| Terms |
Definitions |
|
ROM
|
read-only memory
|
|
GUI
|
graphical user interface
|
|
Hard Drive
|
non-removable device
|
|
System
|
a collection of things
|
|
Password-Based Authentication
|
Most commonSeveral problems: Inherent vulnerabilitieseasy to guesseasy to snoopeasy to loseno control on sharing
Practical vulnerabilities:visible in the clear in distributed and networked systemssusceptible to replay attacks if encrypted naivelySusceptible to dictionary attacks even if encryptedRequire proactive management
|
|
Prescriptions
|
the way software should progress
|
|
T is called what
|
Naked Type
|
|
Distributed System
|
We need end-to-end authentication which is safe from
at least passive wiretapping, and
active wiretapping for higher assurance
More generally we need two-way end-to-end authentication
|
|
What is Kerberos?
|
Authentication service
Part of project Athena of MIT
Intended to have thress componets to guard a network's gate
Authentication
Accounting
Audit
|
|
Testers
|
catch faults that the programmers overlook
|
|
Simplicity
|
encourages developers to select the simples design or implementation to address the needs of their customers
|
|
Project plans
|
a document of project details
|
|
Behavior of an object
|
how state changes
|
|
Lazy Evaluation
|
• Many programming language evaluate each operand before passing avalue/reference to a procedure• In lazy evaluation an operand in a procedure call is not evaluated untilis it needed by the procedure body• If the procedure body never refers to the parameter, then it is neverevaluated• Consider the following example• Without lazy evaluation, it never terminates• With lazy evaluation is returns 11leterec infinite-loop (x) = infinite-loop(-(x,-1))in let f = proc (z) 11in (f (infinite-loop 0))
|
|
Confidentiality
|
X set of entities, I information repository
I has confidentiality property with respect to X if no x within Xcan obtain information from I
Example:
X set of students
I final exam answer key
I is confidential with respect to X if students cannot obtain finalexam answer key
|
|
Hiding in Images/Videos?
|
Least significant bit insertion
making filtering
applying more sophisticated image processing algorithms
|
|
Motivation for kerberos
|
Provide authentication between any pair of entities
By a trusted third-party
|
|
T/F: Saving moves information from RAM to hard disk.
|
true
|
|
Consumer reuse
|
using components that were originally developed for other projects
|
|
Paradigm
|
it represents a particular approach or philosophy for building software.
|
|
Risk leverage
|
the difference in risk exposure divided by the cost of reducing risk
|
|
Component diagrams
|
reflect the actual, final system modules
|
|
Instance
|
has its own attribute values but shares attribute names and behaviors with the other instances of the class
|
|
How are constants declared
|
with the final keyword
|
|
Resolution
|
The number of horizontal and vertical pixels in a display device.
|
|
lexical depth
|
Lexical depth of a variable is equivalent to the number of contourscrossed when searching from the variable reference to its declaration
|
|
Biometrics Based Authentication
|
Biometrics are automated methods of recognizing a person based on a physiogical or behavioral characteristics
|
|
Encryption
|
The process of coding a message such that its meaning is concealed
|
|
Software reliability
|
probabiliyu that a system will operate without failture under given conditions for a given time interval
|
|
Analyzing
|
breaking a problem up by breaking it into pieces that we can understand and try to deal with
|
|
Development system
|
the next version being prepared to replace the current production system
|
|
Risk management
|
understand and control the risks on their projects
|
|
Message-passing coupling
|
number of method invocations in a class
|
|
Accessor Method
|
A method that reads, but never changes, the state of an object.
ex. getter methods
|
|
Spoofing
|
A technique that intruders use to make their network or internet transmission appear legitimate to a victim computer or network.
|
|
The set Expression
|
• In assign-exp :• var represents the variable being assigned a new value• exp1 represents the value being assigned to the variable• The expression exp1 must be evaluated before its value can be stored• The variable var is looked up in the environment to determine thememory location to which the new value should be written(define value-of...(assign-exp (var exp1)(begin(setref!(apply-env env var)(value-of exp1 env))(num-val 27))) % arbitrary return value)))The setref! procedure recursively iterates through the memory until itfinds the location to update, then updates it (Very inefficient)
|
|
Certificate Revocation Lists
|
CRLs issued periodically as per CA policy
blank CRLs can be issued
CRL distribution
pull method
push method
Immediate or real-time revocation
needs query to CA on every certificate use
maybe of for small closed communities
|
|
T/F: Packets of information originating from the same source going to the same destination take the same path.
|
false (remember the postcard analogy!)
|
|
Maintenance team
|
fixes faults that are discovered in a system after it has been accepted
|
|
Precursor
|
an event or set of events that must occur before the activity can begin; it describes the set of conditions that allows the activity to begin
|
|
Workbook
|
excel file with one or more sheets or pages
|
|
Validity check
|
A check that analyzes entered data to make sure it is correct in a database.
|
|
Scanning & Parsing
|
•The front end does the scanning & parsing •Scanner divides input sequence of characters into tokens •Parser organizes sequence of tokens into a syntactic structure (e.g. an abstract syntax tree) •Building a parser by hand can be tedious •Lexical analyzer generators (e.g. lex) automatically generate scanners from some specification (e.g. lex, flex, ANTLR) •Parser generators (compiler-compilers) automatically generate parsers from a grammar specification (e.g. yacc, Bison, ANTLR)
|
|
Credentials : Ticket
|
Used to pass securely to the server the identity of the client
Good for a single server
Possible to use multiple times within its lifetime
Client cannot decrypt this ticket
Zero knowledge of server’s secret key
Tc,s = {s, c, addr, timeo, life, Kc,s}EKs
addr can be used to ensure that the client using the
ticket is the same client to whom the ticket was issued.
|
|
Name three important "intangible" concepts in IT.
|
1. abstraction: removing the basic concept, idea, or process from a situation and expressing it more succinctly and generally
2. generalisation: the summation of an idea, concept, or process that applies to many situations
3. operational attunement: applying what you know about how a device or system works to simplify its use
|
|
Behavior Subtype
|
A class 'x' is a behavioral subtype of a class 'y' if 'x' can do everything 'y' can and potentially more
|
|
what is a Trojan Horse?
|
A Trojan Horse is rogue software installed,perhaps unwittingly, by duly authorized users
A Trojan Horse does what a user expects it todo, but in addition exploits the user'slegitimate privileges to cause a securitybreach
|
|
Secret Key Cryptosystem
|
A and B can be people or computers
attacker is assumed to know E and D
confidentiality depends only on secrecy of the key
secret key systems do not scale well
with N parties we need to generate and distribute N*(N-1)/2 keys
|
|
Steps to write an immutable class
|
1.) Write an immutable interface
2.) Make all fields private
3.) Ensure exclusive access to any mutable objects referred to by fields
|
|
SDRAM (Synchronous Dynamic RAM)
|
designed to work with the CPU to work faster than the DRAM
|
|
T/F: Email is an example of a synchronous communication.
|
false (email is asynchronous because the sender and receiver are not present at the same time)
|
|
T/F: When you run a program, it starts, and when you execute a program, it stops.
|
false (run and execute are the same)
|
|
T/F: The World Wide Web and the Internet are two terms for the same thing.
|
false (WWW refers to all the web servers and files that are ON the Internet)
|
