Final Study Guide

This is simply a guide of topics that I consider important for the final. I don’t promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these, as well as anything we discussed in class, in the discussion section, or that is in the textbook or readings.

  1. Anything from before the midterm

  2. Authentication
    1. Passwords (selection, storage, attacks, aging)
    2. One-way hash functions (cryptographic hash functions)
    3. UNIX password scheme, what the salt is and its role
    4. Password selection, aging
    5. Challenge-response schemes
    6. Biometrics and other validation techniques

  3. Access Control
    1. Access control lists
    2. UNIX protection scheme
    3. Multiple levels of privilege
    4. Capabilities
    5. Lock and key
    6. MULTICS ring protection scheme

  4. Malware
    1. Trojan horse, replicating Trojan horse
    2. Computer virus
    3. Computer worm
    4. Bacteria, logic bomb
    5. Keystroke logger
    6. Ransomware
    7. Botnets
    8. Countermeasures

  5. Penetration studies
    1. Layering of tests
    2. Flaw hypothesis methodology

  6. Vulnerabilities models
    1. Buffer overflows
    2. Race conditions
    3. RISOS model
    4. PA model
    5. NRL model
    6. Aslam’s model
    7. CVE, CWE, CWE Top 25

  7. Robust programming
UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153A, Computer & Information Security & Privacy I
Version of May 29, 2026 at 6:24AM

 You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh