Midterm Study Guide
This is simply a guide of topics that I consider important for the midterm. I don’t promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these, as well as anything we discussed in class, in the discussion section, or that is in the readings (including the papers).
- Fundamentals
- What is security?
- Basics of risk analysis
- Relationship of security policy to security
- Policy vs. mechanism
- Assurance and security
- Saltzer’s and Schroeder’s principles of secure design
- Robust programming
- Access control matrix
- Matrix
- Primitive operations
- Commands
- Harrison-Ruzzo-Ullman result (undecidability of safety)
- Policies
- Mandatory access control (MAC)
- Discretionary access control (DAC)
- Originator-controlled access control (ORCON)
- Role-based access control (RBAC)
- Policy languages
- Confidentiality Models
- Bell-LaPadula Model
- Lattices and the BLP Model
- Tranquility
- Integrity Models
- Biba Model
- Clark-Wilson model
- Cryptography
- Types of attacks: ciphertext only, known plaintext, chosen plaintext
- Classical ciphers, Cæsar cipher, Vigenère cipher, one-time pad, AES
- Public key cryptosystems; RSA
- Confidentiality and authentication with secret key and public key systems
- Cryptographic hash functions
- Digital signatures
- Key Distribution Protocols
- Kerberos and Needham-Schroeder
- Certificates and public key infrastructure
- Key generation
- Network protocols
- Link encryption, end-to-end encryption
- PGP, PEM: privacy enhancing e-mail
- Intrusion detection
- Architecture of an IDS
- Anomaly-based, signature-based, specification-based IDSes
- Host-based, network-based, distributed IDSes