book

Introduction to Computer Security

Name: Introduction to Computer Security
Author: Matt Bishop
ISBN: 0321247442

by Matt Bishop

October 2004

Beginner

784 pages

22h 31m

English

Addison-Wesley Professional

Read now

Unlock full access

Copyright
Dedication
Preface
GoalsPhilosophyOrganizationDifferences Between this Book and Computer Security: Art and ScienceSpecial AcknowledgmentAcknowledgments
1. An Overview of Computer Security
1.1. The Basic Components1.1.1. Confidentiality1.1.2. Integrity1.1.3. Availability1.2. Threats1.3. Policy and Mechanism1.3.1. Goals of Security1.4. Assumptions and Trust1.5. Assurance1.5.1. Specification1.5.2. Design1.5.3. Implementation1.6. Operational Issues1.6.1. Cost-Benefit Analysis1.6.2. Risk Analysis1.6.3. Laws and Customs1.7. Human Issues1.7.1. Organizational Problems1.7.2. People Problems1.8. Tying It All Together1.9. Summary1.10. Further Reading1.11. Exercises
2. Access Control Matrix
2.1. Protection State2.2. Access Control Matrix Model2.3. Protection State Transitions2.3.1. Conditional Commands2.4. Summary2.5. Further Reading2.6. Exercises
3. Foundational Results
3.1. The General Question3.2. Basic Results3.3. Summary3.4. Further Reading3.5. Exercises
4. Security Policies
4.1. Security Policies4.2. Types of Security Policies4.3. The Role of Trust4.4. Types of Access Control4.5. Example: Academic Computer Security Policy4.5.1. General University Policy4.5.2. Electronic Mail Policy4.5.2.1. The Electronic Mail Policy Summary4.5.2.2. The Full Policy4.5.2.3. Implementation at UC Davis4.6. Summary4.7. Further Reading4.8. Exercises
5. Confidentiality Policies
5.1. Goals of Confidentiality Policies5.2. The Bell-LaPadula Model5.2.1. Informal Description5.2.2. Example: The Data General B2 UNIX System5.2.2.1. Assigning MAC Labels5.2.2.2. Using MAC Labels5.3. Summary5.4. Further Reading5.5. Exercises
6. Integrity Policies
6.1. Goals6.2. Biba Integrity Model6.3. Clark-Wilson Integrity Model6.3.1. The Model6.3.2. Comparison with the Requirements6.3.3. Comparison with Other Models6.4. Summary6.5. Further Reading6.6. Exercises
7. Hybrid Policies
7.1. Chinese Wall Model7.1.1. Bell-LaPadula and Chinese Wall Models7.1.2. Clark-Wilson and Chinese Wall Models7.2. Clinical Information Systems Security Policy7.2.1. Bell-LaPadula and Clark-Wilson Models7.3. Originator Controlled Access Control7.4. Role-Based Access Control7.5. Summary7.6. Further Reading7.7. Exercises
8. Basic Cryptography
8.1. What Is Cryptography?8.2. Classical Cryptosystems8.2.1. Transposition Ciphers8.2.2. Substitution Ciphers8.2.2.1. Vigenère Cipher8.2.2.2. One-Time Pad8.2.3. Data Encryption Standard8.2.4. Other Classical Ciphers8.3. Public Key Cryptography8.3.1. RSA8.4. Cryptographic Checksums8.4.1. HMAC8.5. Summary8.6. Further Reading8.7. Exercises

9. Key Management
9.1. Session and Interchange Keys9.2. Key Exchange9.2.1. Classical Cryptographic Key Exchange and Authentication9.2.2. Kerberos9.2.3. Public Key Cryptographic Key Exchange and Authentication9.3. Cryptographic Key Infrastructures9.3.1. Certificate Signature Chains9.3.1.1. X.509: Certification Signature Chains9.3.1.2. PGP Certificate Signature Chains9.3.2. Summary9.4. Storing and Revoking Keys9.4.1. Key Storage9.4.2. Key Revocation9.5. Digital Signatures9.5.1. Classical Signatures9.5.2. Public Key Signatures9.6. Summary9.7. Further Reading9.8. Exercises
10. Cipher Techniques
10.1. Problems10.1.1. Precomputing the Possible Messages10.1.2. Misordered Blocks10.1.3. Statistical Regularities10.1.4. Summary10.2. Stream and Block Ciphers10.2.1. Stream Ciphers10.2.1.1. Synchronous Stream Ciphers10.2.1.2. Self-Synchronous Stream Ciphers10.2.2. Block Ciphers10.2.2.1. Multiple Encryption10.3. Networks and Cryptography10.4. Example Protocols10.4.1. Secure Electronic Mail: PEM10.4.1.1. Design Principles10.4.1.2. Basic Design10.4.1.3. Other Considerations10.4.1.4. Conclusion10.4.2. Security at the Network Layer: IPsec10.4.2.1. IPsec Architecture10.4.2.2. Authentication Header Protocol10.4.2.3. Encapsulating Security Payload Protocol10.4.3. Conclusion10.5. Summary10.6. Further Reading10.7. Exercises
11. Authentication
11.1. Authentication Basics11.2. Passwords11.2.1. Attacking a Password System11.2.2. Countering Password Guessing11.2.2.1. Random Selection of Passwords11.2.2.2. Pronounceable and Other Computer-Generated Passwords11.2.2.3. User Selection of Passwords11.2.2.4. Reusable Passwords and Dictionary Attacks11.2.2.5. Guessing Through Authentication Functions11.2.3. Password Aging11.3. Challenge-Response11.3.1. Pass Algorithms11.3.2. One-Time Passwords11.3.3. Hardware-Supported Challenge-Response Procedures11.3.4. Challenge-Response and Dictionary Attacks11.4. Biometrics11.4.1. Fingerprints11.4.2. Voices11.4.3. Eyes11.4.4. Faces11.4.5. Keystrokes11.4.6. Combinations11.4.7. Caution11.5. Location11.6. Multiple Methods11.7. Summary11.8. Further Reading11.9. Exercises
12. Design Principles
12.1. Overview12.2. Design Principles12.2.1. Principle of Least Privilege12.2.2. Principle of Fail-Safe Defaults12.2.3. Principle of Economy of Mechanism12.2.4. Principle of Complete Mediation12.2.5. Principle of Open Design12.2.6. Principle of Separation of Privilege12.2.7. Principle of Least Common Mechanism12.2.8. Principle of Psychological Acceptability12.3. Summary12.4. Further Reading12.5. Exercises
13. Representing Identity
13.1. What Is Identity?13.2. Files and Objects13.3. Users13.4. Groups and Roles13.5. Naming and Certificates13.5.1. The Meaning of the Identity13.5.2. Trust13.6. Identity on the Web13.6.1. Host Identity13.6.1.1. Static and Dynamic Identifiers13.6.1.2. Security Issues with the Domain Name Service13.6.2. State and Cookies13.6.3. Anonymity on the Web13.6.3.1. Anonymity for Better or Worse13.7. Summary13.8. Further Reading13.9. Exercises
14. Access Control Mechanisms
14.1. Access Control Lists14.1.1. Abbreviations of Access Control Lists14.1.2. Creation and Maintenance of Access Control Lists14.1.2.1. Which Subjects Can Modify an Object's ACL?14.1.2.2. Do the ACLs Apply to a Privileged User?14.1.2.3. Does the ACL Support Groups and Wildcards?14.1.2.4. Conflicts14.1.2.5. ACLs and Default Permissions14.1.3. Revocation of Rights14.1.4. Example: Windows NT Access Control Lists14.2. Capabilities14.2.1. Implementation of Capabilities14.2.2. Copying and Amplifying Capabilities14.2.3. Revocation of Rights14.2.4. Limits of Capabilities14.2.5. Comparison with Access Control Lists14.3. Locks and Keys14.3.1. Type Checking14.4. Ring-Based Access Control14.5. Propagated Access Control Lists14.6. Summary14.7. Further Reading14.8. Exercises
15. Information Flow
15.1. Basics and Background15.1.1. Information Flow Models and Mechanisms15.2. Compiler-Based Mechanisms15.2.1. Declarations15.2.2. Program Statements15.2.2.1. Assignment Statements15.2.2.2. Compound Statements15.2.2.3. Conditional Statements15.2.2.4. Iterative Statements15.2.2.5. Goto Statements15.2.2.6. Procedure Calls15.2.3. Exceptions and Infinite Loops15.2.4. Concurrency15.2.5. Soundness15.3. Execution-Based Mechanisms15.3.1. Fenton's Data Mark Machine15.3.2. Variable Classes15.4. Example Information Flow Controls15.4.1. Security Pipeline Interface15.4.2. Secure Network Server Mail Guard15.5. Summary15.6. Further Reading15.7. Exercises
16. Confinement Problem
16.1. The Confinement Problem16.2. Isolation16.2.1. Virtual Machines16.2.2. Sandboxes16.3. Covert Channels16.3.1. Detection of Covert Channels16.3.2. Mitigation of Covert Channels16.4. Summary16.5. Further Reading16.6. Exercises
17. Introduction to Assurance
17.1. Assurance and Trust17.1.1. The Need for Assurance17.1.2. The Role of Requirements in Assurance17.1.3. Assurance Throughout the Life Cycle17.2. Building Secure and Trusted Systems17.2.1. Life Cycle17.2.1.1. Conception17.2.1.2. Manufacture17.2.1.3. Deployment17.2.1.4. Fielded Product Life17.2.2. The Waterfall Life Cycle Model17.2.2.1. Requirements Definition and Analysis17.2.2.2. System and Software Design17.2.2.3. Implementation and Unit Testing17.2.2.4. Integration and System Testing17.2.2.5. Operation and Maintenance17.2.2.6. Discussion17.2.3. Other Models of Software Development17.2.3.1. Exploratory Programming17.2.3.2. Prototyping17.2.3.3. Formal Transformation17.2.3.4. System Assembly from Reusable Components17.2.3.5. Extreme Programming17.3. Building Security In or Adding Security Later17.4. Summary17.5. Further Reading17.6. Exercises
18. Evaluating Systems
18.1. Goals of Formal Evaluation18.1.1. Deciding to Evaluate18.1.2. Historical Perspective of Evaluation Methodologies18.2. TCSEC: 1983–199918.2.1. TCSEC Requirements18.2.1.1. TCSEC Functional Requirements18.2.1.2. TCSEC Assurance Requirements18.2.2. The TCSEC Evaluation Classes18.2.3. The TCSEC Evaluation Process18.2.4. Impacts18.2.4.1. Scope Limitations18.2.4.2. Process Limitations18.2.4.3. Contributions18.3. FIPS 140: 1994–Present18.3.1. FIPS 140 Requirements18.3.2. FIPS 140-2 Security Levels18.3.3. Impact18.4. The Common Criteria: 1998–Present18.4.1. Overview of the Methodology18.4.2. CC Requirements18.4.3. CC Security Functional Requirements18.4.4. Assurance Requirements18.4.5. Evaluation Assurance Levels18.4.6. Evaluation Process18.4.7. Impacts18.4.8. Future of the Common Criteria18.4.8.1. Interpretations18.4.8.2. Assurance Class AMA and Family ALC_FLR18.4.8.3. Products Versus Systems18.4.8.4. Protection Profiles and Security Targets18.4.8.5. Assurance Class AVA18.4.8.6. EAL518.5. SSE-CMM: 1997–Present18.5.1. The SSE-CMM Model18.5.2. Using the SSE-CMM18.6. Summary18.7. Further Reading18.8. Exercises
19. Malicious Logic
19.1. Introduction19.2. Trojan Horses19.3. Computer Viruses19.3.1. Boot Sector Infectors19.3.2. Executable Infectors19.3.3. Multipartite Viruses19.3.4. TSR Viruses19.3.5. Stealth Viruses19.3.6. Encrypted Viruses19.3.7. Polymorphic Viruses19.3.8. Macro Viruses19.4. Computer Worms19.5. Other Forms of Malicious Logic19.5.1. Rabbits and Bacteria19.5.2. Logic Bombs19.6. Defenses19.6.1. Malicious Logic Acting as Both Data and Instructions19.6.2. Malicious Logic Assuming the Identity of a User19.6.2.1. Information Flow Metrics19.6.2.2. Reducing the Rights19.6.2.3. Sandboxing19.6.3. Malicious Logic Crossing Protection Domain Boundaries by Sharing19.6.4. Malicious Logic Altering Files19.6.5. Malicious Logic Performing Actions Beyond Specification19.6.5.1. Proof-Carrying Code19.6.6. Malicious Logic Altering Statistical Characteristics19.6.7. The Notion of Trust19.7. Summary19.8. Further Reading19.9. Exercises
20. Vulnerability Analysis
20.1. Introduction20.2. Penetration Studies20.2.1. Goals20.2.2. Layering of Tests20.2.3. Methodology at Each Layer20.2.4. Flaw Hypothesis Methodology20.2.4.1. Information Gathering and Flaw Hypothesis20.2.4.2. Flaw Testing20.2.4.3. Flaw Generalization20.2.4.4. Flaw Elimination20.2.5. Example: Penetration of the Michigan Terminal System20.2.6. Example: Compromise of a Burroughs System20.2.7. Example: Penetration of a Corporate Computer System20.2.8. Example: Penetrating a UNIX System20.2.9. Example: Penetrating a Windows NT System20.2.10. Debate20.2.11. Conclusion20.3. Vulnerability Classification20.3.1. Two Security Flaws20.4. Frameworks20.4.1. The RISOS Study20.4.1.1. The Flaw Classes20.4.1.2. Legacy20.4.2. Protection Analysis Model20.4.2.1. The Flaw Classes20.4.2.2. Legacy20.4.3. The NRL Taxonomy20.4.3.1. The Flaw Classes20.4.3.2. Legacy20.4.4. Aslam's Model20.4.4.1. The Flaw Classes20.4.4.2. Legacy20.4.5. Comparison and Analysis20.4.5.1. The xterm Log File Flaw20.4.5.2. The fingerd Buffer Overflow Flaw20.4.5.3. Summary20.5. Summary20.6. Further Reading20.7. Exercises
21. Auditing
21.1. Definitions21.2. Anatomy of an Auditing System21.2.1. Logger21.2.2. Analyzer21.2.3. Notifier21.3. Designing an Auditing System21.3.1. Implementation Considerations21.3.2. Syntactic Issues21.3.3. Log Sanitization21.3.4. Application and System Logging21.4. A Posteriori Design21.4.1. Auditing to Detect Violations of a Known Policy21.4.1.1. State-Based Auditing21.4.1.2. Transition-Based Auditing21.4.2. Auditing to Detect Known Violations of a Policy21.5. Auditing Mechanisms21.5.1. Secure Systems21.5.2. Nonsecure Systems21.6. Examples: Auditing File Systems21.6.1. Audit Analysis of the NFS Version 2 Protocol21.6.2. The Logging and Auditing File System (LAFS)21.6.3. Comparison21.7. Audit Browsing21.8. Summary21.9. Further Reading21.10. Exercises
22. Intrusion Detection
22.1. Principles22.2. Basic Intrusion Detection22.3. Models22.3.1. Anomaly Modeling22.3.2. Misuse Modeling22.3.3. Specification Modeling22.3.4. Summary22.4. Architecture22.4.1. Agent22.4.1.1. Host-Based Information Gathering22.4.1.2. Network-Based Information Gathering22.4.1.3. Combining Sources22.4.2. Director22.4.3. Notifier22.5. Organization of Intrusion Detection Systems22.5.1. Monitoring Network Traffic for Intrusions: NSM22.5.2. Combining Host and Network Monitoring: DIDS22.5.3. Autonomous Agents: AAFID22.6. Intrusion Response22.6.1. Incident Prevention22.6.2. Intrusion Handling22.6.2.1. Containment Phase22.6.2.2. Eradication Phase22.6.2.3. Follow-Up Phase22.7. Summary22.8. Further Reading22.9. Exercises
23. Network Security
23.1. Introduction23.2. Policy Development23.2.1. Data Classes23.2.2. User Classes23.2.3. Availability23.2.4. Consistency Check23.3. Network Organization23.3.1. Firewalls and Proxies23.3.2. Analysis of the Network Infrastructure23.3.2.1. Outer Firewall Configuration23.3.2.2. Inner Firewall Configuration23.3.3. In the DMZ23.3.3.1. DMZ Mail Server23.3.3.2. DMZ WWW Server23.3.3.3. DMZ DNS Server23.3.3.4. DMZ Log Server23.3.3.5. Summary23.3.4. In the Internal Network23.3.5. General Comment on Assurance23.4. Availability and Network Flooding23.4.1. Intermediate Hosts23.4.2. TCP State and Memory Allocations23.5. Anticipating Attacks23.6. Summary23.7. Further Reading23.8. Exercises
24. System Security
24.1. Introduction24.2. Policy24.2.1. The Web Server System in the DMZ24.2.2. The Development System24.2.3. Comparison24.2.4. Conclusion24.3. Networks24.3.1. The Web Server System in the DMZ24.3.2. The Development System24.3.3. Comparison24.4. Users24.4.1. The Web Server System in the DMZ24.4.2. The Development System24.4.3. Comparison24.5. Authentication24.5.1. The Web Server System in the DMZ24.5.2. Development Network System24.5.3. Comparison24.6. Processes24.6.1. The Web Server System in the DMZ24.6.2. The Development System24.6.3. Comparison24.7. Files24.7.1. The Web Server System in the DMZ24.7.2. The Development System24.7.3. Comparison24.8. Retrospective24.8.1. The Web Server System in the DMZ24.8.2. The Development System24.9. Summary24.10. Further Reading24.11. Exercises
25. User Security
25.1. Policy25.2. Access25.2.1. Passwords25.2.2. The Login Procedure25.2.2.1. Trusted Hosts25.2.3. Leaving the System25.3. Files and Devices25.3.1. Files25.3.1.1. File Permissions on Creation25.3.1.2. Group Access25.3.1.3. File Deletion25.3.2. Devices25.3.2.1. Writable Devices25.3.2.2. Smart Terminals25.3.2.3. Monitors and Window Systems25.4. Processes25.4.1. Copying and Moving Files25.4.2. Accidentally Overwriting Files25.4.3. Encryption, Cryptographic Keys, and Passwords25.4.4. Start-up Settings25.4.5. Limiting Privileges25.4.6. Malicious Logic25.5. Electronic Communications25.5.1. Automated Electronic Mail Processing25.5.2. Failure to Check Certificates25.5.3. Sending Unexpected Content25.6. Summary25.7. Further Reading25.8. Exercises
26. Program Security
26.1. Introduction26.2. Requirements and Policy26.2.1. Requirements26.2.2. Threats26.2.2.1. Group 1: Unauthorized Users Accessing Role Accounts26.2.2.2. Group 2: Authorized Users Accessing Role Accounts26.2.2.3. Summary26.3. Design26.3.1. Framework26.3.1.1. User Interface26.3.1.2. High-Level Design26.3.2. Access to Roles and Commands26.3.2.1. Interface26.3.2.2. Internals26.3.2.3. Storage of the Access Control Data26.4. Refinement and Implementation26.4.1. First-Level Refinement26.4.2. Second-Level Refinement26.4.3. Functions26.4.3.1. Obtaining Location26.4.3.2. The Access Control Record26.4.3.3. Error Handling in the Reading and Matching Routines26.4.4. Summary26.5. Common Security-Related Programming Problems26.5.1. Improper Choice of Initial Protection Domain26.5.1.1. Process Privileges26.5.1.2. Access Control File Permissions26.5.1.3. Memory Protection26.5.1.4. Trust in the System26.5.2. Improper Isolation of Implementation Detail26.5.2.1. Resource Exhaustion and User Identifiers26.5.2.2. Validating the Access Control Entries26.5.2.3. Restricting the Protection Domain of the Role Process26.5.3. Improper Change26.5.3.1. Memory26.5.3.2. Changes in File Contents26.5.3.3. Race Conditions in File Accesses26.5.4. Improper Naming26.5.5. Improper Deallocation or Deletion26.5.6. Improper Validation26.5.6.1. Bounds Checking26.5.6.2. Type Checking26.5.6.3. Error Checking26.5.6.4. Checking for Valid, not Invalid, Data26.5.6.5. Checking Input26.5.6.6. Designing for Validation26.5.7. Improper Indivisibility26.5.8. Improper Sequencing26.5.9. Improper Choice of Operand or Operation26.5.10. Summary26.6. Testing, Maintenance, and Operation26.6.1. Testing26.6.1.1. Testing the Module26.6.2. Testing Composed Modules26.6.3. Testing the Program26.7. Distribution26.8. Conclusion26.9. Summary26.10. Further Reading26.11. Exercises
27. Lattices
27.1. Basics27.2. Lattices27.3. Exercises
28. The Extended Euclidean Algorithm
28.1. The Euclidean Algorithm28.2. The Extended Euclidean Algorithm28.3. Solving ax mod n = 128.4. Solving ax mod n = b28.5. Exercises
29. Virtual Machines
29.1. Virtual Machine Structure29.2. Virtual Machine Monitor29.2.1. Privilege and Virtual Machines29.2.2. Physical Resources and Virtual Machines29.2.3. Paging and Virtual Machines29.3. Exercises
Bibliography

Overview

In this authoritative book, widely respected practitioner and teacher Matt Bishop presents a clear and useful introduction to the art and science of information security. Bishop's insights and realistic examples will help any practitioner or student understand the crucial links between security theory and the day-to-day security challenges of IT environments.

Bishop explains the fundamentals of security: the different types of widely used policies, the mechanisms that implement these policies, the principles underlying both policies and mechanisms, and how attackers can subvert these tools--as well as how to defend against attackers. A practicum demonstrates how to apply these ideas and mechanisms to a realistic company.

Coverage includes

Confidentiality, integrity, and availability

Operational issues, cost-benefit and risk analyses, legal and human factors

Planning and implementing effective access control

Defining security, confidentiality, and integrity policies

Using cryptography and public-key systems, and recognizing their limits

Understanding and using authentication: from passwords to biometrics

Security design principles: least-privilege, fail-safe defaults, open design, economy of mechanism, and more

Controlling information flow through systems and networks

Assuring security throughout the system lifecycle

Malicious logic: Trojan horses, viruses, boot sector and executable infectors, rabbits, bacteria, logic bombs--and defenses against them

Vulnerability analysis, penetration studies, auditing, and intrusion detection and prevention

Applying security principles to networks, systems, users, and programs

Introduction to Computer Security is adapted from Bishop's comprehensive and widely praised book, Computer Security: Art and Science. This shorter version of the original work omits much mathematical formalism, making it more accessible for professionals and students who have a less formal mathematical background, or for readers with a more practical than theoretical interest.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Introduction to Computer Networks and Cybersecurity

Publisher Resources

ISBN: 0321247442Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills