.
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 2/13/98