search
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
cs-465:exam-2 [2015/12/03 13:30] fred |
cs-465:exam-2 [2017/04/12 07:52] fred |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| '''Exam 2''' | '''Exam 2''' | ||
| - | Date: Tues Dec 8th | + | |
| Location: In Class | Location: In Class | ||
| Line 9: | Line 9: | ||
| Study the lecture slides available on the web site, and other readings | Study the lecture slides available on the web site, and other readings | ||
| - | Secure email (example of how we combine symmetric and asymmetric encryption to send an encrypted message) | + | Secure email (example of how we combine symmetric and asymmetric encryption to send an encrypted message). Understand the theory of how the two common systems we studied work and know the differences between them |
| TLS Handshake | TLS Handshake | ||
| - | + | * know protocol control flow (given a diagram, reason from it) | |
| - | Review Exam 1 problems | + | * know record format |
| - | + | * know what data is exchanged at what phases and it’s composition. | |
| - | Multi-Factor Authentication | + | * <del>session resumption and how it works, and why we do it</del> |
| - | + | * be able to explain the parts of a cipher name e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | |
| - | Attacks against, and countermeasures for programs that hold passwords | + | |
| Buffer Overflow Attacks | Buffer Overflow Attacks | ||
| Line 23: | Line 22: | ||
| * Canaries | * Canaries | ||
| * What is a NOP sled? Why/How is it used? | * What is a NOP sled? Why/How is it used? | ||
| - | * Defenses | + | * Defenses (Prevention, and Mitigation, and what the difference between these is) |
| + | * Understand x86 stack layout calling conventions as seen in assignments | ||
| + | * Shown some debugger output, be able to reason about the function call | ||
| + | diagram and the state that the program is in and will be in | ||
| Binary extraction attacks and the use of a debugger. | Binary extraction attacks and the use of a debugger. | ||
| Line 35: | Line 38: | ||
| * Unix password files - how do they work? | * Unix password files - how do they work? | ||
| * Lamport's Hash - how does it work? how to attack it? | * Lamport's Hash - how does it work? how to attack it? | ||
| + | * Salts - what and why? | ||
| + | |||
| + | Attacks against, and countermeasures for programs that hold passwords | ||
| + | |||
| + | <del>Command Injection Vulnerabilities, prevention and mitigation techniques</del> | ||
| + | |||
| + | <del>Usability as a security problem - be prepared to give examples and explain</del> | ||
| Ken Thompson compiler hack - how it works | Ken Thompson compiler hack - how it works | ||
| - | Principle of Least Privilege | + | Principle of Least Privilege and how it relates to Defense in Depth |
| + | |||
| + | ANYTHING in any of your projects, or homework assignments. | ||
| - | Defense in Depth | ||
| Remaining topics are for final exam | Remaining topics are for final exam | ||
| Line 47: | Line 58: | ||
| * What is it? | * What is it? | ||
| * How to defend against it? | * How to defend against it? | ||
| + | |||
| + | Review Exam 1 problems | ||
| + | * MAC/HMAC, hashes and how they are implemented, and how they are not the same | ||
