CIS/CSE 774   -   Fall 2008

Information about Exam 2

  • When: Tuesday, Nov 10 in class.
  • How: Open book, open papers, open notes, closed friends.

  • Coverage:
  • Everything from Exam 1, plus...
  • Access-control logic, including:
  • Principal expressions: simple principal names, plus compound principals P&Q, P|Q
  • Statements of the logic, including: P says phi, P => Q, P controls phi
  • Semantics of the logic, using Kripke structures
  • Inference rules of the logic
  • Formal proofs *in* the logic
  • Meta proofs *about* the logic (e.g., soundness proofs)
  • Keys, certificates, trust topologies
  • Delegation
  • Short version: everything through HW 7

    • Types of Questions You Should Expect

    Note: I don't promise to ask only the following sorts of questions. However, if you can answer these sorts of questions, you should be in good shape.

  • When given a proposed axiom or inference rule, you should be able to determine whether or not it is sound. You should also be able to justify your answer, either by proving it sound or by constructing a particular Kripke structure and instance of the rule that demonstrates its lack of soundness.
  • When given a set of certificates, you should be able to formally derive whether a key is associated with a particular principal.
  • When given a set of assumptions and a security goal to prove, you should be able to prove, using formal inference rules, if the security goal is true or not.
  • When given a description of a trust topology, you should be able to create a formal description of the certificates and trust relationships for the certification authorities.
  • When given a ``real life'' scenario that incorporates principals, certificates, delegation, and access control, you should be able to formally describe the scenario in the access-control logic and show how access-control decisions are made using the inference rules of the access-control logic.

    • For some practice

    Last year's exam, and some sample solutions

    The Aftermath:

    The exam itself, plus sample solutions

    Last modified: Mon 16 Nov 2009
    Susan Older / sueo@ecs.syr.edu