| |
| |
Notation | |
| |
| |
Preface | |
| |
| |
| |
Reader's and Instructor's Guide | |
| |
| |
| |
Outline of the Book | |
| |
| |
| |
A Roadmap for Readers and Instructors | |
| |
| |
| |
Internet and Web Resources | |
| |
| |
| |
Standards | |
| |
| |
| |
Overview | |
| |
| |
| |
Computer Security Concepts | |
| |
| |
| |
Threats, Attacks, and Assets | |
| |
| |
| |
Security Functional Requirements | |
| |
| |
| |
A Security Architecture for Open Systems | |
| |
| |
| |
The Scope of Computer Security | |
| |
| |
| |
Computer Security Trends | |
| |
| |
| |
Computer Security Strategy | |
| |
| |
| |
Recommended Reading and Web Sites | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
A Signficant Security Standards and Documents | |
| |
| |
| |
Computer Security Technology and Principles | |
| |
| |
| |
Cryptographic Tools | |
| |
| |
| |
Confidentiality with Symmetric Encryption | |
| |
| |
| |
Message Authentication and Hash Functions | |
| |
| |
| |
Public-Key Encryption | |
| |
| |
| |
Digital Signatures and Key Management | |
| |
| |
| |
Random and Pseudorandom Numbers | |
| |
| |
| |
Practical Application: Encryption of Stored Data | |
| |
| |
| |
Recommended Reading and Web Sites | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
User Authentication | |
| |
| |
| |
Means of Authentication | |
| |
| |
| |
Password-Based Authentication | |
| |
| |
| |
Token-Based Authentication | |
| |
| |
| |
Biometric Authentication | |
| |
| |
| |
Remote User Authentication | |
| |
| |
| |
Security Issues for User Authentication | |
| |
| |
| |
Practical Application: An Iris Biometric System | |
| |
| |
| |
Case Study: Security Problems for ATM Systems | |
| |
| |
| |
Recommended Reading and Web Sites | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Access Control | |
| |
| |
| |
Access Control Principles | |
| |
| |
| |
Subjects, Objects, and Access Rights | |
| |
| |
| |
Discretionary Access Control | |
| |
| |
| |
Example: UNIX File Access Control | |
| |
| |
| |
Role-Based Access Control | |
| |
| |
| |
Case Study: RBAC System for a Bank | |
| |
| |
| |
Recommended Reading and Web Sites | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Database Security | |
| |
| |
| |
Relational Databases | |
| |
| |
| |
Database Access Control | |
| |
| |
| |
Inference | |
| |
| |
| |
Statistical Databases | |
| |
| |
| |
Database Encryption | |
| |
| |
| |
Recommended Reading | |
| |
| |
| |
Key Terms, Review Questions, and Problems | |
| |
| |
| |
Intrusion Detection | |
| |
| |
| |
Intruders | |
| |
| |
| |
Intrusion Detection | |
| |
| |
| |
Host-Based Intrusion Detection | |
| |
| |
| |
Distr | |