From 179580e721140232a5cad45b245e481ecebf60c7 Mon Sep 17 00:00:00 2001 From: Jet Hughes Date: Fri, 5 Aug 2022 15:29:10 +1200 Subject: [PATCH] vault backup: 2022-08-05 15:29:10 --- ...-authentication-authorisation-passwords.md | 10 +++ content/notes/04-computer-architecture.md | 4 +- content/notes/05-6809-assembly.md | 7 ++- content/notes/07-6809-advanced.md | 4 +- content/notes/authentication.md | 26 ++++++++ content/notes/authorisation.md | 18 ++++++ content/notes/cmoc.md | 62 +++++++++++++++++++ content/notes/comp-210.md | 5 +- content/notes/cosc-204.md | 1 + content/notes/passwords.md | 25 ++++++++ 10 files changed, 154 insertions(+), 8 deletions(-) create mode 100644 content/notes/authentication.md create mode 100644 content/notes/authorisation.md create mode 100644 content/notes/cmoc.md create mode 100644 content/notes/passwords.md diff --git a/content/notes/04-authentication-authorisation-passwords.md b/content/notes/04-authentication-authorisation-passwords.md index 612cba992..00a5c96cf 100644 --- a/content/notes/04-authentication-authorisation-passwords.md +++ b/content/notes/04-authentication-authorisation-passwords.md @@ -9,6 +9,16 @@ sr-interval: 3 sr-ease: 250 --- +- [authorisation](notes/authorisation.md) +- [authentication](notes/authentication.md) +- [passwords](notes/passwords.md) + + + + + + + # Authentication - proof of identity - need to be sure a user is who they say they are before you can trust them diff --git a/content/notes/04-computer-architecture.md b/content/notes/04-computer-architecture.md index c3f220c4b..0dc09e9a9 100644 --- a/content/notes/04-computer-architecture.md +++ b/content/notes/04-computer-architecture.md @@ -4,8 +4,8 @@ aliases: tags: - cosc204 - lecture -sr-due: 2022-08-04 -sr-interval: 8 +sr-due: 2022-08-24 +sr-interval: 19 sr-ease: 250 --- diff --git a/content/notes/05-6809-assembly.md b/content/notes/05-6809-assembly.md index e0cf48447..fc04d5de9 100644 --- a/content/notes/05-6809-assembly.md +++ b/content/notes/05-6809-assembly.md @@ -4,12 +4,15 @@ aliases: tags: - lecture - cosc204 -sr-due: 2022-08-05 -sr-interval: 7 +sr-due: 2022-08-23 +sr-interval: 18 sr-ease: 250 --- +- [6809](notes/6809.md) + + # Warnings - different CPU architectures have their own machine codes and their own assembly languages - assembly language programs are **not** portable across CPU architectures (e.g., 6809 to x86 ARM) but are often backwards compatible (e.g., x86_64 family) diff --git a/content/notes/07-6809-advanced.md b/content/notes/07-6809-advanced.md index 8ad4a1011..84133e873 100644 --- a/content/notes/07-6809-advanced.md +++ b/content/notes/07-6809-advanced.md @@ -4,8 +4,8 @@ aliases: tags: - lecture - cosc204 -sr-due: 2022-08-04 -sr-interval: 3 +sr-due: 2022-08-15 +sr-interval: 10 sr-ease: 250 --- diff --git a/content/notes/authentication.md b/content/notes/authentication.md new file mode 100644 index 000000000..ff3cba1fc --- /dev/null +++ b/content/notes/authentication.md @@ -0,0 +1,26 @@ +--- +title: "authentication" +aliases: +tags: +- comp210 +--- + +# Authentication +- proof of identity +- need to be sure a user is who they say they are before you can trust them +- usually done via a unique identifier + - unique username +- and a secret that is only known by the authorised user + - password + - biometrics + - 2fa code + +## MFA +- many secrets +- protects user/system in the case that a password is disclosed +- additional secrets generated at the time of use. + - short lived + - if found - attackers have a small windoe to exploit +- e.g., + - sms message + - authenticator app diff --git a/content/notes/authorisation.md b/content/notes/authorisation.md new file mode 100644 index 000000000..900d28222 --- /dev/null +++ b/content/notes/authorisation.md @@ -0,0 +1,18 @@ +--- +title: "authorisation" +aliases: +tags: +- comp210 +--- + + +# Authorisation +- verifying that a user is allowed to access the operation that they are attempting to access +- requires explicit check in the system for restricted operatons + - some code that check if the roles assigned to the authenticaed user intersect the roles required for the current operation +- use is assigned a **role** that defines the operations they are allowed to perform +- e.g. + - custoemer - can view products, and see retail prices + - sales rep - can view products and see retail and cost prices + - manager - can add/delete/modify products + - admin - can change system configuration. can assign roles to users \ No newline at end of file diff --git a/content/notes/cmoc.md b/content/notes/cmoc.md new file mode 100644 index 000000000..000b95eee --- /dev/null +++ b/content/notes/cmoc.md @@ -0,0 +1,62 @@ +--- +title: "cmoc" +aliases: +tags: +- cosc204 +--- + +CMOC is a 6809 c compiler. + +it compiles c code into 6809 assembly + +callling conventions +- A routine must preserve Y, U, S and DP +- A routine may change A, B, X and CC + +- Parameters are pushed on the stack in the reverse order +- The caller pops them off the stack after the call + +- char parameters are promoted to int +- unsigned char are promoted to unsigned int + +- Return 8-but values in B +- Return 16-bit values in D + +# examples +parameters +``` c +uint16_t two_params(uint8_t first, uint16_t second) { + return first + second; +} + +uint16_t call_one(void) { + return two_params(204, 431); +} +``` + +``` +``` + +local variables + +``` c +uint16_t one_param(uint16_t xyzzy) { + uint16_t val = xyzzy; + return val; +} +``` + +``` +_one_param + PSHS U + LEAU ,S + LEAS -2,S + * Formal parameter(s): + * 4,U: 2 bytes: xyzzy + * Local non-static variable(s): + * -2,U: 2 bytes: val + LDD 4,U + STD -2,U + LEAS ,U + PULS U,PC +``` diff --git a/content/notes/comp-210.md b/content/notes/comp-210.md index e43f887df..9ecaefa38 100644 --- a/content/notes/comp-210.md +++ b/content/notes/comp-210.md @@ -20,6 +20,9 @@ No final exam - [cia-triad](notes/cia-triad.md) - [cryptography](notes/cryptography.md) - [randomness](notes/randomness.md) +- [authorisation](notes/authorisation.md) +- [authentication](notes/authentication.md) +- [passwords](notes/passwords.md) # Lectures - [01-information-assurance](notes/01-information-assurance.md) @@ -27,5 +30,3 @@ No final exam - [03-threats-social-engineering-and-failures](notes/03-threats-social-engineering-and-failures.md) - [04-authentication-authorisation-passwords](notes/04-authentication-authorisation-passwords.md) - [05-cryptography](notes/05-cryptography.md) - -# Archive diff --git a/content/notes/cosc-204.md b/content/notes/cosc-204.md index a6ee40053..90b855663 100644 --- a/content/notes/cosc-204.md +++ b/content/notes/cosc-204.md @@ -27,6 +27,7 @@ tags: - [ALU](notes/ALU.md) - [computer-architecture](notes/computer-architecture.md) - [6809-addressing-modes](notes/6809-addressing-modes.md) +- [6809](notes/6809.md) # Lectures - [01-bits-and-bytes](notes/01-bits-and-bytes.md) diff --git a/content/notes/passwords.md b/content/notes/passwords.md new file mode 100644 index 000000000..4bbf68ce6 --- /dev/null +++ b/content/notes/passwords.md @@ -0,0 +1,25 @@ +--- +title: "passwords" +aliases: +tags: +- comp210 +--- + +# Passwords +- not good +- lots of bad advice +- we are lazy +- "safe" passwords are difficult to enter on touch screen devices +- to many accouts + +## entropy +- amount of randomness +- measure of the number of guesse an attacker would need to brute foarce +- $E = log_2(A^L)$ +- A = size of alphabet +- L = length of password +- E = entropy in bits +- 80 bits is "safe" + - would take decades +- 6 digits passoword - 29 bits (took 4 seconds to brute force) +- + uppercase and numbers - 36 bits \ No newline at end of file