When & Where

The first exam will be held in our regular classroom on Monday, November 3, 2025.

It will take up about half the lecture, starting approximately during the second half of the class period. Please arrive on time and do not plan on coming in just to take the exam. If you arrive after the exam has started, you will not be allowed to take it.

Exam rules

Be sure to arrive on time. If you arrive after the exam starts, you will not be allowed to take it.

This will be a closed book, closed notes exam. Calculators, phones, augmented reality glasses, laptops, and tablets are neither needed nor permitted. If you have these devices, you must turn them off, put them out of sight, and not access them for the duration of the exam.

No other electronic devices are permitted except for hearing aids, pacemakers, electronic nerve stimulators, other implanted medical devices, or electronic watches that function only as timekeeping devices or chronographs.

Bring a couple of pens or pencils with you. Plan to use a pen only if you are supremely confident in not changing your mind about your answers. . Check here for information about pencils, sharpeners, and the craft of pencil sharpening.

Past exams

You can use my past exams as a guide to what this exam may look like, but realize there are differences in topics and in the sequencing of the topics. Expect around 25 multiple-choice questions. I do not refer to old exams when I come up with a new one, so it is likely that many of the topics that I considered important in past exams will show up on future exams. Some material may have changed, however, so do not worry about questions that appear to relate to topics we have not covered.

Get past 419 exams here.

Study guide

You are responsible for the material from the first four lectures and recitations.

The study guide is a concatenation of the study guides from the past lectures. It attempts to cover most of the material you should know. It is not a substitute for the lectures, lecture material, and other reading matter. All the material may not be in the guide. My goal is to put most of the information you need to know a concise with fewer elaborations.

You can also prepare your own guide, which would be a much better way to prepare for the exam!

→ Get the study guide

Topics

Topics that you should know and may be on the exam include:

Hash Pointers, Bitcoin, and Blockchain

• Cryptographic foundations

  • Hash pointers vs. normal pointers

  • Blockchains as tamper-evident linked lists

  • Merkle trees: efficient verification and role in Bitcoin blocks

• Core concepts

  • Distributed ledger: thousands of nodes storing complete copies

  • Double-spending problem and how Bitcoin solves it

  • UTXOs (Unspent Transaction Outputs) as Bitcoin's current state

• Transactions

  • Transaction components: inputs, outputs, change output, fee

  • Public/private keys and digital signatures

  • Addresses as hashes of public keys (not derivation steps)

• Mining and consensus

  • What mining is and why miners do it

  • Proof of Work: finding nonce so block hash < target hash

  • Target hash: determines mining difficulty

  • Difficulty Adjustment Algorithm: maintains 10-minute blocks

  • Block rewards and halving

• Security

  • Chain selection: longest valid chain (most cumulative work)

  • Competing chains/forks: how they occur and resolve

  • Confirmations: why transactions need multiple blocks

  • 51% attack: what it is and why it's impractical

CAPTCHA and Human Verification

• Core concepts

  • Purpose

• Why CAPTCHAs work(ed)

• Evolution of CAPTCHA systems

  • Text-based CAPTCHAs (distorted words)

  • Image-based CAPTCHAs (object recognition, grids)

  • reCAPTCHA (digitizing books and Street View)

  • NoCAPTCHA reCAPTCHA (v2) - "I'm not a robot" checkbox

  • Behavioral analysis (mouse movements, timing)

  • Invisible reCAPTCHA (v3) - trust scores

• Problems and limitations

  • Accessibility issues

  • User frustration

  • CAPTCHA farms (human outsourcing)

• Modern threats

  • AI

  • Fake CAPTCHAs as social engineering attacks

• New approaches

  • IllusionCAPTCHA (AI-generated optical illusions)

  • Biometric verification

Access control

• Foundation mechanisms

  • Hardware timer and preemptive multitasking

  • Memory Management Unit (MMU) and page tables

  • Kernel mode vs. user mode

• Core concepts

  • Access control matrix

  • Subjects and objects

  • Access Control Lists (ACLs)

  • Capability lists

  • Principle of least privilege

  • Privilege separation

• Discretionary Access Control (DAC)

  • Owner-controlled access

  • UNIX/POSIX permissions (owner, group, other)

  • Read, write, execute (rwx)

  • chmod, chown, chgrp

  • umask

  • Real user ID (ruid) vs. effective user ID (euid)

  • setuid and setgid bits

• Mandatory Access Control (MAC)

  • Concept of MAC

  • Multilevel security

  • Bell-LaPadula model (confidentiality)

    • Simple Security Property (no read up)

    • Star Property (no write down)

    • Remember the rules but you don't have to remember the terms "simple security property" or "star property"

  • Biba model (integrity)

    • Simple Integrity Property (no read down)

    • Star Integrity Property (no write up)

  • Compartments and multilateral security

  • Type Enforcement (TE)

    • Domains and types

• Role-Based Access Control (RBAC)

  • Permissions assigned to roles

• Attribute-Based Access Control (ABAC)

  • Just the basic idea

  • User, object, and environmental attributes

  • Context-aware access decisions

• Chinese Wall model

  • Conflict of interest prevention

  • Conflict classes

  • History-based access restrictions

  • Dynamic separation of duties

• Key comparisons

  • Strengths and weaknesses of each model

  • When to use each model

Memory Vulnerabilities and Code Injection

• Memory corruption types

  • Buffer overflow (stack and heap)

  • Integer overflow

  • Off-by-one errors

  • Use-after-free

  • Double-free

  • Format-string vulnerabilities

• Exploitation techniques

  • Shellcode injection

  • Heap spraying

  • Return-to-libc attacks

  • Return-oriented programming (ROP), gadgets

• Defensive mechanisms

  • Non-executable memory (NX, DEP)

  • Address Space Layout Randomization (ASLR)

  • Stack canaries

  • Heap canaries

  • Double-free detection

• Development-time protections

  • AddressSanitizer (ASan)

  • Fuzzing (coverage-guided)

  • Safer library functions (fgets vs. gets, strncpy vs. strcpy)

  • Compiler runtime checks

• Hardware mechanisms

  • Control-flow integrity

  • Shadow stack

  • Pointer authentication

  • Memory tagging (e.g., ARM MTE)

• Key principles

  • Defense-in-depth

  • How code reuse (like return-to-libc, ROP) attacks bypass NX

  • Why ASLR makes ROP harder

  • Relationship between vulnerabilities and their corresponding defenses

Command Injection and Input Validation Attacks

• SQL injection

  • Embedding SQL syntax in user input

  • Parameterized queries (prepared statements)

  • Stored procedures

  • Input validation

  • You don't have to know NoSQL injection except that the attack principles are similar.

• Shell command injection

  • Shell metacharacter issues (;, |, $(), backticks)

  • Avoiding shells (use system APIs directly): execve() vs. system()

• Environment variable manipulation

  • PATH, LD_PRELOAD, LD_LIBRARY_PATH

  • DLL search paths

• Package and dependency attacks

  • Typosquatting

  • Dependency confusion

• Path traversal

  • Relative path elements (..)

  • Symbolic links

  • Canonicalization

  • Resolving to absolute paths

• Character encoding attacks

  • Overlong UTF-8 encodings

  • Decode before validating

• Race conditions

  • Time-of-check to time-of-use (TOCTTOU)

  • File descriptor operations vs. filename operations

• File descriptor misuse

  • Standard file descriptors (0, 1, 2)

  • Descriptor reuse vulnerabilities

• Defense in depth

Containment and Isolation

• Application sandboxing

  • Purpose: restrict individual processes

  • Filesystem-based containment (chroot)

  • chroot jail and its limitations

  • FreeBSD Jails

• System call-based sandboxes

  • System call interface as enforcement point

  • User-level interposition (e.g., ptrace, janus, interposition)

  • Time-of-check-time-of-use (TOCTTOU) vulnerabilities

  • seccomp-BPF (Berkeley Packet Filter)

  • BPF actions (ALLOW, ERRNO, TRAP, KILL)

  • AppArmor: what its main goal is

• Language-based sandboxing

  • Process virtual machines

  • Examples: JVM, .NET CLR, JavaScript engines

  • Bytecode verification

  • Memory safety in managed environments

• OS-level isolation primitives

  • Namespaces (what processes can see)

  • Control groups/cgroups (resource limits)

  • Capabilities (dividing root privileges)

• Containerization

  • How containers combine namespaces, cgroups, and capabilities

  • OS-level virtualization

  • Security limitations (shared kernel)

• Virtualization

  • Virtual machines (VMs): concept

  • Hypervisor/Virtual Machine Monitor (VMM)

  • Type 1 (bare-metal) vs. Type 2 (hosted) hypervisors

  • Hardware virtualization support

  • Guest vs. host operating system

• Containers vs. Virtual Machines

  • Isolation strength differences

  • Performance trade-offs

  • Kernel sharing vs. separate kernels

• Security considerations

  • VM escape

  • Hypervisor vulnerabilities

Last update: Wed Oct 29 20:25:45 2025