Download presentation
Presentation is loading. Please wait.
1
Exam Review
2
Scope Everything mentioned in this set of slides
Focus on concepts; no need for memorization Exam will be open-book, open-note; but no electronic device use
3
Basic Security Concepts
Analyzing Security Threat model Countermeasures and their effectiveness Be able to analyze these in the context of the technical knowledge we have learned in this class The concept of protection in operating systems E.g., file system access control, set-uid mechanisms
4
Software Vulnerabilities and Exploits
Stack overflow Mechanisms for control flow hijacking Consequence of the exploit Stack overflow mitigation Canary Stack address randomization Non-executable stack
5
Software Vulnerabilities and Exploits
Heap overflow Understand the pointer operations that allow attacker to modify arbitrary memory locations with arbitrary value Understand the mechanisms of hijacking control flows by corrupting important data structures like GOT
6
Software Vulnerabilities and Exploits
Return oriented programming Basic mechanisms of chaining control flows by returning The concepts of gadgets and how they work
7
Secure Operating System
Key concepts Protection state Reference monitoring Mandatory access control Detailed implementation and policy of SELinux will not be appear
8
Mobile System Security
Android security architecture OS protection App sandbox Middleware protection: ICC
9
Basic Cryptography Primitives
Cryptographic Hash Symmetric Encryption Asymmetric Encryption Digital Signature Message Authentication Code Properties of each primitive, and how they can be used
10
Authentication Password-based authentication Authentication Protocols
Man-in-the-middle Attacks Special case: SSH
11
DNS Security DNS Cache Poisoning Attacks DNS Security Extension
Only need to understand the high- level concept
12
Firewall Packet filtering mechanisms Firewall policy concepts
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.