CS681 final (December 18, 2003) 2 hrs and 15 minutes

8 questions Read the slide!

2 cheat sheets

 

Question 1
----------------------------
Crypto

RSA (numerical), DES algorithm (block level), DES slide 22, 27 and 28 (understand it)

Private crypto (confusion and diffusion) super encryption, why the key has to be large?

No key exchange, no key distribute or establishment, no protocol, no diffie hellmanJ

Know man in the middle attack, double des, 

 

Question 2
----------------------------
Security polices (slides), bella-LaPedula (Chapter: 4, 5, 6 and 7) look at the slides first

Look at last year's final and should be able to do the blp problem

Chapter 5: problem 1 and 2 (pg 150)

 

Question 3
----------------------------
Access control mechanism (Chapter 15)

Should know ACL, access control matrixes

Pg 405: Problem 2, 3, 4, 5, 6

Skip 15.5

 

Question 4
----------------------------
Identity and authentication (Skip chapter 14) (chapter 12 for authentication)

Unix password mechanism, salt, windows password mechanism, MS Chap Version 1, password and attacks

Forget about identity; skip all the identity, AUTHENTICATION only!

One time password (12.3.2)

 

Question 5
----------------------------
Buffer overflow and format string

Review the hw

If you did the hw yourself, you should be able to do it! J

 

Question 6 (read 689 - 693, 698 - 701, 702 - 705)
----------------------------
Auditing

Question in the back, question 3, 4 and 6

 

Question 7 (Read 645 - 652, 660 - 678) DO NOT READ 23.2.[5-11], 23.4, 23.5
----------------------------
Vulnerability analysis

Chapter 23: Question 1, 2, 4 and 9

 

Question 8 (Read 16.1 except definition of entropy, 407 - 413, 439 - 447, 450 - 451) 
----------------------------
Information flow and covert channel

Read last year's final