Final review session
CS 480
10 May 2016

---------------------------------------------------------------------------

Ground rules

--110 minute exam

    --at 100 minutes, you have to stay seated; do not get up and distract
    your classmates.

    --you must hand your exam to me (we are not going to collect them).
    the purpose of this is to give everyone the same amount of time.

    --at 115 minutes, I will walk out of the room and won't accept any
    exams when I leave

    --thus you must hand in your exam at time x minutes, where:
    x <= 100 or 110 <= x < 115

--open notes, provided notes don't contain the posted class notes (or
equivalent) or lab code. 

Material

--Readings (see course Web page)

--Labs

--Homeworks

--Classes. Following topic list taken nearly verbatim from first 
midterm review:

    /* N.B.: This list of topics is not guaranteed to be comprehensive */

    Networking

        what happens when you click on a link?

        naming

        layering: link, network, transport, application

        bootstrapping

        NAT

    x86 architecture  

    stack frames

    buffer overflows

    attacks/defenses

        AlephOne article

        Canaries 

        W ^ X

        return-to-libc variants

        ROP

        ASLR

        heap smashing

        BROP

        other attacks/defenses

    user authentication

        the overall goal

        passwords: choosing, storing, transmitting, defenses against guessing, recovery

        criteria in the paper

        schemes/alternatives

    privilege separation and isolation

    Unix's mechanisms for isolation and controlled sharing

        processes, UIDs, GIDs, files, directories, memory, fds, chroot,
        Unix domain sockets, networking, etc.

        setuid

        OKWS

        Confused Deputy

    SFI


AFTER MIDTERM

    access control: DAC, MAC, capabilities

    Capsicum

    Bug finding

       manual testing

       fuzz testing

       grading scripts :-)

       symbolic execution

    Exe

        how does it work?

        constraint solver

        applicability/coverage


    Untrusted OSes

        SGX: enclaves and so forth

        Haven

    Crypto concepts

        public key crypto
            DH Key exchange
            public key encryption
            digital signatures [Certificates are an application of
                signatures]


    Web security

        threat model and setting

        SOP

        DOM

        cookies

        attacks
            XSS
            CSRF
            SQL injection
            side channels
            postMessage


    Distributed systems

        MapReduce: background, problem, flow, fault-tolerance, load
            balance, performance

        FDS: design, replication, performance, evaluation

        Peer-to-peer systems

        Consistent hashing


    Concurrency

        Managing concurrency

        spinlocks: test-and-set, test-and-test-and-set, ticket locks

        MCS locks (kind of spinlock)

        Non-scalable locks are dangerous (or are they?)
            bare bones crash course in cache coherence (MESI)


    Network security

        source IP forgery 
            what rules it out? handshakes...
            ... but sequence numbers used to be guessable
        so what rules out forging ACKs?
            make it unpredictable
        and getting DoSed?
            make it unpredictable and don't keep state until 3-way
            handshake completes

        other liveness attacks
                
        attacks on routing protocols: ARP, DHCP, BGP

        TLS/SSL: more secure network communication

        HTTPS: the plan, and what goes wrong
           
        ForceHTTPS

        secure flag clarification
       
    Rogaway's essay

--Now questions from you all......