Introduction to Computer Security
Versandkostenfrei!
Nicht lieferbar
Introduction to Computer Security An excellent, beautifully written introduction to the subject of computer security--by a master teacher and practitioner.
An introduction to the science and challenges of computer security, useful as either a self-teaching tool or a classroom text.
Trimmed down and less expensive version of Bishop's definitive work on computer security, with more mathematical and advanced sections removed.
A well-known security expert and educator, Bishop's command over the subject is tremendous.
By removing material from the original book, Computer Security: Art and Science (0201440997, AWP), that is highly mathematical or otherwise difficult for many readers to understand, Matt Bishop has made his authoritative work on computer security art and science more accessible both for professionals new to the field and undergraduate students. The organization of the abridged book follows the syllabus Bishop includes in his current work for a nonmathematical undergraduate course. It focuses more on the application of theory than the theory itself. Readers learn quickly how to implement security. Product Description
In this authoritative book, widely respected practitioner and teacher Matt Bishop presents a clear and useful introduction to the art and science of information security. Bishop's insights and realistic examples will help any practitioner or student understand the crucial links between security theory and the day-to-day security challenges of IT environments.
Bishop explains the fundamentals of security: the different types of widely used policies, the mechanisms that implement these policies, the principles underlying both policies and mechanisms, and how attackers can subvert these tools--as well as how to defend against attackers. A practicum demonstrates how to apply these ideas and mechanisms to a realistic company.
Coverage includes
Confidentiality, integrity, and availability
Operational issues, cost-benefit and risk analyses, legal and human factors
Planning and implementing effective access control
Defining security, confidentiality, and integrity policies
Using cryptography and public-key systems, and recognizing their limits
Understanding and using authentication: from passwords to biometrics
Security design principles: least-privilege, fail-safe defaults, open design, economy of mechanism, and more
Controlling information flow through systems and networks
Assuring security throughout the system lifecycle
Malicious logic: Trojan horses, viruses, boot sector and executable infectors, rabbits, bacteria, logic bombs--and defenses against them
Vulnerability analysis, penetration studies, auditing, and intrusion detection and prevention
Applying security principles to networks, systems, users, and programs
Introduction to Computer Security is adapted from Bishop's comprehensive and widely praised book, Computer Security: Art and Science. This shorter version of the original work omits much mathematical formalism, making it more accessible for professionals and students who have a less formal mathematical background, or for readers with a more practical than theoretical interest.
Features + Benefits
An excellent, beautifully written introduction to the subject of computer security--by a master teacher and practitioner.
° An introduction to the science and challenges of computer security, useful as either a self-teaching tool or a classroom text.
° Trimmed down and less expensive version of Bishop's definitive work on computer security, with more mathematical and advanced sections removed.
° A well-known security expert and educator, Bishop's command over the subject is tremendous.
Backcover
In this authoritative book, widely respected practitioner and teacher Matt Bishop presents a clear and useful introduction to the art and science of information security. Bishop's insights and realistic examples will help any practitioner or student understand the crucial links between security theory and the day-to-day security challenges of IT environments.
Bishop explains the fundamentals of security: the different types of widely used policies, the mechanisms that implement these policies, the principles underlying both policies and mechanisms, and how attackers can subvert these tools--as well as how to defend against attackers. A practicum demonstrates how to apply these ideas and mechanisms to a realistic company.
Coverage includes
Confidentiality, integrity, and availability
Operational issues, cost-benefit and risk analyses, legal and human factors
Planning and implementing effective access control
Defining security, confidentiality, and integrity policies
Using cryptography and public-key systems, and recognizing their limits
Understanding and using authentication: from passwords to biometrics
Security design principles: least-privilege, fail-safe defaults, open design, economy of mechanism, and more
Controlling information flow through systems and networks
Assuring security throughout the system lifecycle
Malicious logic: Trojan horses, viruses, boot sector and executable infectors, rabbits, bacteria, logic bombs--and defenses against them
Vulnerability analysis, penetration studies, auditing, and intrusion detection and prevention
Applying security principles to networks, systems, users, and programs
Introduction to Computer Security is adapted from Bishop's comprehensive and widely praised book, Computer Security: Art and Science. This shorter version of the original work omits much mathematical formalism, making it more accessible for professionals and students who have a less formal mathematical background, or for readers with a more practical than theoretical interest.
Preface.
Goals.
Philosophy.
Organization.
Differences Between this Book and Computer Security: Art and Science.
Special Acknowledgment.
Acknowledgments.
1. An Overview of Computer Security.
The Basic Components.
Threats.
Policy and Mechanism.
Assumptions and Trust.
Assurance.
Operational Issues.
Human Issues.
Tying It All Together.
Summary.
Further Reading.
Exercises.
2. Access Control Matrix.
Protection State.
Access Control Matrix Model.
Protection State Transitions.
Conditional Commands.
Summary.
Further Reading.
Exercises.
3. Foundational Results.
The General Question.
Basic Results.
Summary.
Further Reading.
Exercises.
4. Security Policies.
Security Policies.
Types of Security Policies.
The Role of Trust.
Types of Access Control.
Example: Academic Computer Security Policy.
Summary.
Further Reading.
Exercises.
5. Confidentiality Policies.
Goals of Confidentiality Policies.
The Bell-LaPadula Model.
Summary.
Further Reading.
Exercises.
6. Integrity Policies.
Goals.
Biba Integrity Model.
Clark-Wilson Integrity Model.
Summary.
Further Reading.
Exercises.
7. Hybrid Policies.
Chinese Wall Model.
Bell-LaPadula and Chinese Wall Models.
Clinical Information Systems Security Policy.
Originator Controlled Access Control.
Role-Based Access Control.
Summary.
Further Reading.
Exercises.
8. Basic Cryptography.
What Is Cryptography?
Classical Cryptosystems.
Public Key Cryptography.
Cryptographic Checksums.
Summary.
Further Reading.
Exercises.
9. Key Management.
Session and Interchange Keys.
Key Exchange.
Cryptographic Key Infrastructures.
Storing and Revoking Keys.
Digital Signatures.
Summary.
Further Reading.
Exercises.
10. Cipher Techniques.
Problems.
Stream and Block Ciphers.
Networks and Cryptography.
Example Protocols.
Summary.
Further Reading.
Exercises.
11. Authentication.
Authentication Basics.
Passwords.
Challenge-Response.
Biometrics.
Location.
Multiple Methods.
Summary.
Further Reading.
Exercises.
12. Design Principles.
Overview.
Design Principles.
Summary.
Further Reading.
Exercises.
13. Representing Identity.
What Is Identity?
Files and Objects.
Users.
Groups and Roles.
Naming and Certificates.
Identity on the Web.
Summary.
Further Reading.
Exercises.
14. Access Control Mechanisms.
Access Control Lists.
Capabilities.
Locks and Keys.
Ring-Based Access Control.
Propagated Access Control Lists.
Summary.
Further Reading.
Exercises.
15. Information Flow.
Basics and Background.
Compiler-Based Mechanisms.
Execution-Based Mechanisms.
Example Information Flow Controls.
Summary.
Further Reading.
Exercises.
16. Confinement Problem.
The Confinement Problem.
Isolation.
Covert Channels.
Summary.
Further Reading.
Exercises.
17. Introduction to Assurance.
Assurance and Trust.
Building Secure and Trusted Systems.
Building Security In or Adding Security Later.
Summary.
Further Reading.
Exercises.
18. Evaluating Systems.
Goals of Formal Evaluation.
TCSEC: 19831999.
FIPS 140: 1994Present.
The Common Criteria: 1998Present.
SSE-CMM: 1997Present.
Summary.
Further Reading.
Exercises.
19. Malicious Logic.
Introduction.
Trojan Horses.
Computer Viruses.
Computer Worms.
Other Forms of Malicious Logic.
Defenses.
Summary.
Further Reading.
Exercises.
20. Vulnerability Analysis.
Introduction.
Penetration Studies.
Vulnerability Classification.
Frameworks.
Summary.
Further Reading.
Exercises.
21. Auditing.
Definitions.
Anatomy of an Auditing System.
Designing an Auditing System.
A Posteriori Design.
Auditing Mechanisms.
Examples: Auditing File Systems.
Audit Browsing.
Summar
An introduction to the science and challenges of computer security, useful as either a self-teaching tool or a classroom text.
Trimmed down and less expensive version of Bishop's definitive work on computer security, with more mathematical and advanced sections removed.
A well-known security expert and educator, Bishop's command over the subject is tremendous.
By removing material from the original book, Computer Security: Art and Science (0201440997, AWP), that is highly mathematical or otherwise difficult for many readers to understand, Matt Bishop has made his authoritative work on computer security art and science more accessible both for professionals new to the field and undergraduate students. The organization of the abridged book follows the syllabus Bishop includes in his current work for a nonmathematical undergraduate course. It focuses more on the application of theory than the theory itself. Readers learn quickly how to implement security. Product Description
In this authoritative book, widely respected practitioner and teacher Matt Bishop presents a clear and useful introduction to the art and science of information security. Bishop's insights and realistic examples will help any practitioner or student understand the crucial links between security theory and the day-to-day security challenges of IT environments.
Bishop explains the fundamentals of security: the different types of widely used policies, the mechanisms that implement these policies, the principles underlying both policies and mechanisms, and how attackers can subvert these tools--as well as how to defend against attackers. A practicum demonstrates how to apply these ideas and mechanisms to a realistic company.
Coverage includes
Confidentiality, integrity, and availability
Operational issues, cost-benefit and risk analyses, legal and human factors
Planning and implementing effective access control
Defining security, confidentiality, and integrity policies
Using cryptography and public-key systems, and recognizing their limits
Understanding and using authentication: from passwords to biometrics
Security design principles: least-privilege, fail-safe defaults, open design, economy of mechanism, and more
Controlling information flow through systems and networks
Assuring security throughout the system lifecycle
Malicious logic: Trojan horses, viruses, boot sector and executable infectors, rabbits, bacteria, logic bombs--and defenses against them
Vulnerability analysis, penetration studies, auditing, and intrusion detection and prevention
Applying security principles to networks, systems, users, and programs
Introduction to Computer Security is adapted from Bishop's comprehensive and widely praised book, Computer Security: Art and Science. This shorter version of the original work omits much mathematical formalism, making it more accessible for professionals and students who have a less formal mathematical background, or for readers with a more practical than theoretical interest.
Features + Benefits
An excellent, beautifully written introduction to the subject of computer security--by a master teacher and practitioner.
° An introduction to the science and challenges of computer security, useful as either a self-teaching tool or a classroom text.
° Trimmed down and less expensive version of Bishop's definitive work on computer security, with more mathematical and advanced sections removed.
° A well-known security expert and educator, Bishop's command over the subject is tremendous.
Backcover
In this authoritative book, widely respected practitioner and teacher Matt Bishop presents a clear and useful introduction to the art and science of information security. Bishop's insights and realistic examples will help any practitioner or student understand the crucial links between security theory and the day-to-day security challenges of IT environments.
Bishop explains the fundamentals of security: the different types of widely used policies, the mechanisms that implement these policies, the principles underlying both policies and mechanisms, and how attackers can subvert these tools--as well as how to defend against attackers. A practicum demonstrates how to apply these ideas and mechanisms to a realistic company.
Coverage includes
Confidentiality, integrity, and availability
Operational issues, cost-benefit and risk analyses, legal and human factors
Planning and implementing effective access control
Defining security, confidentiality, and integrity policies
Using cryptography and public-key systems, and recognizing their limits
Understanding and using authentication: from passwords to biometrics
Security design principles: least-privilege, fail-safe defaults, open design, economy of mechanism, and more
Controlling information flow through systems and networks
Assuring security throughout the system lifecycle
Malicious logic: Trojan horses, viruses, boot sector and executable infectors, rabbits, bacteria, logic bombs--and defenses against them
Vulnerability analysis, penetration studies, auditing, and intrusion detection and prevention
Applying security principles to networks, systems, users, and programs
Introduction to Computer Security is adapted from Bishop's comprehensive and widely praised book, Computer Security: Art and Science. This shorter version of the original work omits much mathematical formalism, making it more accessible for professionals and students who have a less formal mathematical background, or for readers with a more practical than theoretical interest.
Preface.
Goals.
Philosophy.
Organization.
Differences Between this Book and Computer Security: Art and Science.
Special Acknowledgment.
Acknowledgments.
1. An Overview of Computer Security.
The Basic Components.
Threats.
Policy and Mechanism.
Assumptions and Trust.
Assurance.
Operational Issues.
Human Issues.
Tying It All Together.
Summary.
Further Reading.
Exercises.
2. Access Control Matrix.
Protection State.
Access Control Matrix Model.
Protection State Transitions.
Conditional Commands.
Summary.
Further Reading.
Exercises.
3. Foundational Results.
The General Question.
Basic Results.
Summary.
Further Reading.
Exercises.
4. Security Policies.
Security Policies.
Types of Security Policies.
The Role of Trust.
Types of Access Control.
Example: Academic Computer Security Policy.
Summary.
Further Reading.
Exercises.
5. Confidentiality Policies.
Goals of Confidentiality Policies.
The Bell-LaPadula Model.
Summary.
Further Reading.
Exercises.
6. Integrity Policies.
Goals.
Biba Integrity Model.
Clark-Wilson Integrity Model.
Summary.
Further Reading.
Exercises.
7. Hybrid Policies.
Chinese Wall Model.
Bell-LaPadula and Chinese Wall Models.
Clinical Information Systems Security Policy.
Originator Controlled Access Control.
Role-Based Access Control.
Summary.
Further Reading.
Exercises.
8. Basic Cryptography.
What Is Cryptography?
Classical Cryptosystems.
Public Key Cryptography.
Cryptographic Checksums.
Summary.
Further Reading.
Exercises.
9. Key Management.
Session and Interchange Keys.
Key Exchange.
Cryptographic Key Infrastructures.
Storing and Revoking Keys.
Digital Signatures.
Summary.
Further Reading.
Exercises.
10. Cipher Techniques.
Problems.
Stream and Block Ciphers.
Networks and Cryptography.
Example Protocols.
Summary.
Further Reading.
Exercises.
11. Authentication.
Authentication Basics.
Passwords.
Challenge-Response.
Biometrics.
Location.
Multiple Methods.
Summary.
Further Reading.
Exercises.
12. Design Principles.
Overview.
Design Principles.
Summary.
Further Reading.
Exercises.
13. Representing Identity.
What Is Identity?
Files and Objects.
Users.
Groups and Roles.
Naming and Certificates.
Identity on the Web.
Summary.
Further Reading.
Exercises.
14. Access Control Mechanisms.
Access Control Lists.
Capabilities.
Locks and Keys.
Ring-Based Access Control.
Propagated Access Control Lists.
Summary.
Further Reading.
Exercises.
15. Information Flow.
Basics and Background.
Compiler-Based Mechanisms.
Execution-Based Mechanisms.
Example Information Flow Controls.
Summary.
Further Reading.
Exercises.
16. Confinement Problem.
The Confinement Problem.
Isolation.
Covert Channels.
Summary.
Further Reading.
Exercises.
17. Introduction to Assurance.
Assurance and Trust.
Building Secure and Trusted Systems.
Building Security In or Adding Security Later.
Summary.
Further Reading.
Exercises.
18. Evaluating Systems.
Goals of Formal Evaluation.
TCSEC: 19831999.
FIPS 140: 1994Present.
The Common Criteria: 1998Present.
SSE-CMM: 1997Present.
Summary.
Further Reading.
Exercises.
19. Malicious Logic.
Introduction.
Trojan Horses.
Computer Viruses.
Computer Worms.
Other Forms of Malicious Logic.
Defenses.
Summary.
Further Reading.
Exercises.
20. Vulnerability Analysis.
Introduction.
Penetration Studies.
Vulnerability Classification.
Frameworks.
Summary.
Further Reading.
Exercises.
21. Auditing.
Definitions.
Anatomy of an Auditing System.
Designing an Auditing System.
A Posteriori Design.
Auditing Mechanisms.
Examples: Auditing File Systems.
Audit Browsing.
Summar
Introduction to Computer Security
An excellent, beautifully written introduction to the subject of computer security--by a master teacher and practitioner.
An introduction to the science and challenges of computer security, useful as either a self-teaching tool or a classroom text.
Trimmed down and less expensive version of Bishop's definitive work on computer security, with more mathematical and advanced sections removed.
A well-known security expert and educator, Bishop's command over the subject is tremendous. By removing material from the original book, Computer Security: Art and Science (0201440997, AWP), that is highly mathematical or otherwise difficult for many readers to understand, Matt Bishop has made his authoritative work on computer security art and science more accessible both for professionals new to the field and undergraduate students. The organization of the abridged book follows the syllabus Bishop includes in his current work for a nonmathematical undergraduate course. It focuses more on the application of theory than the theory itself. Readers learn quickly how to implement security.
An excellent, beautifully written introduction to the subject of computer security--by a master teacher and practitioner.
An introduction to the science and challenges of computer security, useful as either a self-teaching tool or a classroom text.
Trimmed down and less expensive version of Bishop's definitive work on computer security, with more mathematical and advanced sections removed.
A well-known security expert and educator, Bishop's command over the subject is tremendous. By removing material from the original book, Computer Security: Art and Science (0201440997, AWP), that is highly mathematical or otherwise difficult for many readers to understand, Matt Bishop has made his authoritative work on computer security art and science more accessible both for professionals new to the field and undergraduate students. The organization of the abridged book follows the syllabus Bishop includes in his current work for a nonmathematical undergraduate course. It focuses more on the application of theory than the theory itself. Readers learn quickly how to implement security.
Andere Kunden interessierten sich für
