Introduction to Computer Security

ISBN-10: 0321247442
ISBN-13: 9780321247445
Edition: 2005
Authors: Matt Bishop
List price: $84.99 Buy it from $20.56
This item qualifies for FREE shipping

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy

Description: By removing material from the original book, Computer Security: Art and Science(0201440997, AWP), that is highly mathematical or otherwise difficult for manyreaders to understand, Matt Bishop has made his authoritative work oncomputer security art  More...

New Starting from $73.76
what's this?
Rush Rewards U
Members Receive:
coins
coins
You have reached 400 XP and carrot coins. That is the daily max!
You could win $10,000

Get an entry for every item you buy, rent, or sell.

Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Add to cart
Study Briefs
Psychology Online content $4.95 $1.99
Add to cart
Study Briefs
Lifespan Human Development Online content $4.95 $1.99
Add to cart
Study Briefs
Periodic Table Online content $4.95 $1.99

Customers also bought

Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading

Book details

List price: $84.99
Copyright year: 2005
Publisher: Addison Wesley Professional
Publication date: 10/26/2004
Binding: Hardcover
Pages: 784
Size: 7.50" wide x 9.50" long x 1.50" tall
Weight: 3.256

By removing material from the original book, Computer Security: Art and Science(0201440997, AWP), that is highly mathematical or otherwise difficult for manyreaders to understand, Matt Bishop has made his authoritative work oncomputer security art and science more accessible both for professionals newto the field and undergraduate students. The organization of the abridged bookfollows the syllabus Bishop includes in his current work for a nonmathematicalundergraduate course. It focuses more on the application of theory than thetheory itself. Readers learn quickly how to implement security.

Preface
Goals
Philosophy
Organization
Differences Between this Book and Computer Security: Art and Science
Special Acknowledgment
Acknowledgments
An Overview of Computer Security
The Basic Components
Confidentiality
Integrity
Availability
Threats
Policy and Mechanism
Goals of Security
Assumptions and Trust
Assurance
Specification
Design
Implementation
Operational Issues
Cost-Benefit Analysis
Risk Analysis
Laws and Customs
Human Issues
Organizational Problems
People Problems
Tying It All Together
Summary
Further Reading
Exercises
Access Control Matrix
Protection State
Access Control Matrix Model
Protection State Transitions
Conditional Commands
Summary
Further Reading
Exercises
Foundational Results
The General Question
Basic Results
Summary
Further Reading
Exercises
Security Policies
Security Policies
Types of Security Policies
The Role of Trust
Types of Access Control
Example: Academic Computer Security Policy
General University Policy
Electronic Mail Policy
Summary
Further Reading
Exercises
Confidentiality Policies
Goals of Confidentiality Policies
The Bell-LaPadula Model
Informal Description
Example: The Data General B2 UNIX System
Summary
Further Reading
Exercises
Integrity Policies
Goals
Biba Integrity Model
Clark-Wilson Integrity Model
The Model
Comparison with the Requirements
Comparison with Other Models
Summary
Further Reading
Exercises
Hybrid Policies
Chinese Wall Model
Bell-LaPadula and Chinese Wall Models
Clark-Wilson and Chinese Wall Models
Clinical Information Systems Security Policy
Bell-LaPadula and Clark-Wilson Models
Originator Controlled Access Control
Role-Based Access Control
Summary
Further Reading
Exercises
Basic Cryptography
What Is Cryptography?
Classical Cryptosystems
Transposition Ciphers
Substitution Ciphers
Data Encryption Standard
Other Classical Ciphers
Public Key Cryptography
RSA
Cryptographic Checksums
HMAC
Summary
Further Reading
Exercises
Key Management
Session and Interchange Keys
Key Exchange
Classical Cryptographic Key Exchange and Authentication
Kerberos
Public Key Cryptographic Key Exchange and Authentication
Cryptographic Key Infrastructures
Certificate Signature Chains
Summary
Storing and Revoking Keys
Key Storage
Key Revocation
Digital Signatures
Classical Signatures
Public Key Signatures
Summary
Further Reading
Exercises
Cipher Techniques
Problems
Precomputing the Possible Messages
Misordered Blocks
Statistical Regularities
Summary
Stream and Block Ciphers
Stream Ciphers
Block Ciphers
Networks and Cryptography
Example Protocols
Secure Electronic Mail: PEM
Security at the Network Layer: IPsec
Conclusion
Summary
Further Reading
Exercises
Authentication
Authentication Basics
Passwords
Attacking a Password System
Countering Password Guessing
Password Aging
Challenge-Response
Pass Algorithms
One-Time Passwords
Hardware-Supported Challenge-Response Procedures
Challenge-Response and Dictionary Attacks
Biometrics
Fingerprints
Voices
Eyes
Faces
Keystrokes
Combinations
Caution
Location
Multiple Methods
Summary
Further Reading
Exercises
Design Principles
Overview
Design Principles
Principle of Least Privilege
Principle of Fail-Safe Defaults
Principle of Economy of Mechanism
Principle of Complete Mediation
Principle of Open Design
Principle of Separation of Privilege
Principle of Least Common Mechanism
Principle of Psychological Acceptability
Summary
Further Reading
Exercises
Representing Identity
What Is Identity?
Files and Objects
Users
Groups and Roles
Naming and Certificates
The Meaning of the Identity
Trust
Identity on the Web
Host Identity
State and Cookies
Anonymity on the Web
Summary
Further Reading
Exercises
Access Control Mechanisms
Access Control Lists
Abbreviations of Access Control Lists
Creation and Maintenance of Access Control Lists
Revocation of Rights
Example: Windows NT Access Control Lists
Capabilities
Implementation of Capabilities
Copying and Amplifying Capabilities
Revocation of Rights
Limits of Capabilities
Comparison with Access Control Lists
Locks and Keys
Type Checking
Ring-Based Access Control
Propagated Access Control Lists
Summary
Further Reading
Exercises
Information Flow
Basics and Background
Information Flow Models and Mechanisms
Compiler-Based Mechanisms
Declarations
Program Statements
Exceptions and Infinite Loops
Concurrency
Soundness
Execution-Based Mechanisms
Fenton's Data Mark Machine
Variable Classes
Example Information Flow Controls
Security Pipeline Interface
Secure Network Server Mail Guard
Summary
Further Reading
Exercises
Confinement Problem
The Confinement Problem
Isolation
Virtual Machines
Sandboxes
Covert Channels
Detection of Covert Channels
Mitigation of Covert Channels
Summary
Further Reading
Exercises
Introduction to Assurance
Assurance and Trust
The Need for Assurance
The Role of Requirements in Assurance
Assurance Throughout the Life Cycle
Building Secure and Trusted Systems
Life Cycle
The Waterfall Life Cycle Model
Other Models of Software Development
Building Security In or Adding Security Later
Summary
Further Reading
Exercises
Evaluating Systems
Goals of Formal Evaluation
Deciding to Evaluate
Historical Perspective of Evaluation Methodologies
TCSEC: 1983-1999
TCSEC Requirements
The TCSEC Evaluation Classes
The TCSEC Evaluation Process
Impacts
FIPS 140: 1994-Present
FIPS 140 Requirements
FIPS 140-2 Security Levels
Impact
The Common Criteria: 1998-Present
Overview of the Methodology
CC Requirements
CC Security Functional Requirements
Assurance Requirements
Evaluation Assurance Levels
Evaluation Process
Impacts
Future of the Common Criteria
SSE-CMM: 1997-Present
The SSE-CMM Model
Using the SSE-CMM
Summary
Further Reading
Exercises
Malicious Logic
Introduction
Trojan Horses
Computer Viruses
Boot Sector Infectors
Executable Infectors
Multipartite Viruses
TSR Viruses
Stealth Viruses
Encrypted Viruses
Polymorphic Viruses
Macro Viruses
Computer Worms
Other Forms of Malicious Logic
Rabbits and Bacteria
Logic Bombs
Defenses
Malicious Logic Acting as Both Data and Instructions
Malicious Logic Assuming the Identity of a User
Malicious Logic Crossing Protection Domain Boundaries by Sharing
Malicious Logic Altering Files
Malicious Logic Performing Actions Beyond Specification
Malicious Logic Altering Statistical Characteristics
The Notion of Trust
Summary
Further Reading
Exercises
Vulnerability Analysis
Introduction
Penetration Studies
Goals
Layering of Tests
Methodology at Each Layer
Flaw Hypothesis Methodology
Example: Penetration of the Michigan Terminal System
Example: Compromise of a Burroughs System
Example: Penetration of a Corporate Computer System
Example: Penetrating a UNIX System
Example: Penetrating a Windows NT System
Debate
Conclusion
Vulnerability Classification
Two Security Flaws
Frameworks
The RISOS Study
Protection Analysis Model
The NRL Taxonomy
Aslam's Model
Comparison and Analysis
Further Reading
Exercises
Auditing
Definitions
Anatomy of an Auditing System
Logger
Analyzer
Notifier
Designing an Auditing System
Implementation Considerations
Syntactic Issues
Log Sanitization
Application and System Logging
A Posteriori Design
Auditing to Detect Violations of a Known Policy
Auditing to Detect Known Violations of a Policy
Auditing Mechanisms
Secure Systems
Nonsecure Systems
Examples: Auditing File Systems
Audit Analysis of the NFS Version 2 Protocol
The Logging and Auditing File System (LAFS)
Comparison
Audit Browsing
Summary
Further Reading
Exercises
Intrusion Detection
Principles
Basic Intrusion Detection
Models
Anomaly Modeling
Misuse Modeling
Specification Modeling
Summary
Architecture
Agent
Director
Notifier
Organization of Intrusion Detection Systems
Monitoring Network Traffic for Intrusions: NSM
Combining Host and Network Monitoring: DIDS
Autonomous Agents: AAFID
Intrusion Response
Incident Prevention
Intrusion Handling
Exercises
Network Security
Introduction
Policy Development
Data Classes
User Classes
Availability
Consistency Check
Network Organization
Firewalls and Proxies
Analysis of the Network Infrastructure
In the DMZ
In the Internal Network
General Comment on Assurance
Availability and Network Flooding
Intermediate Hosts
TCP State and Memory Allocations
Anticipating Attacks
Summary
Further Reading
Exercises
System Security
Introduction
Policy
The Web Server System in the DMZ
The Development System
Comparison
Conclusion
Networks
The Web Server System in the DMZ
The Development System
Comparison
Users
The Web Server System in the DMZ
The Development System
Comparison
Authentication
The Web Server System in the DMZ
Development Network System
Comparison
Processes
The Web Server System in the DMZ
The Development System
Comparison
Files
The Web Server System in the DMZ
The Development System
Comparison
Retrospective
The Web Server System in the DMZ
The Development System
Summary
Further Reading
Exercises
User Security
Policy
Access
Passwords
The Login Procedure
Leaving the System
Files and Devices
Files
Devices
Processes
Copying and Moving Files
Accidentally Overwriting Files
Encryption, Cryptographic Keys, and Passwords
Start-up Settings
Limiting Privileges
Malicious Logic
Electronic Communications
Automated Electronic Mail Processing
Failure to Check Certificates
Sending Unexpected Content
Summary
Further Reading
Exercises
Program Security
Introduction
Requirements and Policy
Requirements
Threats
Design
Framework
Access to Roles and Commands
Refinement and Implementation
First-Level Refinement
Second-Level Refinement
Functions
Summary
Common Security-Related Programming Problems
Improper Choice of Initial Protection Domain
Improper Isolation of Implementation Detail
Improper Change
Improper Naming
Improper Deallocation or Deletion
Improper Validation
Improper Indivisibility
Improper Sequencing
Improper Choice of Operand or Operation
Summary
Testing, Maintenance, and Operation
Testing
Testing Composed Modules
Testing the Program
Distribution
Conclusion
Summary
Further Reading
Exercises
Lattices
Basics
Lattices
Exercises
The Extended Euclidean Algorithm
The Euclidean Algorithm
The Extended Euclidean Algorithm
Solving ax mod n = 1
Solving ax mod n = b
Exercises
Virtual Machines
Virtual Machine Structure
Virtual Machine Monitor
Privilege and Virtual Machines
Physical Resources and Virtual Machines
Paging and Virtual Machines
Exercises
Bibliography
Index

×
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.

×