Computer Security

Completely updated and up-to-the-minute textbook for courses on computer science. The third edition has been completely revised to include new advances in software and technology over the last few years. Provides sections on Windows NT, CORBA and Java which are not examined in comparable titles. No active previous experience of security issues is necessary making this accessible to Software Developers and Managers whose responsibilities span any technical aspects of IT security. Written for self-study and course use, this book will suit a variety of introductory and more advanced security programmes for students of computer science, engineering and related disciplines. Technical and project managers will also find that the broad coverage offers a great starting point for discovering underlying issues and provides a means of orientation in a world populated by a bewildering array of competing security systems. 

1. History of Computer Security. 1.1 The Dawn of Computer Security. 1.2 1970s - Mainframes. 1.3 1980s - Personal Computers. 1.4 1990s - Internet. 1.5 2000s - The Web. 1.6 Conclusions - The Benefits of Hindsight. 2. Managing Security. 2.1 Attacks and Attackers. 2.2 Security. 2.3 Security Management. 2.4 Risk and Threat Analysis. 2.5 Further Reading. 2.6 Exercises. 3. Foundations of Computer Security. 3.1 Definitions. 3.2 The Fundamental Dilemma of Computer Security. 3.3 Data vs Information. 3.4 Principles of Computer Security. 3.5 The Layer Below. 3.6 The Layer Above. 3.7 Further Reading. 3.8 Exercises. 4. Identification & Authentication. 4.1 Username and Password. 4.2 Bootstrapping Password Protection. 4.3 Guessing Passwords. 4.4 Phishing, Spoofing, and Social Engineering. 4.5 Protecting the Password File. 4.6 Single Sign-on. 4.7 Alternative Approaches. 4.8 Further Reading. 4.9 Exercises. 5. Access Control. 5.1 Background. 5.2 Authentication and Authorization. 5.3 Access Operations. 5.4 Access Control Structures. 5.5 Ownership. 5.6 Intermediate Controls. 5.7 Policy Instantiation. 5.8 Comparing Security Attributes. 5.9 Further Reading. 5.10 Exercises. 6. Reference Monitors. 6.1 Introduction. 6.2 Operating System Integrity. 6.3 Hardware Security Features. 6.4 Protecting Memory. 6.5 Further Reading. 6.6 Exercises. 7. Unix Security. 7.1 Introduction. 7.2 Principals. 7.3 Subjects. 7.4 Objects. 7.5 Access Control. 7.6 Instances of General Security Principles. 7.7 Management Issues. 7.8 Further Reading. 7.9 Exercises. 8. Windows Security. 8.1 Introduction. 8.2 Access Control - Components. 8.3 Access Decisions. 8.4 Managing Policies. 8.5 Task Dependent Access Rights. 8.6 Administration. 8.7 Further Reading. 8.8 Exercises. 9. Database Security. 9.1 Introduction. 9.2 Relational Databases. 9.3 Access Control. 9.4 Statistical Database Security. 9.5 Integration with the Operating System. 9.6 Privacy. 9.7 Further Reading. 9.8 Exercises. 10. Software Security. 10.1 Introduction. 10.2 Characters and Numbers. 10.3 Canonical Representations. 10.4 Memory Management. 10.5 Data and Code. 10.6 Race conditions. 10.7 Defences. 10.8 Further Reading. 10.9 Exercises. 11. Bell-LaPadula Model. 11.1 State Machine Models. 11.2 The Bell-LaPadula Model. 11.3 The Multics Interpretation of BLP. 11.4 Further Reading. 11.5 Exercises. 12. Security Models. 12.1 The Biba Model. 12.2 Chinese Wall Model. 12.3 The Clark-Wilson Model. 12.4 The Harrison-Ruzzo-Ullman Model. 12.5 Information-Flow Models. 12.6 Execution Monitors. 12.7 Further Reading. 12.8 Exercises. 13. Security Evaluation. 13.1 Introduction. 13.2 The Orange Book. 13.3 The rainbow Series. 13.4 Information Technology Security Evaluation Criteria. 13.5 The Federal Criteria. 13.6 The Common Criteria. 13.7 Quality Standards. 13.8 An Effort Well Spent? 13.9 Summary. 13.10 Further Reading. 13.11 Exercises. 14. Cryptography. 14.1 Introduction. 14.2 Modular Arithmetic. 14.3 Integrity Check Functions. 14.4 Digital Structures. 14.5 Encryption. 14.6 Strength of Mechanisms. 14.7 Performance. 14.8 Further Reading. 14.9 Exercises. 15. Authentication in Distributed Systems. 15.1 Introduction. 15.2 Key Establishment and Authentication. 15.3 Key Establishment Protocols. 15.4 Kerberos. 15.5 Public Key Infrastructures. 15.6 Trusted Computing Attestation. 15.7 Further Reading. 15.8 Exercises. 16. Communications Security. 16.1 Introduction. 16.2 Protocol Design Principles. 16.3 IP Security. 16.4 IPsec and Network Address Translation. 16.5 SSL/TLS. 16.6 Extensible Authentication Protocol. 16.7 Further Reading. 16.8 Exercises. 17. Network Security. 17.1 Introduction. 17.2 DNS. 17.3 Firewalls. 17.4 Intrusion Detection. 17.5 Further Reading. 17.6 Exercises. 18. Web Security.