Computer Security /
Gollmann, Dieter.
Computer Security / Dieter Gollmann. - 2nd ed. - Chichester, England ; Hoboken, NJ : Wiley, c2006. - xi, 374 p. : ill. ; 24 cm.
Includes bibliographical references (p. [349]-359) and index.
1 Introduction. 1.1 Attacks and Attackers. 1.2 Security. 1.3 Security Management. 1.4 Risk and Threat Analysis. 1.5 Further Reading. 1.6 Exercises. 2 Foundations of Computer Security. 2.1 Definitions. 2.2 The Fundamental Dilemma of Computer Security. 2.3 Data vs Information. 2.4 Principles of Computer Security. 2.5 The Layer Below. 2.6 Further Reading. 2.7 Exercises. 3 Identification & Authentication. 3.1 Username and Password. 3.2 Managing Passwords. 3.3 Choosing Passwords. 3.4 Spoofing Attacks. 3.5 Protecting the Password File. 3.6 Single Sign--on. 3.7 Alternative Approaches. 3.8 Further Reading. 3.9 Exercises. 4 Access Control. 4.1 Background. 4.2 Authentication and Authorization. 4.3 Access Operations. 4.4 Ownership. 4.5 Access Control Structures. 4.6 Intermediate Controls. 4.7 Partial Orderings. 4.8 Further Reading. 4.9 Exercises. 5 Reference Monitors. 5.1 Introduction. 5.2 Operating System Integrity. 5.3 Hardware Security Features. 5.4 Protecting Memory. 5.5 Further Reading. 5.6 Exercises. 6 Unix Security. 6.1 Introduction. 6.2 Principals. 6.3 Subjects. 6.4 Objects. 6.5 Access Control. 6.6 Instances of General Security Principles. 6.7 Management Issues. 6.8 Further Reading. 6.9 Exercises. 7 Windows 2000 Security. 7.1 Introduction. 7.2 Access Control -- Components. 7.3 Access Decisions. 7.4 Restricted Context. 7.5 Administration. 7.6 Further Reading. 7.7 Exercises. 8 Bell--LaPadula Model. 8.1 State Machine Models. 8.2 The Bell--LaPadula Model. 8.3 The Multics Interpretation of BLP. 8.4 Further Reading. 8.5 Exercises. 9 Security Models. 9.1 The Biba Model. 9.2 The Chinese Wall Model. 9.3 The Clark--Wilson Model. 9.4 The Harrison--Ruzzo--Ullman Model. 9.5 Information--Flow Models. 9.6 Execution Monitors. 9.7 Further Reading. 9.8 Exercises. 10 Security Evaluation. 10.1 Introduction. 10.2 The Orange Book. 10.3 The Rainbow Series. 10.4 Information Technology Security Evaluation Criteria.
This is a brand new edition of the best-selling computer security book. Written for self-study and course use, this book will suit a variety of introductory and more advanced security programmes for students of computer science, engineering and related disciplines. Technical and project managers will also find that the broad coverage offers a great starting point for discovering underlying issues and provides a means of orientation in a world populated by a bewildering array of competing security systems. * Comprehensive reference covering fundamental principles of computer security * Thinking about security within the initial design of a system is a theme that runs through the book * A top-down approach. * No active previous experience of security issues is necessary making this accessible to Software Developers and Managers whose responsibilities span any technical aspects of IT security * Provides sections on Windows NT, CORBA and Java
0470862939 (pbk. : alk. paper) 9780470862933 (pbk. : alk. paper)
2005-026866
Computer security.
QA76.9.A25 / G65 2006
005.8
Computer Security / Dieter Gollmann. - 2nd ed. - Chichester, England ; Hoboken, NJ : Wiley, c2006. - xi, 374 p. : ill. ; 24 cm.
Includes bibliographical references (p. [349]-359) and index.
1 Introduction. 1.1 Attacks and Attackers. 1.2 Security. 1.3 Security Management. 1.4 Risk and Threat Analysis. 1.5 Further Reading. 1.6 Exercises. 2 Foundations of Computer Security. 2.1 Definitions. 2.2 The Fundamental Dilemma of Computer Security. 2.3 Data vs Information. 2.4 Principles of Computer Security. 2.5 The Layer Below. 2.6 Further Reading. 2.7 Exercises. 3 Identification & Authentication. 3.1 Username and Password. 3.2 Managing Passwords. 3.3 Choosing Passwords. 3.4 Spoofing Attacks. 3.5 Protecting the Password File. 3.6 Single Sign--on. 3.7 Alternative Approaches. 3.8 Further Reading. 3.9 Exercises. 4 Access Control. 4.1 Background. 4.2 Authentication and Authorization. 4.3 Access Operations. 4.4 Ownership. 4.5 Access Control Structures. 4.6 Intermediate Controls. 4.7 Partial Orderings. 4.8 Further Reading. 4.9 Exercises. 5 Reference Monitors. 5.1 Introduction. 5.2 Operating System Integrity. 5.3 Hardware Security Features. 5.4 Protecting Memory. 5.5 Further Reading. 5.6 Exercises. 6 Unix Security. 6.1 Introduction. 6.2 Principals. 6.3 Subjects. 6.4 Objects. 6.5 Access Control. 6.6 Instances of General Security Principles. 6.7 Management Issues. 6.8 Further Reading. 6.9 Exercises. 7 Windows 2000 Security. 7.1 Introduction. 7.2 Access Control -- Components. 7.3 Access Decisions. 7.4 Restricted Context. 7.5 Administration. 7.6 Further Reading. 7.7 Exercises. 8 Bell--LaPadula Model. 8.1 State Machine Models. 8.2 The Bell--LaPadula Model. 8.3 The Multics Interpretation of BLP. 8.4 Further Reading. 8.5 Exercises. 9 Security Models. 9.1 The Biba Model. 9.2 The Chinese Wall Model. 9.3 The Clark--Wilson Model. 9.4 The Harrison--Ruzzo--Ullman Model. 9.5 Information--Flow Models. 9.6 Execution Monitors. 9.7 Further Reading. 9.8 Exercises. 10 Security Evaluation. 10.1 Introduction. 10.2 The Orange Book. 10.3 The Rainbow Series. 10.4 Information Technology Security Evaluation Criteria.
This is a brand new edition of the best-selling computer security book. Written for self-study and course use, this book will suit a variety of introductory and more advanced security programmes for students of computer science, engineering and related disciplines. Technical and project managers will also find that the broad coverage offers a great starting point for discovering underlying issues and provides a means of orientation in a world populated by a bewildering array of competing security systems. * Comprehensive reference covering fundamental principles of computer security * Thinking about security within the initial design of a system is a theme that runs through the book * A top-down approach. * No active previous experience of security issues is necessary making this accessible to Software Developers and Managers whose responsibilities span any technical aspects of IT security * Provides sections on Windows NT, CORBA and Java
0470862939 (pbk. : alk. paper) 9780470862933 (pbk. : alk. paper)
2005-026866
Computer security.
QA76.9.A25 / G65 2006
005.8