This is an example of the sort of questions I will ask. The actual midterm will be longer, of course, and may well have questions about the readings as well as the lectures.
Please define the following terms in one or two sentences.
assurance
firewall
availability
cypherpunk remailer
Please label the following as a “policy” or a “mechanism”. Justify your answers.
Only students may use the system.
A program that checks that the user enters the correct password.
Systems can be connected to the Internet on alternate Thursdays only.
A firewall that prevents access to the system from non-University systems.
Please circle the best answer, and justify it.
Which of the following is a good password or pass-phrase?
Mary
bananna
Clas$-1s+Boring
kglem23+fy
cat glasses fishbowl jabba
Which of the following is not an authentication mechanism?
biometrics
location
password
public key (the key, not the cryptosystems)
Which of the following best describes a computer worm?
A program that copies itself into other programs
A program that copies itself to other computer systems
A program that copies keystrokes and sends them to another system over the network
A program that accepts commands from a remote server and sends spam to a list of emails
Which of the following defines the principle of open design?
No part of the design or implementation of a system should be kept secret.
At least two publicly disclosed conditions should be met before access is granted.
Security should never depend on secrecy of design or implementation.
The simpler the design, the greater the security.
What is a digital signature? Please give an example of a situation in which it would be necessary.
Why is a precise statement of security requirements critical to determining whether a given system is secure?
Microsoft has stated that some of its Windows operating systems have on the order of 33.5 million lines of code. What are the security implications of this? Please be explicit.