Security in Computing

Charles P. Pfleeger

Publisher: Prentice Hall, 1989, 538 pages

ISBN: 0-13-799016-2

Keywords: Information Security

Last modified: May 23, 2021, 9:52 a.m.

Synopsis

Not available

Table of Contents

  1. Is There a Security Problem in Computing?
    1. Characteristics of Computer Intrusion
    2. Kinds of Security Breaches
    3. The Points of Security Vulnerabilities
      • Attacks on Hardware
      • Attacks on Software
      • Attacks on Data: A Special Concern
      • Other Exposed Assets
      • Summary of Exposures
    4. The People Involved
      • Amateurs
      • Hackers, Crackers, Whiz Kids
      • Career Criminals
    5. Methods of Defense
      • Controls
      • Effectiveness of Controls
    6. Plan of Attack
      • Encryption
      • Security on Single-Computer Systems
      • Security in Multi-Computer Systems
      • Human Factors in Security
    7. Summary
    8. Terms Used
    9. Exercises
  2. Basic Encryption and Decryption
    1. Terminology and Background
      • Terminology
      • Representation of Characters
    2. Monoalphabetic Ciphers (Substitutions)
      • The Caesar Cipher
      • Other Monoalphabetic Ciphers
      • Cryptanalysis of Monoalphabetic Ciphers
    3. Polyalphabetic Substitution Ciphers
      • Vigenere Tableaux
      • Cryptanalysis of Polyalphabetic Ciphers
      • The "Perfect" Substitution Cipher
      • Summary of Substitutions
    4. Transpositions (Permutations)
      • Columnar Transpositions
      • Generalized Transpositions
    5. Fractionated Morse
      • Morse Code
      • Morse Code for Encryption
      • Example
      • Cryptanalysis of Fractionated Morse
    6. Stream and Block Ciphers
    7. Characteristics of "Good" Ciphers
      • Shannon Characteristics
      • Confusion and Diffusion
      • Information Theoretic Tests
      • Unicity Distance
    8. What the Cryptanalyst Has to Work With
      • Ciphertext Only
      • Full or Partial Plaintext
      • Ciphertext of any Plantext
      • Algorithm and Ciphertext
    9. Summary of Basic Encryption
    10. Terms and Concepts
    11. Bibiographic Notes
    12. Exercises
  3. Secure Encryption Systems
    1. "Hard" Problems: Complexity
      • NP-Complete Problems
      • Characteristics of NP-Complete Problems
      • Other Inherently Hard Problems
    2. Properties of Arithmetic
      • Inverses
      • Primes
      • Greatest Common Divisor
      • Modular Arithmetic
      • Computing Inverse
    3. Public-Key Systems
      • Motivation
      • Characteristics
    4. Merkle-Hellman Knapsacks
      • Introduction to Merkle-Hellman Knapsacks
      • Detailed Explanation of the Merkle-Hellman Technique
      • The Encryption technique
      • Examples Using Merkle-Hellman Knapsacks
      • Cryptanalysis
    5. Rivest-Shamir-Adelman (RSA) Encryption
      • Introduction to the RSA Algorithm
      • Detailed Description of the Encryption Algorithm
      • Mathematical Foundations of the RSA Algorithm
      • Example
      • Practical Implementation of the Algorithm
      • Cryptanalysis of the RSA Method
    6. Single Key (Conventional) Systems
      • Advantages and Disadvantages
      • Problems of Single Key Systems
    7. The Data Encryption Standard (DES)
      • Background and History
      • Overview of the DES Algorithm
      • Details of the Encryption Algorithm
      • Details of Each Cycle of the Algorithm
      • Decryption of the DES
        Questions about the Security of the DES
      • How to Use the DES
        Weaknesses of the DES
      • NSDD-145 and Support of the DES
      • Computer Security Attack Act of 1988
    8. Conclusions on Secure Encryption
    9. Summary of Secure Encryption
    10. Terms and Concepts
    11. Bibliographic Notes
    12. Exercises
  4. Using Encryption: Protocols and Practices
    1. Protocols: Using Encryption to Solve Problems
      • Definitions of Protocols
      • Digital Signatures
      • Mental Poker
      • Voting by Computer
      • Oblivious Transfer
      • Contract Signing
      • Certified Mail
      • Protocol Summary
    2. Appropriate Uses of Encryption
      • Amount of Secrecy
      • Key Distribution
      • Complexity to Encrypt
      • Propagation of Errors
      • Size of Ciphertext
    3. Enhancing Cryptographic Security
      • Error Prevention and Detection
      • One-Way Encryption
      • Cryptographic  Sealing
      • Authentication
      • Time Stamps
      • Modes of Use of DES
    4. Summary of Protocols and Practices
    5. Terms and Concepts
    6. Bibliographic Notes
    7. Exercises
  5. Security Involving Programs
    1. Information Access Problems
      • Trapdoors
      • Trojan Horse
      • Salami Attack
      • Programs that Leak Information
    2. Service Problems
      • Greedy Programs
      • Loops
      • Viruses
      • Worms
    3. Program Development Controls Against Program Attacks
      • Description of the Programming Task
      • Peer Reviews
      • Modularity, Encapsulation and Information Hiding
      • Independent Testing
      • Configuration Management
      • Proofs of Program Correctness
    4. Operating System Controls on Use of Programs
      • Trusted Software
      • Mutual Suspicion
      • Confinement
      • Compartmented Information
      • Access Log
    5. Administrative Controls
      • Standards of Program Development
      • Enforcing Program Development Standards
      • Separation of Duties
      • Hiring Characteristics
      • Investigation of Employees
    6. Summary of Program Controls
    7. Terms and Concepts
    8. Bibliographic Notes
    9. Exercises
  6. Protection Services for Users of Operating Systems
    1. Protected Objects and Methods of Protection
      • History of Operating Systems
      • Protected Objects
      • Security Models of Operating Systems
    2. Protection of Memory and Addressing
      • Fence
      • Relocation
      • Base/Bounds Registers
      • Tagged Architecture
      • Segmentation
      • Paging
      • Combined Paging with Segmentation
    3. Protection of Access to General Objects
      • Directory
      • Access Control List
      • Access Control Matrix
      • Capability
      • Procedure-Oriented Access Control
    4. File Protection Mechanisms
      • Basic Level Protection
      • Single Permissions
      • Per-Object and Per-User Protection
    5. User Authentication
      • Use of Passwords
      • Attacks on Passwords
      • Password Selection Criteria
      • The Authentication Process
      • Flaws in the Authentication Process
      • Authentication without or in Addition to Passwords
    6. Summary of Security for Users
    7. Bibliographic Notes
    8. Terms and Concepts
    9. Exercises
  7. Design of Secure Operating Systems
    1. Models of Security
      • Single-Level Models
      • Lattice Model of Multi-Level Security
      • Information Flow Models
      • Theoretical Limitations of Security Systems
      • Summary of Models of Protection Systems
    2. Design of Secure Operating Systems
      • Basic Multiprogramming Operating System Features
      • Separation/Isolation
      • Kernel
      • Layered Design
      • Ring Structured
    3. Penetration of Operating Systems
      • Known Flaws
      • Examples of Exploitations
    4. Certification of Secure Operating Systems
      • Methods of Evaluation
      • Qualities of Secure Systems
      • NCSC Certifications
    5. Examples of Security in General-Purpose Operating Systems
      • Unix
      • VAX/VMS
      • IBM MVS
      • VM/370
    6. Operating Systems Designed for Security
      • Honeywell Scomp
      • UCLA Secure Unix
      • Kernelized VM/370
    7. Summary of Security in Operating Systems
    8. Terms and Concepts
    9. Bibliographic Notes
    10. Exercises
  8. Data Base Security
    1. Introduction to Data Bases
      • Concept of a Data Base
      • Advantages of Using Data Bases
    2. Security Requirements
      • Integrity of the Data Base
      • Element Integrity
      • Auditability
      • Access Control
      • User Authentication
      • Availability
      • Integrity/Secrecy/Availability
    3. Reliability and Integrity
      • Protection Features from the Operating Syste,
      • Two-Phase Update
      • Redundancy/Internal Consistency
      • Recovery
      • Concurrency/Consistency
      • Monitors
      • Summary of Reliability
    4. Sensitive Data
      • Access Decisions
      • Types of Disclosures
      • Security vs. Precision
    5. Inference Problem
      • Direct Attack
      • Indirect Attack
      • Controls for Statistical Inference Attacks
      • Conclusions on the Inference Problem
    6. Multilevel Data Bases
      • The Case for Differentiated Security
      • Granularity
      • Security Issues
    7. Proposals for Multilevel Security
      • Partitioning
      • Encryption
      • Integrity Lock
      • Trusted Front-End
      • Commutative Filter
      • Window/View
      • Concluding Remarks
    8. Summary of Data Base Security
    9. Terms and Concepts
    10. Bibliographic Notes
    11. Exercises
  9. Personal Computer Security
    1. Contributors to Security Problems
      • Hardware Vulnerabilities
      • Other Vulnerabilities
    2. Security Measures
      • Issues Addressed by User Awareness of Responsibility
      • Issues Addressed by Procedure for Use
      • Issues Addressed by Hardware Controls
      • Issues Addressed by Software Controls
    3. Protection for Files
      • Access Controls
      • User-Invoked Encryption
    4. Copy Protection
      • Straight Software Techniques
      • Software/Hardware Combinations
      • Hardware Techniques
      • No Protection
    5. Summary of Personal Computer Security
    6. Terms and Concepts
    7. Exercises
  10. Computer Network Security
    1. Comparison of Networks and Other Computing Systems
      • ISO Reference Model
      • Network Topology
      • Networks are Systems, Too
      • Advantages of Computing Networks
    2. Network Security Issues
      • Reasons for Network Security Problems
      • Security Exposures
    3. Encryption in Networks
      • Link Encryption
      • End-to-End Encryption
      • Comparison of Encryption Methods
      • Key Distribution
      • Secure Cryptographic Facility
    4. Access Control
      • Port Protection
      • Node Authentication
    5. User Authentication
      • Passwords
      • Exchange of Secrets Protocol
      • Passphrases — Questionnaire
      • Token — Smart Card
      • Personal Characteristics
      • Summary of Authentication
    6. Active Node Threats
      • Playback of Previous Messages
      • Disruption of Service
      • Introduction of Spurious Messages
    7. Traffic Control
      • Pad Traffic
      • Routing Control
    8. Data Integrity
      • Protocols
      • Checksums
      • Digital Signatures
      • Notarization
    9. Local Area Networks
      • Topology
      • Other Security Concerns in Local Area Networks
    10. Multilevel Security on Networks
      • Trusted Network Interface
      • Secure Communication
      • Secure Network Interconnection
    11. Summary of Network Security
    12. Terms and Concepts
    13. Bibliographic Notes
    14. Exercises
  11. Communications Security
    1. Communications Characteristics
      • Signals
      • Digital versus Analog
      • Representation of an Analog Signal
      • Digital Signal Transmission
      • Dedicated versus Switched
      • Digital versus Analog — Again
      • Common Carrier
      • Summary of Communication Techniques
    2. Communications Media
      • Cable
      • Microwave
      • Satellite
      • Optical Fibre
      • Summary of Communications, Media
    3. Loss of Integrity
      • Noise
      • Noise in Analog Communication
      • Digital Noise
    4. Wiretapping
      • Physical Connection
      • Inductive Wiretap
    5. Summary of Communications Security
    6. Terms and Concepts
    7. Exercises
  12. Physical Protection — Planning and Products
    1. Perils
      • Natural
      • Human Vandals
      • Interception
      • Unauthorized Access and Use
    2. Natural Disasters
      • Flood
      • Fire
      • Power Loss
      • Heat
    3. Resumption After a Crisis
      • Backup
      • Off-Site Backup
      • Cold Site
      • Hot Site
    4. Intruders
      • Theft Prevention
    5. Disposal of Sensitive Data
      • Shredders
      • Overwriting Magnetic Data
      • Degaussers
      • Emanations Protection-Tempest
    6. Port Protection
    7. Control of Access to Computers
      • Mainframe Data Access Control Software
      • Microcomputer Access Control Hardware/Software
      • Stored File Encryptors
      • Network Penetration Detectors
    8. Authentication Devices
      • Smart Cards
      • Challenge-Response Systems
      • Personal Characteristics Recognition
    9. Personal Computer Copy Protection
    10. Conclusions
    11. Terms and Concepts
  13. Risk Analysis and Security Planning
    1. Risk Analysis
      • Reasons to Perform a Risk Analysis
      • Steps in Doing a Risk Analysis
    2. An Example of Risk Analysis
    3. Insurance Office Risk Analysis
      • Arguments Against Risk Analysis
      • Summary of Benefits of Risk Analysis
    4. Security Plan
      • Reasons for Creating a Security Plan
      • Content of a Security Plan
      • Members of the Security Planning Team
      • Securing Commitment to a Security Plan
    5. Summary of Security Planning
    6. Terms and Concepts
    7. Bibliographic Notes
  14. Legal Issues in Computer Security
    1. Protecting Programs and Data
      • Copyrights
      • Patents
      • Trade Secret
      • Protection for Computer Objects
    2. Rights of Employees and Employers
      • Ownership of Products
      • Employment Contracts
    3. Computer Crime
      • Why a Separate Category for Computer Crime?
      • Acceptance of Computer Terminology
      • Why Computer Crime Is Hard to Define
      • Why Computer Crime Is Hard to prosecute
      • Examples of Statues
      • Federal Statues Related to Computing
      • What Computer Crime Does Not Address
    4. Summary of Legal Issues in Computer Security
    5. Terms and Concepts
  15. Ethical Issues in Computer Security
    1. The Law and Ethics Are Not the Same
    2. Studying Ethics
      • Ethics and Religion
      • Ethics Is Not Universal
      • Ethics Does Not Provide Answers
    3. Ethical Reasoning
      • Examining a Case for Ethical Issues
      • Examples of Ethical Principles
      • Applying Principles of Moral Reasoning
    4. Case I: Use of Computer Services
      • The Case
      • Value Issues
      • Analysis
      • Alternative Situations
    5. Case II: Privacy Rights
      • The Case
      • Some principles Involved
      • Analysis
      • Extensions to the Basic Case
    6. Case III: Denial of Service
      • The Case
      • Analysis
    7. Case IV: Ownership of Programs
      • The Case
      • Analysis
    8. Case V: Proprietary Resources
      • The Case
      • Extensions to the Case
    9. Case VI: Fraud
      • The Case
      • Extensions
      • Analysis of the Basic Case
    10. Case VII: Accuracy of Information 
      • The Case
      • Ethical Concerns
    11. Code of Ethics
    12. Conclusion
    13. Terms and Concepts
    14. Bibliographic Notes

Reviews

Security in Computing

Reviewed by Roland Buresund

Good ******* (7 out of 10)

Last modified: Nov. 13, 2008, 2:02 a.m.

Opinion

A classical work, but buy the second edition instead.

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required