Study Guide for Midterm

This is simply a guide of topics that I consider fair game for the midterm. I don't promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these.

  1. Fundamentals
    1. Basics of risk analysis
    2. Saltzer and Schroeder's design principles
    3. Relationship of security policy to security
  2. Ethics and Law
    1. Exporting cryptographic programs, enciphered messages
    2. Ethical and legal problems of break-ins
    3. License to hack
  3. Robust Programming
  4. Security in Programming
    1. Unknown interaction with other system components
    2. Overflow (both numeric and buffer)
    3. Race conditions (TOCTTOU flaw)
    4. Environment (shell variables, UIDs, file descriptors, etc.)
    5. Not resetting privileges
  5. Vulnerabilities Models
    1. RISOS
    2. PA
    3. Uses
  6. Penetration Studies
    1. Relationship to formal verification and testing
    2. Flaw Hypothesis Methodology
    3. Using vulnerabilities models
  7. Cryptography
    1. Types of attacks: ciphertext only, known plaintext, chosen plaintext
    2. Types of ciphers: substitution, transposition, product (both substitution and transposition)
    3. Goal of ciphers; what makes a cipher theoretically unbreakable
    4. Caesar cipher, Vigenère cipher, one-time pad
    5. What the DES is, characteristics
    6. Public key cryptosystems
    7. RSA
    8. Confidentiality and authentication with secret key and public key systems
  8. Cryptographic checksums, digital signatures
    1. What they do
    2. What makes a good checksum
    3. What makes a good digital signature; RSA
  9. Key Infrastructure
    1. Certificates and what they do
    2. Distribution of public keys
    3. Distribution of secret (classical) keys
    4. Key revocation
    5. Key escrow
  10. Key Infrastructure
    1. Certificates and what they do
    2. Distribution of public keys; web of trust vs. hierarchy
  11. Cipher Techniques
    1. Stream ciphers
    2. Block ciphers

Matt Bishop
Office: 3059 Engineering Unit II Phone: +1 (530) 752-8060
Fax: +1 (530) 752-4767
Email: [email protected]
Copyright Matt Bishop, 2000. All federal and state copyrights reserved for all original material presented in this course through any medium, including lecture or print.

Page last modified on 11/2/2000