Recent statistics on computer security breaches demonstrate that there has been an explosive growth of successful computer attacks worldwide. Valuable personal and corporate information is being compromised, and computer systems that control communications and critical infrastructure operations are being attacked. The continued success of these attacks demands answers to questions such as: What is the root cause of the problem? And what steps can be taken to prevent successful attacks?
In order to address these questions in a systematic fashion, it is important to review the basic components that form the foundation of current computer security. Since the roles and interplay of these components are often central to attacks that capitalize on weaknesses of a security system, a clear understanding of these components is a necessary prerequisite for mounting a solid defense.
This chapter presents an introduction to the primary elements of computer security. The terminology and fundamental principles behind each element are discussed, and, where appropriate, limitations and attack avenues are presented. The chapter is intended to act as a primary reference and overview for the rest of the book.
The first element that comes to mind when a person thinks about computer security is cryptography. Cryptography is the process of converting an information-bearing message to something that appears to be completely unintelligible “gibberish,” ...