Note: Supplemental materials are not guaranteed with Rental or Used book purchases.
Purchase Benefits
What is included with this book?
Preface xvii | |
- History of Computer Security | p. 1 |
The Dawn of Computer Security | p. 2 |
1970s - Mainframes | p. 3 |
1980s - Personal Computers | p. 4 |
1990s - Internet | p. 6 |
2000s - The Web | p. 8 |
Conclusions - The Benefits of Hindsight | p. 10 |
Exercises | p. 11 |
- Managing Security | p. 13 |
Attacks and Attackers | p. 14 |
Security Management | p. 15 |
Risk and Threat Analysis | p. 21 |
Further Reading | p. 29 |
Exercises | p. 29 |
- Foundations of Computer Security | p. 31 |
Definitions | p. 32 |
The Fundamental Dilemma of Computer Security | p. 40 |
Data vs Information | p. 40 |
Principles of Computer Security | p. 41 |
The Layer Below | p. 45 |
The Layer Above | p. 47 |
Further Reading | p. 47 |
Exercises | p. 48 |
- Identification and Authentication | p. 49 |
Username and Password | p. 50 |
Bootstrapping Password Protection | p. 51 |
Guessing Passwords | p. 52 |
Phishing, Spoofing, and Social Engineering | p. 54 |
Protecting the Password File | p. 56 |
Single Sign-on | p. 58 |
Alternative Approaches | p. 59 |
Further Reading | p. 63 |
Exercises | p. 63 |
- Access Control | p. 65 |
Background | p. 66 |
Authentication and Authorization | p. 66 |
Access Operations | p. 68 |
Access Control Structures | p. 71 |
Ownership | p. 73 |
Intermediate Controls | p. 74 |
Policy Instantiation | p. 79 |
Comparing Security Attributes | p. 79 |
Further Reading | p. 84 |
Exercises | p. 84 |
- Reference Monitors | p. 87 |
Introduction | p. 88 |
Operating System Integrity | p. 90 |
Hardware Security Features | p. 91 |
Protecting Memory | p. 99 |
Further Reading | p. 103 |
Exercises | p. 104 |
- Unix Security | p. 107 |
Introduction | p. 108 |
Principals | p. 109 |
Subjects | p. 111 |
Objects | p. 113 |
Access Control | p. 116 |
Instances of General Security Principles | p. 119 |
Management Issues | p. 125 |
Further Reading | p. 128 |
Exercises | p. 128 |
- Windows Security | p. 131 |
Introduction | p. 132 |
Components of Access Control | p. 135 |
Access Decisions | p. 142 |
Managing Policies | p. 145 |
Task-Dependent Access Rights | p. 147 |
Administration | p. 150 |
Further Reading | p. 153 |
Exercises | p. 153 |
- Database Security | p. 155 |
Introduction | p. 156 |
Relational Databases | p. 158 |
Access Control | p. 162 |
Statistical Database Security | p. 167 |
Integration with the Operating System | p. 172 |
Privacy | p. 173 |
Further Reading | p. 175 |
Exercises | p. 175 |
- Software Security | p. 177 |
Introduction | p. 178 |
Characters and Numbers | p. 179 |
Canonical Representations | p. 183 |
Memory Management | p. 184 |
Data and Code | p. 191 |
Race Conditions | p. 193 |
Defences | p. 194 |
Further Reading | p. 201 |
Exercises | p. 202 |
- Bell-LaPadula Model | p. 205 |
State Machine Models | p. 206 |
The Bell-LaPadula Model | p. 206 |
The Multics Interpretation of BLP | p. 212 |
Further Reading | p. 216 |
Exercises | p. 216 |
- Security Models | p. 219 |
The Biba Model | p. 220 |
Chinese Wall Model | p. 221 |
The Clark-Wilson Model | p. 223 |
The Harrison-Ruzzo-Ullman Model | p. 225 |
Information-Flow Models | p. 228 |
Execution Monitors | p. 230 |
Further Reading | p. 232 |
Exercises | p. 233 |
- Security Evaluation | p. 235 |
Introduction | p. 236 |
The Orange Book | p. 239 |
The Rainbow Series | p. 241 |
Information Technology Security Evaluation Criteria | p. 242 |
The Federal Criteria | p. 243 |
The Common Criteria | p. 243 |
Quality Standards | p. 246 |
An Effort Well Spent? | p. 247 |
Summary | p. 248 |
Further Reading | p. 248 |
Exercises | p. 249 |
- Cryptography | p. 251 |
Introduction | p. 252 |
Modular Arithmetic | p. 256 |
Integrity Check Functions | p. 257 |
Digital Signatures | p. 260 |
Encryption | p. 264 |
Strength of Mechanisms | p. 270 |
Performance | p. 271 |
Further Reading | p. 272 |
Exercises | p. 273 |
- Key Establishment | p. 275 |
Introduction | p. 276 |
Key Establishment and Authentication | p. 276 |
Key Establishment Protocols | p. 279 |
Kerberos | p. 283 |
Public-Key Infrastructures | p. 288 |
Trusted Computing - Attestation | p. 293 |
Further Reading | p. 295 |
Exercises | p. 295 |
- Communications Security | p. 297 |
Introduction | p. 298 |
Protocol Design Principles | p. 299 |
IP Security | p. 301 |
IPsec and Network Address Translation | p. 308 |
SSL/TLS | p. 310 |
Extensible Authentication Protocol | p. 314 |
Further Reading | p. 316 |
Exercises | p. 316 |
- Network Security | p. 319 |
Introduction | p. 320 |
Domain Name System | p. 322 |
Firewalls | p. 328 |
Intrusion Detection | p. 332 |
Further Reading | p. 335 |
Exercises | p. 336 |
- Web Security | p. 339 |
Introduction | p. 340 |
Authenticated Sessions | p. 342 |
Code Origin Policies | p. 346 |
Cross-Site Scripting | p. 347 |
Cross-Site Request Forgery | p. 350 |
JavaScript Hijacking | p. 352 |
Web Services Security | p. 354 |
Further Reading | p. 360 |
Exercises | p. 361 |
- Mobility | p. 363 |
Introduction | p. 364 |
GSM | p. 364 |
UMTS | p. 369 |
Mobile IPv6 Security | p. 372 |
WLAN | p. 377 |
Bluetooth | p. 381 |
Further Reading | p. 383 |
Exercises | p. 383 |
- New Access Control Paradigms | p. 385 |
Introduction | p. 386 |
SPKI | p. 388 |
Trust Management | p. 390 |
Code-Based Access Control | p. 391 |
Java Security | p. 395 |
.NET Security Framework | p. 400 |
Digital Rights Management | p. 405 |
Further Reading | p. 406 |
Exercises | p. 406 |
Bibliography | p. 409 |
Index | p. 423 |
Table of Contents provided by Publisher. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.