did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780470741153

Computer Security, 3rd Edition

by
  • ISBN13:

    9780470741153

  • ISBN10:

    0470741155

  • Edition: 3rd
  • Format: Paperback
  • Copyright: 2011-02-28
  • Publisher: Wiley

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $70.34 Save up to $45.59
  • Rent Book $40.09
    Add to Cart Free Shipping Icon Free Shipping

    TERM
    PRICE
    DUE
    USUALLY SHIPS IN 24-48 HOURS
    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

Supplemental Materials

What is included with this book?

Summary

Completely updated and up-to-the-minute textbook for courses on computer science. The third edition has been completely revised to include new advances in software and technology over the last few years. Provides sections on Windows NT, CORBA and Java which are not examined in comparable titles. No active previous experience of security issues is necessary making this accessible to Software Developers and Managers whose responsibilities span any technical aspects of IT security. Written for self-study and course use, this book will suit a variety of introductory and more advanced security programmes for students of computer science, engineering and related disciplines. Technical and project managers will also find that the broad coverage offers a great starting point for discovering underlying issues and provides a means of orientation in a world populated by a bewildering array of competing security systems.

Author Biography

Dieter Gollmann, Technical University of Hamburg-Harburg.

Table of Contents

Preface xvii
- History of Computer Securityp. 1
The Dawn of Computer Securityp. 2
1970s - Mainframesp. 3
1980s - Personal Computersp. 4
1990s - Internetp. 6
2000s - The Webp. 8
Conclusions - The Benefits of Hindsightp. 10
Exercisesp. 11
- Managing Securityp. 13
Attacks and Attackersp. 14
Security Managementp. 15
Risk and Threat Analysisp. 21
Further Readingp. 29
Exercisesp. 29
- Foundations of Computer Securityp. 31
Definitionsp. 32
The Fundamental Dilemma of Computer Securityp. 40
Data vs Informationp. 40
Principles of Computer Securityp. 41
The Layer Belowp. 45
The Layer Abovep. 47
Further Readingp. 47
Exercisesp. 48
- Identification and Authenticationp. 49
Username and Passwordp. 50
Bootstrapping Password Protectionp. 51
Guessing Passwordsp. 52
Phishing, Spoofing, and Social Engineeringp. 54
Protecting the Password Filep. 56
Single Sign-onp. 58
Alternative Approachesp. 59
Further Readingp. 63
Exercisesp. 63
- Access Controlp. 65
Backgroundp. 66
Authentication and Authorizationp. 66
Access Operationsp. 68
Access Control Structuresp. 71
Ownershipp. 73
Intermediate Controlsp. 74
Policy Instantiationp. 79
Comparing Security Attributesp. 79
Further Readingp. 84
Exercisesp. 84
- Reference Monitorsp. 87
Introductionp. 88
Operating System Integrityp. 90
Hardware Security Featuresp. 91
Protecting Memoryp. 99
Further Readingp. 103
Exercisesp. 104
- Unix Securityp. 107
Introductionp. 108
Principalsp. 109
Subjectsp. 111
Objectsp. 113
Access Controlp. 116
Instances of General Security Principlesp. 119
Management Issuesp. 125
Further Readingp. 128
Exercisesp. 128
- Windows Securityp. 131
Introductionp. 132
Components of Access Controlp. 135
Access Decisionsp. 142
Managing Policiesp. 145
Task-Dependent Access Rightsp. 147
Administrationp. 150
Further Readingp. 153
Exercisesp. 153
- Database Securityp. 155
Introductionp. 156
Relational Databasesp. 158
Access Controlp. 162
Statistical Database Securityp. 167
Integration with the Operating Systemp. 172
Privacyp. 173
Further Readingp. 175
Exercisesp. 175
- Software Securityp. 177
Introductionp. 178
Characters and Numbersp. 179
Canonical Representationsp. 183
Memory Managementp. 184
Data and Codep. 191
Race Conditionsp. 193
Defencesp. 194
Further Readingp. 201
Exercisesp. 202
- Bell-LaPadula Modelp. 205
State Machine Modelsp. 206
The Bell-LaPadula Modelp. 206
The Multics Interpretation of BLPp. 212
Further Readingp. 216
Exercisesp. 216
- Security Modelsp. 219
The Biba Modelp. 220
Chinese Wall Modelp. 221
The Clark-Wilson Modelp. 223
The Harrison-Ruzzo-Ullman Modelp. 225
Information-Flow Modelsp. 228
Execution Monitorsp. 230
Further Readingp. 232
Exercisesp. 233
- Security Evaluationp. 235
Introductionp. 236
The Orange Bookp. 239
The Rainbow Seriesp. 241
Information Technology Security Evaluation Criteriap. 242
The Federal Criteriap. 243
The Common Criteriap. 243
Quality Standardsp. 246
An Effort Well Spent?p. 247
Summaryp. 248
Further Readingp. 248
Exercisesp. 249
- Cryptographyp. 251
Introductionp. 252
Modular Arithmeticp. 256
Integrity Check Functionsp. 257
Digital Signaturesp. 260
Encryptionp. 264
Strength of Mechanismsp. 270
Performancep. 271
Further Readingp. 272
Exercisesp. 273
- Key Establishmentp. 275
Introductionp. 276
Key Establishment and Authenticationp. 276
Key Establishment Protocolsp. 279
Kerberosp. 283
Public-Key Infrastructuresp. 288
Trusted Computing - Attestationp. 293
Further Readingp. 295
Exercisesp. 295
- Communications Securityp. 297
Introductionp. 298
Protocol Design Principlesp. 299
IP Securityp. 301
IPsec and Network Address Translationp. 308
SSL/TLSp. 310
Extensible Authentication Protocolp. 314
Further Readingp. 316
Exercisesp. 316
- Network Securityp. 319
Introductionp. 320
Domain Name Systemp. 322
Firewallsp. 328
Intrusion Detectionp. 332
Further Readingp. 335
Exercisesp. 336
- Web Securityp. 339
Introductionp. 340
Authenticated Sessionsp. 342
Code Origin Policiesp. 346
Cross-Site Scriptingp. 347
Cross-Site Request Forgeryp. 350
JavaScript Hijackingp. 352
Web Services Securityp. 354
Further Readingp. 360
Exercisesp. 361
- Mobilityp. 363
Introductionp. 364
GSMp. 364
UMTSp. 369
Mobile IPv6 Securityp. 372
WLANp. 377
Bluetoothp. 381
Further Readingp. 383
Exercisesp. 383
- New Access Control Paradigmsp. 385
Introductionp. 386
SPKIp. 388
Trust Managementp. 390
Code-Based Access Controlp. 391
Java Securityp. 395
.NET Security Frameworkp. 400
Digital Rights Managementp. 405
Further Readingp. 406
Exercisesp. 406
Bibliographyp. 409
Indexp. 423
Table of Contents provided by Publisher. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program