This is a list of vocabulary from the entire semester. It is probably much more exhaustive than it needs to be. Slideset 1: Introduction interruption interception modification fabrication confidentiality integrity availability authentication non-repudiation vulnerability threat attack control Principle of Easiest Penetration Slideset 2: Policies and Channels security policy security model metapolicy mandatory access controls (MAC) discretionary access controls (DAC) subjects objects security labels/levels hierarchical levels need-to-know categories Principle of Least Privilege dominates relation partial order total order lattice-based security read/write/execute/create/destroy permissions Bell-LaPadula Model (BLP) Simple-Security Property *-Property containment problem trusted subjects strong tranquility property weak tranquility property access control policy policy/mechanism/assurance distinction basic security theorem System Z covert channels timing channels storage channels existence of channel bandwidth/capacity of channel noisy/noiseless intrusion detection Shared Resource Matrix Methodology system attribute information flow policies non-interference unwinding theorem Slideset 3: Policies and Channels II integrity policies separation of duty separation of function auditing integrity levels Biba model/Strict Integrity Policy low water mark policy ring policy Lipner's integrity matrix model Clark-Wilson policy Chinese Wall Policy role-based access control (RBAC) access control matrix (ACM) access control list capability-based system protection systems commands conditional commands the safety question leaking permissions Slideset 4: Information Theory information theory channel sender/receiver bandwidth/capacity/throughput information content bit encoding lossless uniquely decodable prefix-free entropy discrete source/zero-memory source Lempel-Ziv algorithm Huffman encoding fundamental theorem of the noiseless channel equivocation symmetric channel zero-order model first-order model, etc. Slideset 5: Cryptography I encryption/decryption cryptosystem plaintext/ciphertext keyed cipher/keyless cipher cryptography Cryptanalysis Crytology breakable strong cryptosystem keyspace substitution transposition monoalphabetic cipher simple substitution cipher Caesar Cipher polyalphabetic substitution Vigen\`ere cipher Vigen\`ere tableau perfect cipher one-time pad key distribution key management Vernam Cipher pseudo-random number generator book cipher confusion diffusion columnar transposition product cipher symmetric cipher/secret key algorithm asymmetric cipher/public key algorithm authentication stream cipher block cipher malleable algorithm ciphertext-only attack known plaintext attack chosen plaintext attack adaptive chosen plaintext attack chosen ciphertext attack Kerckhoff's Law Slideset 6: Cryptography II Data Encryption Standard (DES) Feistel cipher weak keys semi-weak keys modes of usage block encryption mode electronic code book mode (ECB) cipher block chaining mode (CBC) key stream generation modes cipher feedback mode (CBC) output feedback mode (OFB) double DES 3DES Advanced Encryption Standard (AES) Rijndael subBytes shiftRows mixColumns addRoundKey public key infrastructure (PKI) one-way function knapsack problem cryptographic hash functions/cryptographic checksum message digest MD4/MD5/SHA1 key exchange problem Diffie-Hellman algorithm digital signatures non-repudiation non-alterable unforgeable certificate certification chain certification authority Slideset 7: Cryptographic Protocols protocol cryptographic protocol principals known-key attack impersonation attack replay attack dictionary attack forward search attack interleaving attack Needham-Schroeder Protocol shared-key authentication protocol session key nonces timestamp fresh recent Otway-Rees Protocol belief logics BAN logic idealization Slideset 8: PGP Pretty Good Privacy (PGP) Phil Zimmermann authentication confidentiality compression e-mail compatibility segmentation radix-64 conversion passphrase-based symmetric keys public key ring private key ring key legitimacy field key revocation Slideset 9: Availability denial of service (DoS) distributed denial of service (DDoS) consumer problem/producer problem local/remote attacks Yan's framework: traditional/service-oriented/hybrid attacks syn flooding packet sniffing ingress filtering intrusion detection system (IDS) intrusion prevention system (IPS) false negatives false positives CodeRed (3 versions) static seed in PRNG memory-resident virus Slideset 10: Common Criteria Common Criteria TCSEC target of evaluation (TOE) protection profile (PP) security target (ST) Evaluation Assurance Level (EAL) Slideset 11: Program Security and Viruses fault error failure buffer overflow incomplete mediation time-of-check/time-of-use attacks (TOCTOU) Computer Emergency Response Team (CERT) rogue program virus trojan horse logic bomb time bomb trapdoor/backdoor worm rabbit virus detection software virus signature