Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exam Review.

Published byGabriella Jordan Modified over 5 years ago

Similar presentations

Presentation on theme: "Exam Review."— Presentation transcript:

1 Exam Review

2 Scope Everything mentioned in this set of slides
Focus on concepts; no need for memorization Exam will be open-book, open-note; but no electronic device use

3 Basic Security Concepts
Analyzing Security Threat model Countermeasures and their effectiveness Be able to analyze these in the context of the technical knowledge we have learned in this class The concept of protection in operating systems E.g., file system access control, set-uid mechanisms

4 Software Vulnerabilities and Exploits
Stack overflow Mechanisms for control flow hijacking Consequence of the exploit Stack overflow mitigation Canary Stack address randomization Non-executable stack

5 Software Vulnerabilities and Exploits
Heap overflow Understand the pointer operations that allow attacker to modify arbitrary memory locations with arbitrary value Understand the mechanisms of hijacking control flows by corrupting important data structures like GOT

6 Software Vulnerabilities and Exploits
Return oriented programming Basic mechanisms of chaining control flows by returning The concepts of gadgets and how they work

7 Secure Operating System
Key concepts Protection state Reference monitoring Mandatory access control Detailed implementation and policy of SELinux will not be appear

8 Mobile System Security
Android security architecture OS protection App sandbox Middleware protection: ICC

9 Basic Cryptography Primitives
Cryptographic Hash Symmetric Encryption Asymmetric Encryption Digital Signature Message Authentication Code Properties of each primitive, and how they can be used

10 Authentication Password-based authentication Authentication Protocols
Man-in-the-middle Attacks Special case: SSH

11 DNS Security DNS Cache Poisoning Attacks DNS Security Extension
Only need to understand the high- level concept

12 Firewall Packet filtering mechanisms Firewall policy concepts

Download ppt "Exam Review."

Similar presentations

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Midterm Review Questions SOEN321 – Information-Systems Security.

Midterm Review Questions SOEN321 – Information-Systems Security.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.

Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.
Project supported by YESS 2009 Young Engineering Scientist Symposium « Identity Management » Cryptography for the Security of Embedded Systems Ambient.

Project supported by YESS 2009 Young Engineering Scientist Symposium « Identity Management » Cryptography for the Security of Embedded Systems Ambient.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
Introduction to Information Security J. H. Wang Sep. 15, 2014.

Introduction to Information Security J. H. Wang Sep. 15, 2014.
Introduction to Network Security J. H. Wang Feb. 24, 2011.

Introduction to Network Security J. H. Wang Feb. 24, 2011.
Information Security and Computer Systems: An Integrated Approach Mark A. Holliday and Bill Kreahling, Dept of Mathematics and Computer Science Western.

Information Security and Computer Systems: An Integrated Approach Mark A. Holliday and Bill Kreahling, Dept of Mathematics and Computer Science Western.
Computer & Network Security

Computer & Network Security
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Network Security by Behzad Akbari Spring 2012 In the Name of the Most High.

Network Security by Behzad Akbari Spring 2012 In the Name of the Most High.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
4P13 Week 1 Talking Points. Kernel Organization Basic kernel facilities: timer and system-clock handling, descriptor management, and process Management.

4P13 Week 1 Talking Points. Kernel Organization Basic kernel facilities: timer and system-clock handling, descriptor management, and process Management.
Mitigation of Buffer Overflow Attacks

Mitigation of Buffer Overflow Attacks
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.

COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.

Similar presentations

Ads by Google