Computer Security, 3rd Edition,9780470741153

$ We buy this book back!

Computer Security, 3rd Edition

by Dieter Gollmann (Technical University of Hamburg-Harburg)

Edition:

3rd

ISBN13:

9780470741153

ISBN10:

0470741155

Format:

Paperback

Pub. Date:

3/1/2011

Publisher(s):

Wiley

Other versions by this Author

List Price: ~~$69.60~~

Rent Textbook

(Recommended)

Term

Due

Price

Short Term

Aug 2

$15.90

Semester

Sep 30

$27.84

Quarter

Aug 21

$24.36

$15.90

Buy Used Textbook

In Stock Usually Ships in 24 Hours.

$48.72

Buy New Textbook

Currently Available, Usually Ships in 24-48 Hours

$67.86

eTextbook

360 day subscription

$37.80

More New and Used
from Private Sellers

Starting at $24.98

Questions About This Book?

Why should I rent this book?

Renting is easy, fast, and cheap! Renting from eCampus.com can save you hundreds of dollars compared to the cost of new or used books each semester. At the end of the semester, simply ship the book back to us with a free UPS shipping label! No need to worry about selling it back.

How do rental returns work?

Returning books is as easy as possible. As your rental due date approaches, we will email you several courtesy reminders. When you are ready to return, you can print a free UPS shipping label from our website at any time. Then, just return the book to your UPS driver or any staffed UPS location. You can even use the same box we shipped it in!

What version or edition is this?

This is the 3rd edition with a publication date of 3/1/2011.

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any CDs, lab manuals, study guides, etc.
The Used copy of this book is not guaranteed to inclue any supplemental materials. Typically, only the book itself is included.
The Rental copy of this book is not guaranteed to include any supplemental materials. You may receive a brand new copy, but typically, only the book itself.

Summary

Completely updated and up-to-the-minute textbook for courses on computer science. The third edition has been completely revised to include new advances in software and technology over the last few years. Provides sections on Windows NT, CORBA and Java which are not examined in comparable titles. No active previous experience of security issues is necessary making this accessible to Software Developers and Managers whose responsibilities span any technical aspects of IT security. Written for self-study and course use, this book will suit a variety of introductory and more advanced security programmes for students of computer science, engineering and related disciplines. Technical and project managers will also find that the broad coverage offers a great starting point for discovering underlying issues and provides a means of orientation in a world populated by a bewildering array of competing security systems.

Preface xvii
- History of Computer Security	p. 1
The Dawn of Computer Security	p. 2
1970s - Mainframes	p. 3
1980s - Personal Computers	p. 4
1990s - Internet	p. 6
2000s - The Web	p. 8
Conclusions - The Benefits of Hindsight	p. 10
Exercises	p. 11
- Managing Security	p. 13
Attacks and Attackers	p. 14
Security Management	p. 15
Risk and Threat Analysis	p. 21
Further Reading	p. 29
Exercises	p. 29
- Foundations of Computer Security	p. 31
Definitions	p. 32
The Fundamental Dilemma of Computer Security	p. 40
Data vs Information	p. 40
Principles of Computer Security	p. 41
The Layer Below	p. 45
The Layer Above	p. 47
Further Reading	p. 47
Exercises	p. 48
- Identification and Authentication	p. 49
Username and Password	p. 50
Bootstrapping Password Protection	p. 51
Guessing Passwords	p. 52
Phishing, Spoofing, and Social Engineering	p. 54
Protecting the Password File	p. 56
Single Sign-on	p. 58
Alternative Approaches	p. 59
Further Reading	p. 63
Exercises	p. 63
- Access Control	p. 65
Background	p. 66
Authentication and Authorization	p. 66
Access Operations	p. 68
Access Control Structures	p. 71
Ownership	p. 73
Intermediate Controls	p. 74
Policy Instantiation	p. 79
Comparing Security Attributes	p. 79
Further Reading	p. 84
Exercises	p. 84
- Reference Monitors	p. 87
Introduction	p. 88
Operating System Integrity	p. 90
Hardware Security Features	p. 91
Protecting Memory	p. 99
Further Reading	p. 103
Exercises	p. 104
- Unix Security	p. 107
Introduction	p. 108
Principals	p. 109
Subjects	p. 111
Objects	p. 113
Access Control	p. 116
Instances of General Security Principles	p. 119
Management Issues	p. 125
Further Reading	p. 128
Exercises	p. 128
- Windows Security	p. 131
Introduction	p. 132
Components of Access Control	p. 135
Access Decisions	p. 142
Managing Policies	p. 145
Task-Dependent Access Rights	p. 147
Administration	p. 150
Further Reading	p. 153
Exercises	p. 153
- Database Security	p. 155
Introduction	p. 156
Relational Databases	p. 158
Access Control	p. 162
Statistical Database Security	p. 167
Integration with the Operating System	p. 172
Privacy	p. 173
Further Reading	p. 175
Exercises	p. 175
- Software Security	p. 177
Introduction	p. 178
Characters and Numbers	p. 179
Canonical Representations	p. 183
Memory Management	p. 184
Data and Code	p. 191
Race Conditions	p. 193
Defences	p. 194
Further Reading	p. 201
Exercises	p. 202
- Bell-LaPadula Model	p. 205
State Machine Models	p. 206
The Bell-LaPadula Model	p. 206
The Multics Interpretation of BLP	p. 212
Further Reading	p. 216
Exercises	p. 216
- Security Models	p. 219
The Biba Model	p. 220
Chinese Wall Model	p. 221
The Clark-Wilson Model	p. 223
The Harrison-Ruzzo-Ullman Model	p. 225
Information-Flow Models	p. 228
Execution Monitors	p. 230
Further Reading	p. 232
Exercises	p. 233
- Security Evaluation	p. 235
Introduction	p. 236
The Orange Book	p. 239
The Rainbow Series	p. 241
Information Technology Security Evaluation Criteria	p. 242
The Federal Criteria	p. 243
The Common Criteria	p. 243
Quality Standards	p. 246
An Effort Well Spent?	p. 247
Summary	p. 248
Further Reading	p. 248
Exercises	p. 249
- Cryptography	p. 251
Introduction	p. 252
Modular Arithmetic	p. 256
Integrity Check Functions	p. 257
Digital Signatures	p. 260
Encryption	p. 264
Strength of Mechanisms	p. 270
Performance	p. 271
Further Reading	p. 272
Exercises	p. 273
- Key Establishment	p. 275
Introduction	p. 276
Key Establishment and Authentication	p. 276
Key Establishment Protocols	p. 279
Kerberos	p. 283
Public-Key Infrastructures	p. 288
Trusted Computing - Attestation	p. 293
Further Reading	p. 295
Exercises	p. 295
- Communications Security	p. 297
Introduction	p. 298
Protocol Design Principles	p. 299
IP Security	p. 301
IPsec and Network Address Translation	p. 308
SSL/TLS	p. 310
Extensible Authentication Protocol	p. 314
Further Reading	p. 316
Exercises	p. 316
- Network Security	p. 319
Introduction	p. 320
Domain Name System	p. 322
Firewalls	p. 328
Intrusion Detection	p. 332
Further Reading	p. 335
Exercises	p. 336
- Web Security	p. 339
Introduction	p. 340
Authenticated Sessions	p. 342
Code Origin Policies	p. 346
Cross-Site Scripting	p. 347
Cross-Site Request Forgery	p. 350
JavaScript Hijacking	p. 352
Web Services Security	p. 354
Further Reading	p. 360
Exercises	p. 361
- Mobility	p. 363
Introduction	p. 364
GSM	p. 364
UMTS	p. 369
Mobile IPv6 Security	p. 372
WLAN	p. 377
Bluetooth	p. 381
Further Reading	p. 383
Exercises	p. 383
- New Access Control Paradigms	p. 385
Introduction	p. 386
SPKI	p. 388
Trust Management	p. 390
Code-Based Access Control	p. 391
Java Security	p. 395
.NET Security Framework	p. 400
Digital Rights Management	p. 405
Further Reading	p. 406
Exercises	p. 406
Bibliography	p. 409
Index	p. 423
Table of Contents provided by Publisher. All Rights Reserved.