【18】CS161 Final Cheatsheet

  1. two-factor authentication (2FA) Authentication using two of: Something you know (account details or passwords), Something you have (tokens or mobile phones), Something you are (biometrics)

  2. Clickjacking - Framebusting, X-Frame-Options

  3. Network Intrusion Detection System (NIDS), Host-based IDS (HIDS), Log Analysis, System Call Monitoring (HIDS).

  4. Signature-Based IDS: alert if request matches a certain pattern Anomaly-Based IDS: alert on any “weird” occurrences Specification-Based IDS: alert if request does not match a specification Behavioral-Based IDS: alert if it looks like bad things have happened

  5. Evasion: impose canonical form (“normalize”); analyze all possible interpretations rather than assuming one; Flag potential evasions; fix the basic observation problem.

  6. Malcode: virus, worm, rootkit, botnet

  7. Merkle Tree: Given MHT, can prove data item in the tree in a log number of steps and nodes. Audit proof for a node N: only need siblings of nodes on the path from N to root. Secure storage: to update: 1. verify siblings, 2. compute the new MHT Certificate Transparency (CT) 3 parties: logs, monitors, auditors Logs store certificates in an append-only MHT; Auditors check $MHT{new}$ is the result of append to $MHT{old}$ so a log can never erase; Monitors check whether some attacker put cert on the log. SCT: signed cert timestamp, $Sign_{CTlog}(Cert; Time)$ , website send cert to clients with SCT.


210 Words

2019-05-14 14:15 +0800