| |
| |
Preface | |
| |
| |
| |
Is There a Security Problem in Computing? | |
| |
| |
Characteristics of Computer Intrusion | |
| |
| |
Kinds of Security Breaches | |
| |
| |
Security Goals and Vulnerabilities | |
| |
| |
The People Involved | |
| |
| |
Methods of Defense | |
| |
| |
Plan of Attack | |
| |
| |
Bibliographic Notes | |
| |
| |
Terms and Concepts | |
| |
| |
Exercises | |
| |
| |
| |
Basic Encryption and Decryption | |
| |
| |
Terminology and Background | |
| |
| |
Monoalphabetic Ciphers (Substitutions) | |
| |
| |
Polyalphabetic Substitution Ciphers | |
| |
| |
Transpositions (Permutations) | |
| |
| |
Fractionated Morse | |
| |
| |
Stream and Block Ciphers | |
| |
| |
Characteristics of Good Ciphers | |
| |
| |
What the Cryptanalyst Has to Work With | |
| |
| |
Summary of Basic Encryption | |
| |
| |
Bibliographic Notes | |
| |
| |
Terms and Concepts | |
| |
| |
Exercises | |
| |
| |
| |
Secure Encryption Systems | |
| |
| |
Hard Problems: Complexity | |
| |
| |
Properties of Arithmetic | |
| |
| |
Public Key Encryption Systems | |
| |
| |
Merkle Hellman Knapsacks | |
| |
| |
Rivest Shamir Adelman (RSA) Encryption | |
| |
| |
El Gamal and Digital Signature Algorithms | |
| |
| |
Hash Algorithms | |
| |
| |
Secure Secret Key (Symmetric) Systems | |
| |
| |
The Data Encryption Standard (DES) | |
| |
| |
Key Escrow and Clipper | |
| |
| |
The Clipper Program | |
| |
| |
Conclusions | |
| |
| |
Summary of Secure Encryption | |
| |
| |
Bibliographic Notes | |
| |
| |
Terms and Concepts | |
| |
| |
Exercises | |
| |
| |
| |
Using Encryption: Protocols and Practices | |
| |
| |
Protocols: Orderly Behavior | |
| |
| |
How to Use Encryption | |
| |
| |
Enhancing Cryptographic Security | |
| |
| |
Modes of Encryption | |
| |
| |
Summary of Protocols and Practices | |
| |
| |
Bibliographic Notes | |
| |
| |
Terms and Concepts | |
| |
| |
Exercises | |
| |
| |
| |
Program Security | |
| |
| |
Viruses and Other Malicious Code | |
| |
| |
Targeted Malicious Code | |
| |
| |
Controls Against Program Threats | |
| |
| |
Summary of Program Threats and Controls | |
| |
| |
Bibliographic Notes | |
| |
| |
Terms and Concepts | |
| |
| |
Exercises | |
| |
| |
| |
Protection in General-Purpose Operating Systems | |
| |
| |
Protected Objects and Methods of Protection | |
| |
| |
Protecting Memory and Addressing | |
| |
| |
Protecting Access to General Objects | |
| |
| |
File Protection Mechanisms | |
| |
| |
User Authentication | |
| |
| |
Summary of Security for Users | |
| |
| |
Bibliographic Notes | |
| |
| |
Terms and Concepts | |
| |
| |
Exercises | |
| |
| |
| |
Designing Trusted Operating Systems | |
| |
| |
What Is a Trusted System? Security Policies | |
| |
| |
Models of Security | |
| |
| |
Design of Trusted Operating Systems | |
| |
| |
Assurance in Trusted Operating Systems | |
| |
| |
Implementation Examples | |
| |
| |
Summary of Security in Operating Systems | |
| |
| |
Bibliographic Notes | |
| |
| |
Terms and Concepts | |
| |
| |
Exercises | |
| |
| |
| |
Data Base Security | |
| |
| |
Introduction to Data Bases | |
| |
| |
Security Requirements | |
| |
| |
Reliability and Integrity | |
| |
| |
Sensitive Data | |
| |
| |
Inference Problem | |
| |
| |
Multilevel Data Bases | |
| |
| |
Proposals for Multilevel Security | |
| |
| |
Summary of Data Base Security | |
| |
| |
Bibliographic Notes | |
| |
| |
Terms and Concepts | |
| |
| |
Exercises | |
| |
| |
| |
Security in Networks and Distributed Systems | |
| |
| |
Network Concepts | |
| |
| |
Threats in Networks | |
| |
| |
Network Security Controls | |
| |
| |
Privacy Enhanced Electronic Mail | |
| |
| |
Firewalls | |
| |
| |
Encrypting Gateway | |
| |
| |
Multilevel Security on Networks | |
| |
| |
Summary of Network Security | |
| |
| |
Bibliographic Notes | |
| |
| |
Terms and Concepts | |
| |
| |
Exercises | |
| |
| |
| |
Administering Security | |
| |
| |
Personal Computer Security Management | |
| |
| |
UNIX Security Management | |
| |
| |
Network Security Management | |
| |
| |
Risk Analysis | |
| |
| |
Security Planning | |
| |
| |
Organizational Security Policies | |
| |
| |
Summary of Administering Security | |
| |
| |
Bibliographic Notes | |
| |
| |
Terms and Concepts | |
| |
| |
Exercises | |
| |
| |
| |
Legal and Ethical Issues in Computer Security | |
| |
| |
Protecting Programs and Data | |
| |
| |
Information and the Law | |
| |
| |
Rights of Employees and Employers | |
| |
| |
Computer Crime | |
| |
| |
Ethical Issues in Computer Security | |
| |
| |
Ethical Reasoning | |
| |
| |
Electronic Privacy | |
| |
| |
Privacy of Electronic Data | |
| |
| |
Use of Encryption | |
| |
| |
Cryptographic Key Escrow | |
| |
| |
Case Studies of Ethics | |
| |
| |
Case Studies of Ethics | |
| |
| |
Codes of Ethics | |
| |
| |
Conclusion | |
| |
| |
Bibliographic Notes | |
| |
| |
Terms and Concepts | |
| |
| |
Bibliography | |
| |
| |
Index | |