Rent 9780470741153 | Computer Security, 3rd Edition | Dieter Gollmann (Technical University of Hamburg-Harburg) @knetbooks.com

Summary Table of Contents

The book has its focus the technical aspects of securing end systems. It gives introductions to related areas in Information Security like security management, network security, and cryptography.

Completely updated and up-to-the-minute textbook for courses on computer science. The third edition has been completely revised to include new advances in software and technology over the las... MOREt few years. Provides sections on Windows NT, CORBA and Java which are not examined in comparable titles. No active previous experience of security issues is necessary making this accessible to Software Developers and Managers whose responsibilities span any technical aspects of IT security. Written for self-study and course use, this book will suit a variety of introductory and more advanced security programmes for students of computer science, engineering and related disciplines. Technical and project managers will also find that the broad coverage offers a great starting point for discovering underlying issues and provides a means of orientation in a world populated by a bewildering array of competing security systems.

A completely up-to-date resource on computer security

Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self-study guide is a wonderful starting point for examining the variety of competing security systems and what makes them different from one another.

Unravels the complex topic of computer security and breaks it down in such a way as to serve as an ideal introduction for beginners in the field of computer security
Examines the foundations of computer security and its basic principles
Addresses username and password, password protection, single sign-on, and more
Discusses operating system integrity, hardware security features, and memory
Covers Unix security, Windows security, database security, network security, web security, and software security

Packed with in-depth coverage, this resource spares no details when it comes to the critical topic of computer security.

Preface xvii
- History of Computer Security	p. 1
The Dawn of Computer Security	p. 2
1970s - Mainframes	p. 3
1980s - Personal Computers	p. 4
1990s - Internet	p. 6
2000s - The Web	p. 8
Conclusions - The Benefits of Hindsight	p. 10
Exercises	p. 11
- Managing Security	p. 13
Attacks and A... MOREttackers	p. 14
Security Management	p. 15
Risk and Threat Analysis	p. 21
Further Reading	p. 29
Exercises	p. 29
- Foundations of Computer Security	p. 31
Definitions	p. 32
The Fundamental Dilemma of Computer Security	p. 40
Data vs Information	p. 40
Principles of Computer Security	p. 41
The Layer Below	p. 45
The Layer Above	p. 47
Further Reading	p. 47
Exercises	p. 48
- Identification and Authentication	p. 49
Username and Password	p. 50
Bootstrapping Password Protection	p. 51
Guessing Passwords	p. 52
Phishing, Spoofing, and Social Engineering	p. 54
Protecting the Password File	p. 56
Single Sign-on	p. 58
Alternative Approaches	p. 59
Further Reading	p. 63
Exercises	p. 63
- Access Control	p. 65
Background	p. 66
Authentication and Authorization	p. 66
Access Operations	p. 68
Access Control Structures	p. 71
Ownership	p. 73
Intermediate Controls	p. 74
Policy Instantiation	p. 79
Comparing Security Attributes	p. 79
Further Reading	p. 84
Exercises	p. 84
- Reference Monitors	p. 87
Introduction	p. 88
Operating System Integrity	p. 90
Hardware Security Features	p. 91
Protecting Memory	p. 99
Further Reading	p. 103
Exercises	p. 104
- Unix Security	p. 107
Introduction	p. 108
Principals	p. 109
Subjects	p. 111
Objects	p. 113
Access Control	p. 116
Instances of General Security Principles	p. 119
Management Issues	p. 125
Further Reading	p. 128
Exercises	p. 128
- Windows Security	p. 131
Introduction	p. 132
Components of Access Control	p. 135
Access Decisions	p. 142
Managing Policies	p. 145
Task-Dependent Access Rights	p. 147
Administration	p. 150
Further Reading	p. 153
Exercises	p. 153
- Database Security	p. 155
Introduction	p. 156
Relational Databases	p. 158
Access Control	p. 162
Statistical Database Security	p. 167
Integration with the Operating System	p. 172
Privacy	p. 173
Further Reading	p. 175
Exercises	p. 175
- Software Security	p. 177
Introduction	p. 178
Characters and Numbers	p. 179
Canonical Representations	p. 183
Memory Management	p. 184
Data and Code	p. 191
Race Conditions	p. 193
Defences	p. 194
Further Reading	p. 201
Exercises	p. 202
- Bell-LaPadula Model	p. 205
State Machine Models	p. 206
The Bell-LaPadula Model	p. 206
The Multics Interpretation of BLP	p. 212
Further Reading	p. 216
Exercises	p. 216
- Security Models	p. 219
The Biba Model	p. 220
Chinese Wall Model	p. 221
The Clark-Wilson Model	p. 223
The Harrison-Ruzzo-Ullman Model	p. 225
Information-Flow Models	p. 228
Execution Monitors	p. 230
Further Reading	p. 232
Exercises	p. 233
- Security Evaluation	p. 235
Introduction	p. 236
The Orange Book	p. 239
The Rainbow Series	p. 241
Information Technology Security Evaluation Criteria	p. 242
The Federal Criteria	p. 243
The Common Criteria	p. 243
Quality Standards	p. 246
An Effort Well Spent?	p. 247
Summary	p. 248
Further Reading	p. 248
Exercises	p. 249
- Cryptography	p. 251
Introduction	p. 252
Modular Arithmetic	p. 256
Integrity Check Functions	p. 257
Digital Signatures	p. 260
Encryption	p. 264
Strength of Mechanisms	p. 270
Performance	p. 271
Further Reading	p. 272
Exercises	p. 273
- Key Establishment	p. 275
Introduction	p. 276
Key Establishment and Authentication	p. 276
Key Establishment Protocols	p. 279
Kerberos	p. 283
Public-Key Infrastructures	p. 288
Trusted Computing - Attestation	p. 293
Further Reading	p. 295
Exercises	p. 295
- Communications Security	p. 297
Introduction	p. 298
Protocol Design Principles	p. 299
IP Security	p. 301
IPsec and Network Address Translation	p. 308
SSL/TLS	p. 310
Extensible Authentication Protocol	p. 314
Further Reading	p. 316
Exercises	p. 316
- Network Security	p. 319
Introduction	p. 320
Domain Name System	p. 322
Firewalls	p. 328
Intrusion Detection	p. 332
Further Reading	p. 335
Exercises	p. 336
- Web Security	p. 339
Introduction	p. 340
Authenticated Sessions	p. 342
Code Origin Policies	p. 346
Cross-Site Scripting	p. 347
Cross-Site Request Forgery	p. 350
JavaScript Hijacking	p. 352
Web Services Security	p. 354
Further Reading	p. 360
Exercises	p. 361
- Mobility	p. 363
Introduction	p. 364
GSM	p. 364
UMTS	p. 369
Mobile IPv6 Security	p. 372
WLAN	p. 377
Bluetooth	p. 381
Further Reading	p. 383
Exercises	p. 383
- New Access Control Paradigms	p. 385
Introduction	p. 386
SPKI	p. 388
Trust Management	p. 390
Code-Based Access Control	p. 391
Java Security	p. 395
.NET Security Framework	p. 400
Digital Rights Management	p. 405
Further Reading	p. 406
Exercises	p. 406
Bibliography	p. 409
Index	p. 423
Table of Contents provided by Publisher. All Rights Reserved.

RENT TEXTBOOKS

Computer Security, 3rd Edition

Why Rent from Knetbooks?

Top 5 reasons to order all your textbooks from Knetbooks: