Security in Computing 2nd Ed.

Charles P. Pfleeger

Publisher: Prentice Hall, 1996, 574 pages

ISBN: 0-13-337486-6

Keywords: Information Security

Last modified: May 23, 2021, 2:25 p.m.

Synopsis

Every day, more and more critical information is created, transmitted, and archived by computers. This ever-growing reliance on technology has made computer security a higher priority than ever before, yet the pace of computer development has far outstripped the improvements in computer security. Today's computer professionals need a comprehensive understanding of all aspects of of security in computing.

Security in Computing is the most complete and up-to-date college textbook new available. Enlivened by actual case studies and supported by more than 175 exercises, the book covers:

  • Viruses, worms, Trojan horses, and other forms of malicious code
  • Firewalls and the protection of networked systems
  • E-mail privacy, including PEM, PGP, key management, and certificates
  • Key escrow — both as a technology and in the "Clipper" program
  • Evaluation of trusted systems, including the Common Criteria, the ITSEC, and the OrangeBook
  • Standards for program development and quality, including ISO9000 and SEI CMM
  • Administering secure installations of PCs, UNIX®, and networked environments
  • Ethical and legal issues in computing

A modular, layered structure makes Security in Computing ideal for classroom use as well as a reference for professionals. Once the basic tools have been covered, the remaining chapters can be studied in any order, and to any depth desired.

Since the publication of the first edition in 1989, the number of threats to secure computing have increased, but so have the available countermeasures. This second edition has been thoroughly revised to reflect teaching experiences with the first edition and to incorporate all the latest information on computer security.

Table of Contents

  1. Is There a Security Problem in Computing?
    1. Characteristics of Computer Intrusion
    2. Kinds of Security Breaches
    3. Security Goals and Vulnerabilities
      • Security Goals
      • Vulnerabilities
      • Summary of Exposures
    4. The People Involved
      • Amateurs
      • Crackers
      • Career Criminals
    5. Methods of Defense
      • Controls
      • Effectiveness of Controls
    6. Plan of Attack
      • Encryption
      • Hardware and Software Security
      • Human Controls in Security
    7. Summary
    8. Bibliographic Notes
    9. Terms Used
    10. Exercises
  2. Basic Encryption and Decryption
    1. Terminology and Background
      • Terminology
      • Representation of Characters
    2. Monoalphabetic Ciphers (Substitutions)
      • The Caesar Cipher
      • Other Monoalphabetic Ciphers
      • Cryptanalysis of Monoalphabetic Ciphers
    3. Polyalphabetic Substitution Ciphers
      • Vigenère Tableaux
      • Cryptanalysis of Polyalphabetic Ciphers
      • The "Perfect" Substitution Cipher
      • Summary of Substitutions
    4. Transpositions (Permutations)
      • Columnar Transpositions
      • Generalized Transpositions
    5. Fractionated Morse
      • Morse Code
      • Morse Code for Encryption
      • Example
      • Cryptanalysis of Fractionated Morse
    6. Stream and Block Ciphers
    7. Characteristics of "Good" Ciphers
      • Shannon Characteristics
      • Confusion and Diffusion
      • Information Theoretic Tests
      • Unicity Distance
    8. What the Cryptanalyst Has to Work With
      • Ciphertext Only
      • Full or Partial Plaintext
      • Ciphertext of any Plantext
      • Algorithm and Ciphertext
    9. Summary of Basic Encryption
    10. Terms and Concepts
    11. Bibiographic Notes
    12. Exercises
  3. Secure Encryption Systems
    1. "Hard" Problems: Complexity
      • NP-Complete Problems
      • Characteristics of NP-Complete Problems
      • The Meaning of NP-Completeness
      • NP-Completeness and Cryptography
    2. Properties of Arithmetic
      • Inverses
    3. Public-Key Systems
      • Motivation
    4. Merkle-Hellman Knapsacks
      • Introduction to Merkle-Hellman Knapsacks
      • Detailed Explanation of the Merkle-Hellman Technique
      • The Encryption technique
    5. Rivest-Shamir-Adelman (RSA) Encryption
      • Introduction to the RSA Algorithm
      • Detailed Description of the Encryption Algorithm
    6. El Gamal and Digital Signature Algorithms
      • El Gamal Algorithm
      • Digital Signature Algorithm
    7. Hash Algorithms
      • Descriptions of Hash Algorithms
      • Secure Hash Algorithm
    8. Secure Secret Key (Symmetric) Systems
      • Advantages and Disadvantages
      • Problems of Single Key Systems
    9. The Data Encryption Standard (DES)
      • Background and History
      • Overview of the DES Algorithm
      • Details of the Encryption Algorithm
      • Decryption of the DES
      • Questions about the Security of the DES
      • Weaknesses of the DES
      • Security of the DES
    10. Key Escrow and Clipper
      • The Clipper Program
      • Conclusions
    11. Summary of Secure Encryption
    12. Bibliographic Notes
    13. Terms and Concepts
    14. Exercises
  4. Using Encryption: Protocols and Practices
    1. Protocols: Orderly Behavior
      • Definitions of Protocols
      • Kinds of Protocols
    2. Protocols to Solve Problems
      • Key Distribution
      • Digital Signatures
      • Key Escrows
      • Mental Poker
      • Voting by Computer
      • Oblivious Transfer
      • Contract Signing
      • Certified Mail
    3. How to Use Encryption
      • Amount of Secrecy
      • Lost (Revealed) Keys
      • Complexity to Encrypt
      • Propagation of Errors
      • Size of Ciphertext
    4. Enhancing Cryptographic Security
      • Error Prevention and Detection
      • One-Way Encryption
    5. Modes of Encryption
      • Cipher Block Chain
      • Two Keys Give the Effect of a 112-Bit Key
    6. Summary of Protocols and Practices
    7. Terms and Concepts
    8. Bibliographic Notes
    9. Exercises
  5. Program Security
    1. Viruses and Other Malicious Code
      • Why Worry About Malicious Code?
      • Kinds of Malicious Code
      • How Viruses Attack
      • How Viruses Gain Control
      • Homes for Viruses
      • Virus Signatures
      • The Source of Viruses
      • Preventing Virus Infection
      • Truths and Misconceptions About Viruses
      • Virus Example: Brain Virus
      • Other Malicious Code Example: Internet Worm
    2. Targeted Malicious Code
      • Trapdoors
      • Salami Attack
      • Covert Channels: Programs That Leak Information
    3. Controls Against Program Threats
      • Program Controls
      • Process Improvement
      • Operating System Controls on Use oif Programs
      • Administrative Controls
    4. Summary of Program Threats and Controls
    5. Terms and Concepts
    6. Bibliographic Notes
    7. Exercises
  6. Protection in General-Purpose Operating Systems
    1. Protected Objects and Methods of Protection
      • A Bit of History
      • Protected Objects
      • Security Methods of Operating Systems
    2. Protection of Memory and Addressing
      • Fence
      • Relocation
      • Base/Bounds Registers
      • Tagged Architecture
      • Segmentation
      • Paging
      • Combined Paging with Segmentation
    3. Protecting Access to General Objects
      • Directory
      • Access Control List
      • Access Control Matrix
      • Capability
      • Procedure-Oriented Access Control
    4. File Protection Mechanisms
      • Basic Level Protection
      • Single Permissions
      • Per-Object and Per-User Protection
    5. User Authentication
      • Use of Passwords
      • Attacks on Passwords
      • Password Selection Criteria
      • The Authentication Process
      • Flaws in the Authentication Process
      • Authentication Other Than Passwords
    6. Summary of Security for Users
    7. Bibliographic Notes
    8. Terms and Concepts
    9. Exercises
  7. Designing Trusted Operating Systems
    1. What Is a trusted System?
    2. Security Policies
      • Military Security Policy
      • Commercial Security Policy
    3. Models of Security
      • Multilevel Security
      • Models Proving Theoretical Limitations of Security Systems
      • Summary of Models of Protection Systems
    4. Design of Trusted Operating Systems
      • Trusted System Design Elements
      • Security Features of Ordinary Operating Systems
      • Security Features of Trusted Operating Systems
      • Kernelized Design
      • Separation/Isolation
      • Virtualization
      • Layered Design
    5. Assurance in Trusted Operating Systems
      • Typical Operating System Flaws
      • Assurance Methods
      • Evaluation
      • What Doesn't Lead to Assurance?
    6. Implementation Examples
      • General Purpose Operating Systems
      • Operating Systems Designed for Security
    7. Summary of Security in Operating Systems
    8. Bibliographic Notes
    9. Terms and Concepts
    10. Exercises
  8. Data Base Security
    1. Introduction to Data Bases
      • Concept of a Data Base
      • Advantages of Using Data Bases
    2. Security Requirements
      • Integrity of the Data Base
      • Element Integrity
      • Auditability
      • Access Control
      • User Authentication
      • Availability
      • Integrity/Secrecy/Availability
    3. Reliability and Integrity
      • Protection Features from the Operating System
      • Two-Phase Update
      • Redundancy/Internal Consistency
      • Recovery
      • Concurrency/Consistency
      • Monitors
      • Summary of Reliability
    4. Sensitive Data
      • Access Decisions
      • Availability of Data
      • Types of Disclosures
      • Security vs. Precision
    5. Inference Problem
      • Direct Attack
      • Indirect Attack
      • Conclusions on the Inference Problem
    6. Multilevel Data Bases
      • The Case for Differentiated Security
      • Granularity
      • Security Issues
    7. Proposals for Multilevel Security
      • Partitioning
      • Encryption
      • Integrity Lock
      • Integrity Lock DBMS
      • Trusted Front-End
      • Distributed Data Bases
      • Window/View
      • Concluding Remarks
    8. Summary of Data Base Security
    9. Terms and Concepts
    10. Bibliographic Notes
    11. Exercises
  9. Security in Networks and Distributed Security
    1. Network Concepts
      • Communications
      • Media
      • Protocols
      • Addressing
      • Types of Networks
      • Topologies
      • Distributed Systems
      • Advantages of Computing Networks
    2. Threats in Networks
      • Network Security Issues
      • Security Threat Analysis
      • Wiretapping
      • Impersonation
      • Message Confidentiality Violations
      • Message Integrity Violations
      • Hacking
      • Code Integrity
      • Denial of Service
    3. Networks Security Controls
      • Encryption
      • Access Control
      • Authentication in Distributed Systems
      • Traffic Control
      • Data Integrity
      • Summary of Network Security Control Techniques
    4. Privacy Enhanced Electronic Mail
      • Requirements and Solutions
      • PEM
      • PGP
    5. Firewalls
      • Design of Firewalls
      • What Is a Firewall?
      • Types of Firewalls
      • Example Firewall Configurations
      • What Firewalls Can — and Cannot — Block
    6. Encrypting Gateway
    7. Multilevel Security on Networks
      • Trusted Network Interface
      • Secure Communication
    8. Summary of Network Security
    9. Bibliographic Notes
    10. Terms and Concepts
    11. Exercises
  10. Administering Security
    1. Personal Computer Security Management
      • Contributors to Security Problems
      • Security Measures
      • Protection for Files
      • Summary of Personal Computer Security
    2. Unix Security Management
      • Current Software
      • Accounts
      • Privileges
      • Audit
      • Passwords
    3. Network Security Management
      • Wide Area Networks and the Internet
      • Network Architecture
      • Host Security
      • Incidents
      • Tools
      • A Final Word
    4. Risk Analysis
      • Reasons to Perform a Risk Analysis
      • Steps of a Risk Analysis
      • Arguments Against Risk Analysis
      • Summary of Benefits of Risk Analysis
    5. Security Planning
      • Creating a Security Plan
      • Content of a Security Plan
      • Security Planning Team Members
      • Securing Commitment to a Security Plan
    6. Organizational Security Policies
      • Purpose
      • Attributes
      • Examples
    7. Disaster Recovery
      • Perils
      • Natural Disasters
      • Power Loss
      • Heat
      • Contingency Planning
      • Intruders
      • Disposal of Sensitive Media
    8. Summary of Administering Security
    9. Bibliographic Notes
    10. Terms and Concepts
    11. Exercises
  11. Legal and Ethical Issues in Computer Security
    1. Protecting Programs and Data
      • Copyrights
      • Patents
      • Trade Secret
      • Protection for Computer Objects
    2. Information and the Law
      • Information as an Object
      • Legal Issues relating to Information
    3. Rights of Employees and Employers
      • Ownership of Products
    4. Computer Crime
      • Why a Separate Category for Computer Crime?
      • Why Computer Crime Is Hard to Define
      • Why Computer Crime Is Hard to Prosecute
      • Examples of Statues
      • U.S. Federal Statues Related to Computing
      • What Computer Crime Does Not Address
      • Cryptography and the Law
      • Summary of Legal Issues in Computer Security
    5. Ethical Issues in Computer Security
      • The Law and Ethics Are Not the Same
      • Studying Ethics
      • Ethical Reasoning
    6. Electronic Privacy
      • Privacy of Electronic Data
      • Use of Encryption
      • Cryptographic Key Escrow
    7. Case Studies of Ethics
      • Case I: Use of Computer Services
      • Case II: Privacy Rights
      • Case III: Denial of Service
      • Case IV: Ownership of Programs
      • Case V: Proprietary Resources
      • Case VI: Fraud
      • Case VII: Accuracy of Information
    8. Code of Ethics
      • IEEE
      • ACM
      • Computer Ethics Institute
    9. Conclusion
    10. Bibliographic Notes
    11. Terms and Concepts

Reviews

Security in Computing

Reviewed by Roland Buresund

Very Good ******** (8 out of 10)

Last modified: Nov. 13, 2008, 2 a.m.

Opinion

A classical work, and still worth reading in its second edition.

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required