Study Guide for Midterm

This is simply a guide of topics that I consider fair game for the midterm. I don't promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these.

  1. Fundamentals
    1. What is security?
    2. Basics of risk analysis
    3. Relationship of security policy to security
    4. Policy vs. mechanism
    5. Assurance and security
  2. Bad Programming and Good Programming
  3. Cryptography
    1. Types of attacks: ciphertext only, known plaintext, chosen plaintext
    2. Caesar cipher, Vigenère cipher, one-time pad, DES
    3. Public key cryptosystems; RSA
    4. Confidentiality and authentication with secret key and public key systems
  4. Electronic mail
    1. Ordinary mail: security issues
    2. PEM: how it works, security issues
  5. Certificates
    1. PEM Hierarchy
    2. Web of trust
  6. Identity
    1. People and processes
    2. Computers
    3. Cookies and such
    4. Anonymity: remailers and proxy web browsers
  7. Authentication
    1. Passwords
    2. Challenge-response
    3. How UCD does authentication for MyUCDavis
  8. Any of the handouts

Here is a PDF version of this document.