Midterm review session
CS 480
6 March 2016

---------------------------------------------------------------------------

Ground rules

--75 minute exam

    --at 65 minutes, you have to stay seated; do not get up and distract
    your classmates.

    --you must hand your exam to me (we are not going to collect them).
    the purpose of this is to give everyone the same amount of time.

    --at 78 minutes, I will walk out of the room and won't accept any
    exams when I leave

    --thus you must hand in your exam at time x minutes, where:
	x <= 65 OR
	65 <= x < 78


--open notes, provided notes don't contain the posted class notes (or
equivalent) or lab code. 

Material

--Readings (see course Web page)

--Labs

--Homeworks

--Classes

    /* N.B.: This list of topics is not guaranteed to be comprehensive */

    Networking

        what happens when you click on a link?

        naming

        layering: link, network, transport, application

        bootstrapping

        NAT

    x86 architecture  

    stack frames

    buffer overflows

    attacks/defenses

        AlephOne article

        Canaries 

        W ^ X

        return-to-libc variants

        ROP

        ASLR

        heap smashing

        BROP

        other attacks/defenses

    user authentication

        the overall goal

        passwords: choosing, storing, transmitting, defenses against guessing, recovery

        criteria in the paper

        schemes/alternatives

    privilege separation and isolation

    Unix's mechanisms for isolation and controlled sharing

        processes, UIDs, GIDs, files, directories, memory, fds, chroot,
        Unix domain sockets, networking, etc.

        setuid

        OKWS

        Confused Deputy

    SFI
                
--Now questions from you all......