Study Guide for Midterm
This is simply a guide of topics that I consider fair game for the
mdterm. I don't promise to ask you about them all, or about any of
these in particular; but I may very well ask you about any of these.
- Fundamentals
- Basics of risk analysis
- Saltzer and Schroeder's design principles
- Relationship of security policy to security
- Ethics and Law
- Exporting cryptographic programs, enciphered messages
- Ethical and legal problems of break-ins
- License to hack
- Robust Programming
- Security in Programming
- Unknown interaction with other system components
- Overflow (both numeric and buffer)
- Race conditions (TOCTTOU flaw)
- Environment (shell variables, UIDs, file descriptors, etc.)
- Not resetting privileges
- Vulnerabilities Models
- RISOS
- PA
- Uses
- Penetration Studies
- Relationship to formal verification and testing
- Flaw Hypothesis Methodology
- Using vulnerabilities models
- Intrusion Detection Systems
- Anomaly detection
- Misuse detection
- Specification detection
- Cryptography
- Types of attacks: ciphertext only, known plaintext, chosen plaintextt
- Types of ciphers: substitution, transposition,
product (both substitution and transposition)
- Goal of ciphers; what makes a cipher theoretically unbreakable
- Caesar cipher, Vigenère cipher, one-time pad
- What the DES is, characteristics
- Public key cryptosystems
- RSA
- Confidentiality and authentication with secret key and public key systems
Send email to
cs153@csif.cs.ucdavis.edu.
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 11/2/99