Foreword Preface to the Third Edition Chapter 1 Is There a Security Problem in Computing? 1.1 What Does "Secure" Mean? Protecting Valuables Characteristics of Computer Intrusion 1.2 Attacks Threats, Vulnerabilities, and Controls Method, Opportunity, and Motive 1.3 The Meaning of Computer Security Security Goals Vulnerabilities 1.4 Computer Criminals Amateurs Crackers Career Criminals 1.5 Methods of Defense Controls Effectiveness of Controls 1.6 What's Next Encryption Overview Hardware and Software Security Human Controls in Security Encryption In-Depth 1.7 Summary 1.8 Terms and Concepts 1.9 Where the Field Is Headed 1.10 To Learn More 1.11 Exercises Chapter 2 Elementary Cryptography 2.1 Terminology and Background Terminology Representing Characters 2.2 Substitution Ciphers The Caesar Cipher Other Substitutions One-Time Pads Summary of Substitutions 2.3 Transpositions (Permutations) Columnar Transpositions Combinations of Approaches 2.4 Making "Good" Encryption Algorithms What Makes a "Secure" Encryption Algorithm? Symmetric and Asymmetric Encryption Systems Stream and Block Ciphers Confusion and Diffusion Cryptanalysis--Breaking Encryption Schemes 2.5 The Data Encryption Standard (DES) Background and History Overview of the DES Algorithm Double and Triple DES Security of the DES 2.6 The AES Encryption Algorithm The AES Contest Overview of Rijndael Strength of the Algorithm Comparison of DES and AES 2.7 Public Key Encryption Motivation Characteristics Rivest-Shamir-Adelman (RSA) Encryption 2.8 The Uses of Encryption Cryptographic Hash Functions Key Exchange Digital Signatures Certificates 2.9 Summary of Encryption 2.10 Terms and Concepts 2.11 Where the Field Is Headed 2.12 To Learn More 2.13 Exercises Chapter 3 Program Security 3.1 Secure Programs Fixing Faults Unexpected Behavior Types of Flaws 3.2 Nonmalicious Program Errors Buffer Overflows Incomplete Mediation Time-of-Check to Time-of-Use Errors Combinations of Nonmalicious Program Flaws 3.3 Viruses and Other Malicious Code Why Worry About Malicious Code? Kinds of Malicious Code How Viruses Attach Document Viruses How Viruses Gain Control Homes for Viruses Virus Signatures The Source of Viruses Prevention of Virus Infection Truths and Misconceptions About Viruses First Example of Malicious Code: The Brain Virus Another Example: The Internet Worm More Malicious Code: Code Red Malicious Code on the Web: Web Bugs 3.4 Targeted Malicious Code Trapdoors Salami Attacks Covert Channels: Programs That Leak Information 3.5 Controls Against Program Threats Developmental Controls Operating System Controls on Use of Programs Administrative Controls Program Controls in General 3.6 Summary of Program Threats and Controls 3.7 Terms and Concepts 3.8 Where the Field Is Headed 3.9 To Learn More 3.10 Exercises Chapter 4 Protection in General-Purpose Operating Systems 4.1 Protected Objects and Methods of Protection A Bit of History Protected Objects Security Methods of Operating Systems 4.2 Memory and Address Protection Fence Relocation Base/Bounds Registers Tagged Architecture Segmentation Paging Combined Paging with Segmentation 4.3 Control of Access to General Objects Directory Access Control List Access Control Matrix Capability Procedure-Oriented Access Control 4.4 File Protection Mechanisms Basic Forms of Protection Single Permissions Per-Object and Per-User Protection 4.5 User Authentication Use of Passwords Attacks on Passwords Password Selection Criteria The Authentication Process Authentication Other Than Passwords 4.6 Summary of Security for Users 4.7 Terms and Concepts 4.8 Where the Field Is Headed 4.9 To Learn More 4.10 Exercises Chapters Designing Trusted Operating Systems 5.1 What Is a Trusted System? 5.2 Security Policies Military Security Policy Commercial Security Policies 5.3 Models of Security Multilevel Security Models Proving Theoretical Limitations of Security Systems Summary of Models of Protection Systems 5.4 Trusted Operating System Design Trusted System Design Elements Security Features of Ordinary Operating Systems Security Features of Trusted Operating Systems Kernelized Design Separation/Isolation Virtualization Layered Design 5.5 Assurance in Trusted Operating Systems Typical Operating System Flaws Assurance Methods Open Source Evaluation 5.6 Implementation Examples General-Purpose Operating Systems Operating Systems Designed for Security 5.7 Summary of Security in Operating Systems 5.8 Terms and Concepts 5.9 Where the Field Is Headed 5.10 To Learn More 5.11 Exercises Chapter 6 Database Security 6.1 Introduction to Databases Concept of a Database Components of Databases Advantages of Using Databases 6.2 Security Requirements Integrity of the Database Element Integrity Auditability Access Control User Authentication Availability Integrity/ConfidentialitylAvailability 6.3 Reliability and Integrity Protection Features from the Operating System Two-Phase Update Redundancy/Internal Consistency Recovery Concurrency/Consistency Monitors Summary of Data Reliability 6.4 Sensitive Data Access Decisions Types of Disclosures Security versus Precision 6.5 Inference Direct Attack Indirect Attack Aggregation 6.6 Multilevel Databases The Case for Differentiated Security Granularity Security Issues 6.7 Proposals for Multilevel Security Separation Designs of Multilevel Secure Databases Concluding Remarks 6.8 Summary of Database Security 6.9 Terms and Concepts 6.10 Where the Field Is Headed 6.11 To Learn More 6.12 Exercises Chapter 7 Security in Networks 7.1 Network Concepts The Network Media Protocols Types of Networks Topologies Distributed Systems APIs Advantages of Computing Networks 7.2 Threats in Networks What Makes a Network Vulnerable? Who Attacks Networks? Threat Precursors Threats in Transit: Eavesdropping and Wiretapping Protocol Flaws Impersonation Spoofing Message Confidentiality Threats Message Integrity Threats Web Site Defacement Denial of Service Distributed Denial of Service Threats to Active or Mobile Code Complex Attacks Summary of Network Vulnerabilities 7.3 Network Security Controls Security Threat Analysis Design and Implementation Architecture Encryption Content Integrity Strong Authentication Access Controls Alarms and Alerts Honeypots Traffic Flow Security Controls Review 7.4 Firewalls What Is a Firewall? Design of Firewalls Types of Firewalls Personal Firewalls Comparison of Firewall Types Example Firewall Configurations What Firewalls Can--and Cannot--Block 7.5 Intrusion Detection Systems Types of IDSs Goals for Intrusion Detection Systems IDS Strengths and Limitations 7.6 Secure E-Mail Security for E-Mail Designs Example Secure E-Mail Systems 7.7 Summary of Network Security 7.8 Terms and Concepts 7.9 Where the Field Is Headed 7.10 To Learn More 7.11 Exercises Chapter 8 Administering Security 8.1 Security Planning Contents of a Security Plan Security Planning Team Members Assuring Commitment to a Security Plan Business Continuity Plans Incident Response Plans 8.2 Risk Analysis The Nature of Risk Steps of a Risk Analysis Arguments For and Against Risk Analysis 8.3 Organizational Security Policies Purpose Audience Contents Characteristics of a Good Security Policy Examples Policy Issue Example: Government E-Mail 8.4 Physical Security Natural Disasters Power Loss Human Vandals Interception of Sensitive Information Contingency Planning Physical Security Recap 8.5 Summary 8.6 Terms and Concepts 8.7 To Learn More 8.8 Exercises Chapter 9 Legal, Privacy, and Ethical Issues in Computer Security 9.1 Protecting Programs and Data Copyrights Patents Trade Secrets Protection for Computer Objects 9.2 Information and the Law Information as an Object Legal Issues Relating to Information Protecting Information Summary of Protection for Computer Artifacts 9.3 Rights of Employees and Employers Ownership of Products 9.4 Software Failures Selling Correct Software Reporting Software Flaws 9.5 Computer Crime Why a Separate Category for Computer Crime Is Needed Why Computer Crime Is Hard to Define Why Computer Crime Is Hard to Prosecute Examples of Statutes International Dimensions Why Computer Criminals Are Hard to Catch What Computer Crime Does Not Address Cryptography and the Law Summary of Legal Issues in Computer Security 9.6 Privacy Threats to Privacy Controls Protecting Privacy 9.7 Ethical Issues in Computer Security Differences Between the Law and Ethics Studying Ethics Ethical Reasoning 9.8 Case Studies of Ethics Case I: Use of Computer Services Case II: Privacy Rights Case III: Denial of Service Case IV: Ownership of Programs Case V: Proprietary Resources Case VI: Fraud Case VII: Accuracy of Information Case VIII: Ethics of Hacking or Cracking Codes of Ethics Conclusion of Computer Ethics 9.9 Terms and Concepts 9.10 To Learn More 9.11 Exercises Chapter 10 Cryptography Explained 10.1 Mathematics for Cryptography Complexity Properties of Arithmetic 10.2 Symmetric Encryption Fundamental Concepts Data Encryption Standard (DES) Advanced Encryption Standard (AES) 10.3 Public Key Encryption Systems Characteristics Merkle-Hellman Knapsacks Rivest-Shamir-Adelman (RSA) Encryption El Gamal and Digital Signature Algorithms 10.4 Quantum Cryptography Quantum Physics Photon Reception Cryptography with Photons Implementation 10.5 Summary of Encryption 10.6 Terms and Concepts 10.7 Where the Field Is Headed 10.8 To Learn More 10.9 Exercises Bibliography Index
鄂公網(wǎng)安備 42010302001612號 