Computer Security Art and Science

  • ISBN13:


  • ISBN10:


  • Edition: 1st
  • Format: Hardcover
  • Copyright: 2002-12-02
  • Publisher: Addison-Wesley Professional
  • View Upgraded Edition

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $99.99 Save up to $95.62
  • Rent Book $4.99
    Add to Cart Free Shipping

    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

Supplemental Materials

What is included with this book?


"This is an excellent text that should be read by every computer security professional and student." -Dick Kemmerer, University of California, Santa Barbara. "This is the most complete book on information security theory, technology, and practice that I have encountered anywhere!" -Marvin Schaefer, Former Chief Scientist, National Computer Security Center, NSA This highly anticipated book fully introduces the theory and practice of computer security. It is both a comprehensive text, explaining the most fundamental and pervasive aspects of the field, and a detailed reference filled with valuable information for even the most seasoned practitioner. In this one extraordinary volume the author incorporates concepts from computer systems, networks, human factors, and cryptography. In doing so, he effectively demonstrates that computer security is an art as well as a science. Computer Security: Art and Science includes detailed discussions on: bull;The nature and challenges of computer security bull;The relationship between policy and security bull;The role and application of cryptography bull;The mechanisms used to implement policies bull;Methodologies and technologies for assurance bull;Vulnerability analysis and intrusion detection Computer Security discusses different policy models, and presents mechanisms that can be used to enforce these policies. It concludes with examples that show how to apply the principles discussed in earlier sections, beginning with networks and moving on to systems, users, and programs. This important work is essential for anyone who needs to understand, implement, or maintain a secure network or computer system. 0201440997B10252002

Author Biography

Matt Bishop is Associate Professor in the Department of Computer Science at the University of California at Davis.

Table of Contents

Prefacep. xxxi
Goalsp. xxxii
Philosophyp. xxxiii
Organizationp. xxxv
Roadmapp. xxxvi
Dependenciesp. xxxvi
Backgroundp. xxxvii
Undergraduate Levelp. xxxviii
Graduate Levelp. xxxviii
Practitionersp. xl
Special Acknowledgmentp. xl
Acknowledgmentsp. xl
Introductionp. 1
An Overview of Computer Securityp. 3
The Basic Componentsp. 3
Threatsp. 6
Policy and Mechanismp. 9
Assumptions and Trustp. 11
Assurancep. 12
Operational Issuesp. 16
Human Issuesp. 19
Tying It All Togetherp. 22
Summaryp. 23
Research Issuesp. 24
Further Readingp. 24
Exercisesp. 25
Foundationsp. 29
Access Control Matrixp. 31
Protection Statep. 31
Access Control Matrix Modelp. 32
Protection State Transitionsp. 37
Copying, Owning, and the Attenuation of Privilegep. 41
Summaryp. 43
Research Issuesp. 44
Further Readingp. 44
Exercisesp. 44
Foundational Resultsp. 47
The General Questionp. 47
Basic Resultsp. 48
The Take-Grant Protection Modelp. 53
Closing the Gapp. 65
Expressive Power and the Modelsp. 78
Summaryp. 90
Research Issuesp. 90
Further Readingp. 91
Exercisesp. 91
Policyp. 93
Security Policiesp. 95
Security Policiesp. 95
Types of Security Policiesp. 99
The Role of Trustp. 101
Types of Access Controlp. 103
Policy Languagesp. 104
Example: Academic Computer Security Policyp. 111
Security and Precisionp. 114
Summaryp. 119
Research Issuesp. 119
Further Readingp. 120
Exercisesp. 120
Confidentiality Policiesp. 123
Goals of Confidentiality Policiesp. 123
The Bell-LaPadula Modelp. 124
Tranquilityp. 142
The Controversy over the Bell-LaPadula Modelp. 143
Summaryp. 148
Research Issuesp. 148
Further Readingp. 149
Exercisesp. 150
Integrity Policiesp. 151
Goalsp. 151
Biba Integrity Modelp. 153
Lipner's Integrity Matrix Modelp. 156
Clark-Wilson Integrity Modelp. 160
Summaryp. 166
Research Issuesp. 166
Further Readingp. 167
Exercisesp. 167
Hybrid Policiesp. 169
Chinese Wall Modelp. 169
Clinical Information Systems Security Policyp. 177
Originator Controlled Access Controlp. 180
Role-Based Access Controlp. 182
Summaryp. 184
Research Issuesp. 184
Further Readingp. 184
Exercisesp. 185
Noninterference and Policy Compositionp. 187
The Problemp. 187
Deterministic Noninterferencep. 191
Nondeducibilityp. 202
Generalized Noninterferencep. 205
Restrictivenessp. 208
Summaryp. 210
Research Issuesp. 211
Further Readingp. 211
Exercisesp. 212
Implementation I: Cryptographyp. 215
Basic Cryptographyp. 217
What Is Cryptography?p. 217
Classical Cryptosystemsp. 218
Public Key Cryptographyp. 233
Cryptographic Checksumsp. 237
Summaryp. 239
Research Issuesp. 240
Further Readingp. 240
Exercisesp. 241
Key Managementp. 245
Session and Interchange Keysp. 246
Key Exchangep. 246
Key Generationp. 252
Cryptographic Key Infrastructuresp. 254
Storing and Revoking Keysp. 261
Digital Signaturesp. 266
Summaryp. 270
Research Issuesp. 271
Further Readingp. 272
Exercisesp. 272
Cipher Techniquesp. 275
Problemsp. 275
Stream and Block Ciphersp. 277
Networks and Cryptographyp. 283
Example Protocolsp. 286
Summaryp. 306
Research Issuesp. 306
Further Readingp. 306
Exercisesp. 307
Authenticationp. 309
Authentication Basicsp. 309
Passwordsp. 310
Challenge-Responsep. 324
Biometricsp. 328
Locationp. 331
Multiple Methodsp. 331
Summaryp. 333
Research Issuesp. 334
Further Readingp. 335
Exercisesp. 335
Implementation II: Systemsp. 339
Design Principlesp. 341
Overviewp. 341
Design Principlesp. 343
Summaryp. 349
Research Issuesp. 350
Further Readingp. 350
Exercisesp. 351
Representing Identityp. 353
What Is Identity?p. 353
Files and Objectsp. 354
Usersp. 355
Groups and Rolesp. 356
Naming and Certificatesp. 357
Identity on the Webp. 366
Summaryp. 377
Research Issuesp. 378
Further Readingp. 378
Exercisesp. 379
Access Control Mechanismsp. 381
Access Control Listsp. 381
Capabilitiesp. 390
Locks and Keysp. 396
Ring-Based Access Controlp. 400
Propagated Access Control Listsp. 402
Summaryp. 404
Research Issuesp. 404
Further Readingp. 405
Exercisesp. 405
Information Flowp. 407
Basics and Backgroundp. 407
Nonlattice Information Flow Policiesp. 410
Compiler-Based Mechanismsp. 415
Execution-Based Mechanismsp. 429
Example Information Flow Controlsp. 433
Summaryp. 436
Research Issuesp. 436
Further Readingp. 437
Exercisesp. 437
Confinement Problemp. 439
The Confinement Problemp. 439
Isolationp. 442
Covert Channelsp. 446
Summaryp. 470
Research Issuesp. 471
Further Readingp. 472
Exercisesp. 472
Assurancep. 475
Introduction to Assurancep. 477
Assurance and Trustp. 477
Building Secure and Trusted Systemsp. 484
Summaryp. 492
Research Issuesp. 493
Further Readingp. 494
Exercisesp. 494
Building Systems with Assurancep. 497
Assurance in Requirements Definition and Analysisp. 497
Assurance During System and Software Designp. 510
Assurance in Implementation and Integrationp. 531
Assurance During Operation and Maintenancep. 541
Summaryp. 541
Research Issuesp. 542
Further Readingp. 542
Exercisesp. 543
Formal Methodsp. 545
Formal Verification Techniquesp. 545
Formal Specificationp. 548
Early Formal Verification Techniquesp. 551
Current Verification Systemsp. 559
Summaryp. 567
Research Issuesp. 568
Further Readingp. 568
Exercisesp. 569
Evaluating Systemsp. 571
Goals of Formal Evaluationp. 571
TCSEC: 1983-1999p. 574
International Efforts and the ITSEC: 1991-2001p. 581
Commercial International Security Requirements: 1991p. 586
Other Commercial Efforts: Early 1990sp. 587
The Federal Criteria: 1992p. 587
FIPS 140: 1994-Presentp. 589
The Common Criteria: 1998-Presentp. 591
SSE-CMM: 1997-Presentp. 604
Summaryp. 607
Research Issuesp. 608
Further Readingp. 608
Exercisesp. 609
Special Topicsp. 611
Malicious Logicp. 613
Introductionp. 613
Trojan Horsesp. 614
Computer Virusesp. 615
Computer Wormsp. 623
Other Forms of Malicious Logicp. 624
Theory of Malicious Logicp. 626
Defensesp. 630
Summaryp. 640
Research Issuesp. 640
Further Readingp. 641
Exercisesp. 642
Vulnerability Analysisp. 645
Introductionp. 645
Penetration Studiesp. 647
Vulnerability Classificationp. 660
Frameworksp. 662
Gupta and Gligor's Theory of Penetration Analysisp. 678
Summaryp. 683
Research Issuesp. 683
Further Readingp. 684
Exercisesp. 685
Auditingp. 689
Definitionsp. 689
Anatomy of an Auditing Systemp. 690
Designing an Auditing Systemp. 693
A Posteriori Designp. 701
Auditing Mechanismsp. 705
Examples: Auditing File Systemsp. 708
Audit Browsingp. 715
Summaryp. 718
Research Issuesp. 718
Further Readingp. 719
Exercisesp. 720
Intrusion Detectionp. 723
Principlesp. 723
Basic Intrusion Detectionp. 724
Modelsp. 727
Architecturep. 742
Organization of Intrusion Detection Systemsp. 748
Intrusion Responsep. 754
Summaryp. 765
Research Issuesp. 765
Further Readingp. 767
Exercisesp. 767
Practicump. 771
Network Securityp. 773
Introductionp. 773
Policy Developmentp. 774
Network Organizationp. 779
Availability and Network Floodingp. 793
Anticipating Attacksp. 796
Summaryp. 798
Research Issuesp. 798
Further Readingp. 799
Exercisesp. 799
System Securityp. 805
Introductionp. 805
Policyp. 806
Networksp. 811
Usersp. 817
Authenticationp. 822
Processesp. 825
Filesp. 831
Retrospectivep. 837
Summaryp. 838
Research Issuesp. 839
Further Readingp. 840
Exercisesp. 840
User Securityp. 845
Policyp. 845
Accessp. 846
Files and Devicesp. 852
Processesp. 860
Electronic Communicationsp. 865
Summaryp. 866
Research Issuesp. 867
Further Readingp. 867
Exercisesp. 868
Program Securityp. 869
Introductionp. 869
Requirements and Policyp. 870
Designp. 873
Refinement and Implementationp. 880
Common Security-Related Programming Problemsp. 887
Testing, Maintenance, and Operationp. 913
Distributionp. 917
Conclusionp. 919
Summaryp. 919
Research Issuesp. 919
Further Readingp. 920
Exercisesp. 920
End Matterp. 923
Latticesp. 925
Basicsp. 925
Latticesp. 926
Exercisesp. 927
The Extended Euclidean Algorithmp. 929
The Euclidean Algorithmp. 929
The Extended Euclidean Algorithmp. 930
Solving ax mod n = 1p. 932
Solving ax mod n = bp. 932
Exercisesp. 933
Entropy and Uncertaintyp. 935
Conditional and Joint Probabilityp. 935
Entropy and Uncertaintyp. 937
Joint and Conditional Entropyp. 938
Exercisesp. 940
Virtual Machinesp. 941
Virtual Machine Structurep. 941
Virtual Machine Monitorp. 942
Exercisesp. 946
Symbolic Logicp. 947
Propositional Logicp. 947
Predicate Logicp. 952
Temporal Logic Systemsp. 954
Exercisesp. 956
Example Academic Security Policyp. 959
University of California E-mail Policyp. 959
The Acceptable Use Policy for the University of California, Davisp. 989
Bibliographyp. 993
Indexp. 1063
Table of Contents provided by Syndetics. All Rights Reserved.


Hortensio: Madam, before you touch the instrument To learn the order of my fingering, I must begin with rudiments of art To teach you gamouth in a briefer sort, More pleasant, pithy and effectual, Than hath been taught by any of my trade; And there it is in writing, fairly drawn. The Taming of the Shrew,III, i, 62-68. On September 11, 2001, terrorists seized control of four airplanes. Three were flown into buildings, and a fourth crashed, with catastrophic loss of life. In the aftermath, the security and reliability of many aspects of society drew renewed scrutiny. One of these aspects was the widespread use of computers and their interconnecting networks. The issue is not new. In 1988, approximately 5,000 computers throughout the Internet were rendered unusable within 4 hours by a program called a worm. While the spread, and the effects, of this program alarmed computer scientists, most people were not worried because the worm did not affect their lives or their ability to do their jobs. In 1993, more users of computer systems were alerted to such dangers when a set of programs called sniffers were placed on many computers run by network service providers and recorded login names and passwords. After an attack on Tsutomu Shimomura's computer system, and the fascinating way Shimomura followed the attacker's trail, which led to his arrest, the public's interest and apprehension were finally aroused. Computers were now vulnerable. Their once reassuring protections were now viewed as flimsy. Several films explored these concerns. Movies such asWar GamesandHackersprovided images of people who can, at will, wander throughout computers and networks, maliciously or frivolously corrupting or destroying information it may have taken millions of dollars to amass. (Reality intruded on Hackers when the World Wide Web page set up by MGM/United Artists was quickly altered to present an irreverent commentary on the movie and to suggest that viewers seeThe Netinstead. Paramount Pictures denied doing this.) Another film,Sneakers,presented a picture of those who test the security of computer (and other) systems for their owners and for the government. Goals This book has three goals. The first is to show the importance of theory to practice and of practice to theory. All too often, practitioners regard theory as irrelevant and theoreticians think of practice as trivial. In reality, theory and practice are symbiotic. For example, the theory of covert channels, in which the goal is to limit the ability of processes to communicate through shared resources, provides a mechanism for evaluating the effectiveness of mechanisms that confine processes, such as sandboxes and firewalls. Similarly, business practices in the commercial world led to the development of several security policy models such as the Clark-Wilson model and the Chinese Wall model. These models in turn help the designers of security policies better understand and evaluate the mechanisms and procedures needed to secure their sites. The second goal is to emphasize that computer security and cryptography are different. Although cryptography is an essential component of computer security, it is by no means the only component. Cryptography provides a mechanism for performing specific functions, such as preventing unauthorized people from reading and altering messages on a network. However, unless developers understand the context in which they are using cryptography, and unless the assumptions underlying the protocol and the cryptographic mechanisms apply to the context, the cryptography may not add to the security of the system. The canonical example is the use of cryptography to secure communications between two low-security systems. If only trusted users can access the two systems, cryptography protects messages in transit. But if untrusted users can access either system

Rewards Program

Write a Review