Samenvatting

Summary Midterm (Lecture 1-9) 2024 | Information security (INFOB3INSE) | UU informatiekunde

1 keer verkocht

Instelling
Universiteit Utrecht (UU)

This document contains the most recent summary of a combination of lectures 1-9 and the reading materials for these lectures. Making this summary, I have used my lecture notes, notes from reading the book, and the lecture slides. Everything you need to know for the midterm exam on is explained and...

[Meer zien]

Laatste update van het document: 8 maanden geleden

Voorbeeld 2 van de 14 pagina's

Bekijk voorbeeld

Geupload op 24 mei 2024
Bestand laatst geupdate op 29 mei 2024
Aantal pagina's 14
Geschreven in 2023/2024
Type Samenvatting

information security
security
cryptography
information science
2024
privacy
malware
risk analysis
authentication
informatiekunde
infosec
samenvatting
summary

€5,49

Ook beschikbaar in voordeelbundel v.a. €7,39

In winkelwagen

Op verlanglijstje

100% tevredenheidsgarantie
Direct beschikbaar na je betaling
Lees online óf als PDF
Geen vaste maandelijkse kosten

Ook beschikbaar in voordeelbundel (1)

Summary Endterm (lecture 1-13) | Information Security (INFOB3INSE) | 2024

€ 10,45 € 7,39 2 items

1. Samenvatting - Summary midterm (lecture 1-9) 2024 | information security (infob3inse) | uu informat...
2. Samenvatting - Summary endterm (lecture 10-13) | 2024 | information security (infob3inse) | informa...
Meer zien

Information Security midterm summary
Lectures 1-9; book Computer Security and the Internet H1, H2, H3,
H5, H6, H7, H9; book Security in Computing H7

Glossary

Access control: controlling who access files / databases / access etc.
Access control directory: table per user, defines access rights per file
Access control matrix: sparse matrix containing right per user per object (efficiency!)
Accountability: identify principals that are responsible for actions.
Accuracy: (how many associations are correct): TP + TN / (N+P)
Active adversary: adversary alters data & injects
Active token: token does something himself, e.g. interact with sensor
Adversary model: consider objectives / methods / resources of adversary (attacker).
Anonymity: someone’s identity cannot be linked to their actions
Asset (CORAS): something the party values.
Asset diagram (CORAS): diagram with involved parties, (in)direct assets, harm relationships
Attack: deliberate execution, consisting of method + opportunity + motive
Attack surface: all vulnerabilities in total
Attribute-based credentials: certificate of certain attributes by trusted verifier, you keep your
privacy!
Auditability (DB requirement): it should be possible to track who did what in DB
Audit record (of DBs): log about subjects, who did what
Authentication: assure identity is approved (are you who you say you are?) (see L5)
Authentication: checking if the person is who he says he is
Authorization: asset is only accessible to authorized parties
Availability: asset remains accessible / can be used by authorized parties
Backdoors: bypass normal entry points.
Bijection: one-to-one function, each element is directly mapped to one another.
Block cipher: split up ciphertext in ‘blocks’ of fixed size
Breakable encryption scheme: 3rd party can systematically recover key in feasible timeframe
Brute force attack: trying any possible password. takes very long
Buffer overflow: data trespasses boundaries of data structures (can affect other data)
Caesar shift: directly map each letter to another (e.g. shift alphabet 13 times)
Canary value: random int, placed in between prog ctr and stack ptr.
Capabilities protection: access token used for entry regardless identity of token holder
Changelog (of DBs): log about how objects changes reverting back
Clickjacking: framing technique, user clicks on invisible superimposed button
Collaborative computation: secure multi-party computation, trust is necessary!
Commit (in two-phase update): step 2, actually make permanent change
Confidentiality: asset is viewed only by authorized parties
Consequence scale (CORAS): mapping impact of unwanted incidents in terms of harm
CORAS: stepwise, concrete model-driven risk assessment framework
Cryptography: mathematical techniques related to confidentiality, integrity, privacy, etc.

, CSRF (cross-site request forgery): attacker gets user to carry out a (bad) request created by
the attacker, without the attacker ever needing to possess / know the content of the
authentication cookies
Data anonymization: decouple identity from information
Defaced website: attacker modifies content on real site (mostly as activist)
Dictionary attacks: inferring likely passwords using password ‘dictionaries’
Differential privacy: (property of algorithm): maximize accuracy, minimize risk of identify
revealing.
Diffie-Hellman: exchange keys over a public channel
Discretionary access control: object owner decides permissions for subjects
Domain Name System (DNS): translate domain name (google.com) to IP address
Dot-dot-slash (../) : access private files on target server
dummy addition: add fake entries
Dynamic token: value changes over time. at interval / on button press
Email-based malware (Virus+Worm): spreads through email files/links, requires user action
Encryption: algorithm + cryptographic key → convert plaintext into ciphertext. Reversible.
Decryption key: use this + algorithm to convert ciphertext to plaintext
Error: human made mistake (in code)
Failure: system does not behave as required (users experience this in practice)
Fake code: user intentionally installs program, it turns out to do something different
Fake website: fake website pretending to be the real one (e.g. fake bank website)
False acceptance rate: (hacker can get in): FP / (N+P)
False rejection rate: (you can’t get in): FN / (N+P)
Fault: incorrect step in computer program, resulting from error (developers see faults)
Flaw: faults and failure are both called faults.
generalization: remove precision (instead of age 48, put 30-50)
H1, one-way property (pre-image resistance), hashing property: it should be infeasible to find
input back based on output
H2, second-preimage resistance, hashing property: with 1 given (!) input, it should be
infeasible to find another input with the same hash result
H3, collision resistance, hashing property: it should be infeasible to find to 2 arbitrary inputs
(which are not the same), which yield the same hash output
Handshake layer (TSL): key exchange, authentication. first step in TSL procedure
Hashing: function to convert string to other fixed length string, should be impossible to
convert back.
Heap: dynamic memory allocation (first in first out)
High-level risk analysis (CORAS): table with high-level risk descriptions
Homomorphic encryption: ciphertext can still be treated as original data
HTTP Secure (HTTPS): secure traffic via TSL (Transport Security Layer)
Hypertext transfer protocol (HTTP): data transfer between server & browser (TCP
(Transmission Control Protocol) connection)
ID-based protection: identify is verified, instead of just the fact you have a token
Impact: negative consequence of executed threat
Incomplete mediation: attacker can modify parameters that are not validated
Integer-based vulnerabilities: exploit bugs from integer representation in memory
Integer overflow/underflow: occurs when value is too high or too low for storage limit
Integrity: asset is modified only by authorized parties

Dit zijn jouw voordelen als je samenvattingen koopt bij Stuvia:

Bewezen kwaliteit door reviews

Studenten hebben al meer dan 850.000 samenvattingen beoordeeld. Zo weet jij zeker dat je de beste keuze maakt!

In een paar klikken geregeld

Geen gedoe — betaal gewoon eenmalig met iDeal, creditcard of je Stuvia-tegoed en je bent klaar. Geen abonnement nodig.

Direct to-the-point

Studenten maken samenvattingen voor studenten. Dat betekent: actuele inhoud waar jij écht wat aan hebt. Geen overbodige details!

Veelgestelde vragen

Wat krijg ik als ik dit document koop?

Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.

Tevredenheidsgarantie: hoe werkt dat?

Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.

Van wie koop ik deze samenvatting?

Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper danielgeelhoed. Stuvia faciliteert de betaling aan de verkoper.

Zit ik meteen vast aan een abonnement?

Nee, je koopt alleen deze samenvatting voor €5,49. Je zit daarna nergens aan vast.

Is Stuvia te vertrouwen?

4,6 sterren op Google & Trustpilot (+1000 reviews)

Afgelopen 30 dagen zijn er 68175 samenvattingen verkocht

Opgericht in 2010, al 15 jaar dé plek om samenvattingen te kopen

Begin nu gratis

Laatst bekeken door jou

Tentamen (uitwerkingen) ·

(0)