Book description
In this authoritative book, widely respected practitioner and teacher Matt Bishop presents a clear and useful introduction to the art and science of information security. Bishop's insights and realistic examples will help any practitioner or student understand the crucial links between security theory and the day-to-day security challenges of IT environments.
Bishop explains the fundamentals of security: the different types of widely used policies, the mechanisms that implement these policies, the principles underlying both policies and mechanisms, and how attackers can subvert these tools--as well as how to defend against attackers. A practicum demonstrates how to apply these ideas and mechanisms to a realistic company.
Coverage includes
Confidentiality, integrity, and availability
Operational issues, cost-benefit and risk analyses, legal and human factors
Planning and implementing effective access control
Defining security, confidentiality, and integrity policies
Using cryptography and public-key systems, and recognizing their limits
Understanding and using authentication: from passwords to biometrics
Security design principles: least-privilege, fail-safe defaults, open design, economy of mechanism, and more
Controlling information flow through systems and networks
Assuring security throughout the system lifecycle
Malicious logic: Trojan horses, viruses, boot sector and executable infectors, rabbits, bacteria, logic bombs--and defenses against them
Vulnerability analysis, penetration studies, auditing, and intrusion detection and prevention
Applying security principles to networks, systems, users, and programs
Introduction to Computer Security is adapted from Bishop's comprehensive and widely praised book, Computer Security: Art and Science. This shorter version of the original work omits much mathematical formalism, making it more accessible for professionals and students who have a less formal mathematical background, or for readers with a more practical than theoretical interest.
Table of contents
- Copyright
- Preface
- 1. An Overview of Computer Security
- 2. Access Control Matrix
- 3. Foundational Results
- 4. Security Policies
- 5. Confidentiality Policies
- 6. Integrity Policies
- 7. Hybrid Policies
- 8. Basic Cryptography
- 9. Key Management
- 10. Cipher Techniques
- 11. Authentication
-
12. Design Principles
- 12.1. Overview
-
12.2. Design Principles
- 12.2.1. Principle of Least Privilege
- 12.2.2. Principle of Fail-Safe Defaults
- 12.2.3. Principle of Economy of Mechanism
- 12.2.4. Principle of Complete Mediation
- 12.2.5. Principle of Open Design
- 12.2.6. Principle of Separation of Privilege
- 12.2.7. Principle of Least Common Mechanism
- 12.2.8. Principle of Psychological Acceptability
- 12.3. Summary
- 12.4. Further Reading
- 12.5. Exercises
- 13. Representing Identity
-
14. Access Control Mechanisms
- 14.1. Access Control Lists
- 14.2. Capabilities
- 14.3. Locks and Keys
- 14.4. Ring-Based Access Control
- 14.5. Propagated Access Control Lists
- 14.6. Summary
- 14.7. Further Reading
- 14.8. Exercises
-
15. Information Flow
- 15.1. Basics and Background
- 15.2. Compiler-Based Mechanisms
- 15.3. Execution-Based Mechanisms
- 15.4. Example Information Flow Controls
- 15.5. Summary
- 15.6. Further Reading
- 15.7. Exercises
- 16. Confinement Problem
- 17. Introduction to Assurance
-
18. Evaluating Systems
- 18.1. Goals of Formal Evaluation
- 18.2. TCSEC: 1983–1999
- 18.3. FIPS 140: 1994–Present
- 18.4. The Common Criteria: 1998–Present
- 18.5. SSE-CMM: 1997–Present
- 18.6. Summary
- 18.7. Further Reading
- 18.8. Exercises
-
19. Malicious Logic
- 19.1. Introduction
- 19.2. Trojan Horses
- 19.3. Computer Viruses
- 19.4. Computer Worms
- 19.5. Other Forms of Malicious Logic
-
19.6. Defenses
- 19.6.1. Malicious Logic Acting as Both Data and Instructions
- 19.6.2. Malicious Logic Assuming the Identity of a User
- 19.6.3. Malicious Logic Crossing Protection Domain Boundaries by Sharing
- 19.6.4. Malicious Logic Altering Files
- 19.6.5. Malicious Logic Performing Actions Beyond Specification
- 19.6.6. Malicious Logic Altering Statistical Characteristics
- 19.6.7. The Notion of Trust
- 19.7. Summary
- 19.8. Further Reading
- 19.9. Exercises
-
20. Vulnerability Analysis
- 20.1. Introduction
-
20.2. Penetration Studies
- 20.2.1. Goals
- 20.2.2. Layering of Tests
- 20.2.3. Methodology at Each Layer
- 20.2.4. Flaw Hypothesis Methodology
- 20.2.5. Example: Penetration of the Michigan Terminal System
- 20.2.6. Example: Compromise of a Burroughs System
- 20.2.7. Example: Penetration of a Corporate Computer System
- 20.2.8. Example: Penetrating a UNIX System
- 20.2.9. Example: Penetrating a Windows NT System
- 20.2.10. Debate
- 20.2.11. Conclusion
- 20.3. Vulnerability Classification
- 20.4. Frameworks
- 20.5. Summary
- 20.6. Further Reading
- 20.7. Exercises
- 21. Auditing
- 22. Intrusion Detection
-
23. Network Security
- 23.1. Introduction
- 23.2. Policy Development
- 23.3. Network Organization
- 23.4. Availability and Network Flooding
- 23.5. Anticipating Attacks
- 23.6. Summary
- 23.7. Further Reading
- 23.8. Exercises
- 24. System Security
- 25. User Security
-
26. Program Security
- 26.1. Introduction
- 26.2. Requirements and Policy
- 26.3. Design
- 26.4. Refinement and Implementation
-
26.5. Common Security-Related Programming Problems
- 26.5.1. Improper Choice of Initial Protection Domain
- 26.5.2. Improper Isolation of Implementation Detail
- 26.5.3. Improper Change
- 26.5.4. Improper Naming
- 26.5.5. Improper Deallocation or Deletion
- 26.5.6. Improper Validation
- 26.5.7. Improper Indivisibility
- 26.5.8. Improper Sequencing
- 26.5.9. Improper Choice of Operand or Operation
- 26.5.10. Summary
- 26.6. Testing, Maintenance, and Operation
- 26.7. Distribution
- 26.8. Conclusion
- 26.9. Summary
- 26.10. Further Reading
- 26.11. Exercises
- 27. Lattices
- 28. The Extended Euclidean Algorithm
- 29. Virtual Machines
- Bibliography
Product information
- Title: Introduction to Computer Security
- Author(s):
- Release date: October 2004
- Publisher(s): Addison-Wesley Professional
- ISBN: 0321247442
You might also like
book
Introduction to Computer Networks and Cybersecurity
If a network is not secure, how valuable is it? Introduction to Computer Networks and Cybersecurity …
book
Fundamentals of Information Systems Security, 3rd Edition
Revised and updated with the latest data in the field, Fundamentals of Information Systems Security, Third …
book
Security in Computing
The New State of the Art in Information Security: Now Covers Cloud Computing, the Internet of …
book
Security in Computing, 6th Edition
The New State of the Art in Information Security: From Cloud to Crypto, AI-Driven Security to …