Note: Supplemental materials are not guaranteed with Rental or Used book purchases.
Purchase Benefits
What is included with this book?
Preface | p. xxxi |
Goals | p. xxxii |
Philosophy | p. xxxiii |
Organization | p. xxxv |
Roadmap | p. xxxvi |
Dependencies | p. xxxvi |
Background | p. xxxvii |
Undergraduate Level | p. xxxviii |
Graduate Level | p. xxxviii |
Practitioners | p. xl |
Special Acknowledgment | p. xl |
Acknowledgments | p. xl |
Introduction | p. 1 |
An Overview of Computer Security | p. 3 |
The Basic Components | p. 3 |
Threats | p. 6 |
Policy and Mechanism | p. 9 |
Assumptions and Trust | p. 11 |
Assurance | p. 12 |
Operational Issues | p. 16 |
Human Issues | p. 19 |
Tying It All Together | p. 22 |
Summary | p. 23 |
Research Issues | p. 24 |
Further Reading | p. 24 |
Exercises | p. 25 |
Foundations | p. 29 |
Access Control Matrix | p. 31 |
Protection State | p. 31 |
Access Control Matrix Model | p. 32 |
Protection State Transitions | p. 37 |
Copying, Owning, and the Attenuation of Privilege | p. 41 |
Summary | p. 43 |
Research Issues | p. 44 |
Further Reading | p. 44 |
Exercises | p. 44 |
Foundational Results | p. 47 |
The General Question | p. 47 |
Basic Results | p. 48 |
The Take-Grant Protection Model | p. 53 |
Closing the Gap | p. 65 |
Expressive Power and the Models | p. 78 |
Summary | p. 90 |
Research Issues | p. 90 |
Further Reading | p. 91 |
Exercises | p. 91 |
Policy | p. 93 |
Security Policies | p. 95 |
Security Policies | p. 95 |
Types of Security Policies | p. 99 |
The Role of Trust | p. 101 |
Types of Access Control | p. 103 |
Policy Languages | p. 104 |
Example: Academic Computer Security Policy | p. 111 |
Security and Precision | p. 114 |
Summary | p. 119 |
Research Issues | p. 119 |
Further Reading | p. 120 |
Exercises | p. 120 |
Confidentiality Policies | p. 123 |
Goals of Confidentiality Policies | p. 123 |
The Bell-LaPadula Model | p. 124 |
Tranquility | p. 142 |
The Controversy over the Bell-LaPadula Model | p. 143 |
Summary | p. 148 |
Research Issues | p. 148 |
Further Reading | p. 149 |
Exercises | p. 150 |
Integrity Policies | p. 151 |
Goals | p. 151 |
Biba Integrity Model | p. 153 |
Lipner's Integrity Matrix Model | p. 156 |
Clark-Wilson Integrity Model | p. 160 |
Summary | p. 166 |
Research Issues | p. 166 |
Further Reading | p. 167 |
Exercises | p. 167 |
Hybrid Policies | p. 169 |
Chinese Wall Model | p. 169 |
Clinical Information Systems Security Policy | p. 177 |
Originator Controlled Access Control | p. 180 |
Role-Based Access Control | p. 182 |
Summary | p. 184 |
Research Issues | p. 184 |
Further Reading | p. 184 |
Exercises | p. 185 |
Noninterference and Policy Composition | p. 187 |
The Problem | p. 187 |
Deterministic Noninterference | p. 191 |
Nondeducibility | p. 202 |
Generalized Noninterference | p. 205 |
Restrictiveness | p. 208 |
Summary | p. 210 |
Research Issues | p. 211 |
Further Reading | p. 211 |
Exercises | p. 212 |
Implementation I: Cryptography | p. 215 |
Basic Cryptography | p. 217 |
What Is Cryptography? | p. 217 |
Classical Cryptosystems | p. 218 |
Public Key Cryptography | p. 233 |
Cryptographic Checksums | p. 237 |
Summary | p. 239 |
Research Issues | p. 240 |
Further Reading | p. 240 |
Exercises | p. 241 |
Key Management | p. 245 |
Session and Interchange Keys | p. 246 |
Key Exchange | p. 246 |
Key Generation | p. 252 |
Cryptographic Key Infrastructures | p. 254 |
Storing and Revoking Keys | p. 261 |
Digital Signatures | p. 266 |
Summary | p. 270 |
Research Issues | p. 271 |
Further Reading | p. 272 |
Exercises | p. 272 |
Cipher Techniques | p. 275 |
Problems | p. 275 |
Stream and Block Ciphers | p. 277 |
Networks and Cryptography | p. 283 |
Example Protocols | p. 286 |
Summary | p. 306 |
Research Issues | p. 306 |
Further Reading | p. 306 |
Exercises | p. 307 |
Authentication | p. 309 |
Authentication Basics | p. 309 |
Passwords | p. 310 |
Challenge-Response | p. 324 |
Biometrics | p. 328 |
Location | p. 331 |
Multiple Methods | p. 331 |
Summary | p. 333 |
Research Issues | p. 334 |
Further Reading | p. 335 |
Exercises | p. 335 |
Implementation II: Systems | p. 339 |
Design Principles | p. 341 |
Overview | p. 341 |
Design Principles | p. 343 |
Summary | p. 349 |
Research Issues | p. 350 |
Further Reading | p. 350 |
Exercises | p. 351 |
Representing Identity | p. 353 |
What Is Identity? | p. 353 |
Files and Objects | p. 354 |
Users | p. 355 |
Groups and Roles | p. 356 |
Naming and Certificates | p. 357 |
Identity on the Web | p. 366 |
Summary | p. 377 |
Research Issues | p. 378 |
Further Reading | p. 378 |
Exercises | p. 379 |
Access Control Mechanisms | p. 381 |
Access Control Lists | p. 381 |
Capabilities | p. 390 |
Locks and Keys | p. 396 |
Ring-Based Access Control | p. 400 |
Propagated Access Control Lists | p. 402 |
Summary | p. 404 |
Research Issues | p. 404 |
Further Reading | p. 405 |
Exercises | p. 405 |
Information Flow | p. 407 |
Basics and Background | p. 407 |
Nonlattice Information Flow Policies | p. 410 |
Compiler-Based Mechanisms | p. 415 |
Execution-Based Mechanisms | p. 429 |
Example Information Flow Controls | p. 433 |
Summary | p. 436 |
Research Issues | p. 436 |
Further Reading | p. 437 |
Exercises | p. 437 |
Confinement Problem | p. 439 |
The Confinement Problem | p. 439 |
Isolation | p. 442 |
Covert Channels | p. 446 |
Summary | p. 470 |
Research Issues | p. 471 |
Further Reading | p. 472 |
Exercises | p. 472 |
Assurance | p. 475 |
Introduction to Assurance | p. 477 |
Assurance and Trust | p. 477 |
Building Secure and Trusted Systems | p. 484 |
Summary | p. 492 |
Research Issues | p. 493 |
Further Reading | p. 494 |
Exercises | p. 494 |
Building Systems with Assurance | p. 497 |
Assurance in Requirements Definition and Analysis | p. 497 |
Assurance During System and Software Design | p. 510 |
Assurance in Implementation and Integration | p. 531 |
Assurance During Operation and Maintenance | p. 541 |
Summary | p. 541 |
Research Issues | p. 542 |
Further Reading | p. 542 |
Exercises | p. 543 |
Formal Methods | p. 545 |
Formal Verification Techniques | p. 545 |
Formal Specification | p. 548 |
Early Formal Verification Techniques | p. 551 |
Current Verification Systems | p. 559 |
Summary | p. 567 |
Research Issues | p. 568 |
Further Reading | p. 568 |
Exercises | p. 569 |
Evaluating Systems | p. 571 |
Goals of Formal Evaluation | p. 571 |
TCSEC: 1983-1999 | p. 574 |
International Efforts and the ITSEC: 1991-2001 | p. 581 |
Commercial International Security Requirements: 1991 | p. 586 |
Other Commercial Efforts: Early 1990s | p. 587 |
The Federal Criteria: 1992 | p. 587 |
FIPS 140: 1994-Present | p. 589 |
The Common Criteria: 1998-Present | p. 591 |
SSE-CMM: 1997-Present | p. 604 |
Summary | p. 607 |
Research Issues | p. 608 |
Further Reading | p. 608 |
Exercises | p. 609 |
Special Topics | p. 611 |
Malicious Logic | p. 613 |
Introduction | p. 613 |
Trojan Horses | p. 614 |
Computer Viruses | p. 615 |
Computer Worms | p. 623 |
Other Forms of Malicious Logic | p. 624 |
Theory of Malicious Logic | p. 626 |
Defenses | p. 630 |
Summary | p. 640 |
Research Issues | p. 640 |
Further Reading | p. 641 |
Exercises | p. 642 |
Vulnerability Analysis | p. 645 |
Introduction | p. 645 |
Penetration Studies | p. 647 |
Vulnerability Classification | p. 660 |
Frameworks | p. 662 |
Gupta and Gligor's Theory of Penetration Analysis | p. 678 |
Summary | p. 683 |
Research Issues | p. 683 |
Further Reading | p. 684 |
Exercises | p. 685 |
Auditing | p. 689 |
Definitions | p. 689 |
Anatomy of an Auditing System | p. 690 |
Designing an Auditing System | p. 693 |
A Posteriori Design | p. 701 |
Auditing Mechanisms | p. 705 |
Examples: Auditing File Systems | p. 708 |
Audit Browsing | p. 715 |
Summary | p. 718 |
Research Issues | p. 718 |
Further Reading | p. 719 |
Exercises | p. 720 |
Intrusion Detection | p. 723 |
Principles | p. 723 |
Basic Intrusion Detection | p. 724 |
Models | p. 727 |
Architecture | p. 742 |
Organization of Intrusion Detection Systems | p. 748 |
Intrusion Response | p. 754 |
Summary | p. 765 |
Research Issues | p. 765 |
Further Reading | p. 767 |
Exercises | p. 767 |
Practicum | p. 771 |
Network Security | p. 773 |
Introduction | p. 773 |
Policy Development | p. 774 |
Network Organization | p. 779 |
Availability and Network Flooding | p. 793 |
Anticipating Attacks | p. 796 |
Summary | p. 798 |
Research Issues | p. 798 |
Further Reading | p. 799 |
Exercises | p. 799 |
System Security | p. 805 |
Introduction | p. 805 |
Policy | p. 806 |
Networks | p. 811 |
Users | p. 817 |
Authentication | p. 822 |
Processes | p. 825 |
Files | p. 831 |
Retrospective | p. 837 |
Summary | p. 838 |
Research Issues | p. 839 |
Further Reading | p. 840 |
Exercises | p. 840 |
User Security | p. 845 |
Policy | p. 845 |
Access | p. 846 |
Files and Devices | p. 852 |
Processes | p. 860 |
Electronic Communications | p. 865 |
Summary | p. 866 |
Research Issues | p. 867 |
Further Reading | p. 867 |
Exercises | p. 868 |
Program Security | p. 869 |
Introduction | p. 869 |
Requirements and Policy | p. 870 |
Design | p. 873 |
Refinement and Implementation | p. 880 |
Common Security-Related Programming Problems | p. 887 |
Testing, Maintenance, and Operation | p. 913 |
Distribution | p. 917 |
Conclusion | p. 919 |
Summary | p. 919 |
Research Issues | p. 919 |
Further Reading | p. 920 |
Exercises | p. 920 |
End Matter | p. 923 |
Lattices | p. 925 |
Basics | p. 925 |
Lattices | p. 926 |
Exercises | p. 927 |
The Extended Euclidean Algorithm | p. 929 |
The Euclidean Algorithm | p. 929 |
The Extended Euclidean Algorithm | p. 930 |
Solving ax mod n = 1 | p. 932 |
Solving ax mod n = b | p. 932 |
Exercises | p. 933 |
Entropy and Uncertainty | p. 935 |
Conditional and Joint Probability | p. 935 |
Entropy and Uncertainty | p. 937 |
Joint and Conditional Entropy | p. 938 |
Exercises | p. 940 |
Virtual Machines | p. 941 |
Virtual Machine Structure | p. 941 |
Virtual Machine Monitor | p. 942 |
Exercises | p. 946 |
Symbolic Logic | p. 947 |
Propositional Logic | p. 947 |
Predicate Logic | p. 952 |
Temporal Logic Systems | p. 954 |
Exercises | p. 956 |
Example Academic Security Policy | p. 959 |
University of California E-mail Policy | p. 959 |
The Acceptable Use Policy for the University of California, Davis | p. 989 |
Bibliography | p. 993 |
Index | p. 1063 |
Table of Contents provided by Syndetics. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.