121,50 €*
Versandkostenfrei per Post / DHL
Aktuell nicht verfügbar
Today, everyone recognizes the importance of safeguarding computer systems and networks from vulnerability, attack, and compromise. But computer security is neither an easy art nor a simple science: its methodologies and technologies require rigorous study, and a deep grounding in principles that can be applied even as technologies change. Moreover, practitioners must understand how to align concepts with real policies, and then actually implement those policies -- managing inevitable tradeoffs such as "How secure do our devices really need to be, and how much inconvenience can we accept?”
In his extensively updated Computer Security: Art and Science, 2nd Edition, University of California at Davis Computer Security Laboratory co-director Matt Bishop offers a clear, rigorous, and thorough introduction to the entire modern field of computer security. Bishop covers access control; security, confidentiality, integrity, availability, and hybrid policies; policy composition; cryptography; authentication; identity management; information flow; assurance; formal methods; system evaluation; vulnerability analysis; auditing; intrusion detection, and many other topics.
This edition adds four new chapters, including a brand-new chapter-length case study on the high-profile issue of electronic voting. Through this case study, Bishop demonstrates how principles, policies, procedures, and technology come together in a crucial real-world application.
Today, everyone recognizes the importance of safeguarding computer systems and networks from vulnerability, attack, and compromise. But computer security is neither an easy art nor a simple science: its methodologies and technologies require rigorous study, and a deep grounding in principles that can be applied even as technologies change. Moreover, practitioners must understand how to align concepts with real policies, and then actually implement those policies -- managing inevitable tradeoffs such as "How secure do our devices really need to be, and how much inconvenience can we accept?”
In his extensively updated Computer Security: Art and Science, 2nd Edition, University of California at Davis Computer Security Laboratory co-director Matt Bishop offers a clear, rigorous, and thorough introduction to the entire modern field of computer security. Bishop covers access control; security, confidentiality, integrity, availability, and hybrid policies; policy composition; cryptography; authentication; identity management; information flow; assurance; formal methods; system evaluation; vulnerability analysis; auditing; intrusion detection, and many other topics.
This edition adds four new chapters, including a brand-new chapter-length case study on the high-profile issue of electronic voting. Through this case study, Bishop demonstrates how principles, policies, procedures, and technology come together in a crucial real-world application.
Matt Bishop is a professor in the Department of Computer Science at the University of California at Davis. His main research interest is the analysis of vulnerabilities in computer systems, including modeling them, building tools to detect vulnerabilities, and ameliorating or eliminating them. He works in the areas of network security, including the study of denial of service attacks and defenses, policy modeling, software assurance testing, resilience, and formal modeling of access control. He was co-chair of the Joint Task Force that developed the Cybersecurity Curricula 2017: Curriculum Guidelines for Post-Secondary Degree Programs in Cybersecurity, released in December 2017. He earned his Ph.D. in computer science from Purdue University in 1984.
Preface xxix
Acknowledgments xlv
About the Author xlix
Part I: Introduction 1
Chapter 1: An Overview of Computer Security 3
1.1 The Basic Components 3
1.2 Threats 6
1.3 Policy and Mechanism 9
1.4 Assumptions and Trust 11
1.5 Assurance 12
1.6 Operational Issues 16
1.7 Human Issues 20
1.8 Tying It All Together 22
1.9 Summary 24
1.10 Research Issues 24
1.11 Further Reading 25
1.12 Exercises 25
Part II: Foundations 29
Chapter 2: Access Control Matrix 31
2.1 Protection State 31
2.2 Access Control Matrix Model 32
2.3 Protection State Transitions 37
2.4 Copying, Owning, and the Attenuation of Privilege 42
2.5 Summary 44
2.6 Research Issues 44
2.7 Further Reading 44
2.8 Exercises 45
Chapter 3: Foundational Results 49
3.1 The General Question 49
3.2 Basic Results 51
3.3 The Take-Grant Protection Model 56
3.4 Closing the Gap: The Schematic Protection Model 68
3.5 Expressive Power and the Models 81
3.6 Comparing Security Properties of Models 94
3.7 Summary 101
3.8 Research Issues 102
3.9 Further Reading 102
3.10 Exercises 103
Part III: Policy 107
Chapter 4: Security Policies 109
4.1 The Nature of Security Policies 109
4.2 Types of Security Policies 113
4.3 The Role of Trust 115
4.4 Types of Access Control 117
4.5 Policy Languages 118
4.6 Example: Academic Computer Security Policy 126
4.7 Security and Precision 131
4.8 Summary 136
4.9 Research Issues 136
4.10 Further Reading 137
4.11 Exercises 138
Chapter 5: Confidentiality Policies 141
5.1 Goals of Confidentiality Policies 141
5.2 The Bell-LaPadula Model 142
5.3 Tranquility 161
5.4 The Controversy over the Bell-LaPadula Model 164
5.5 Summary 169
5.6 Research Issues 169
5.7 Further Reading 170
5.8 Exercises 171
Chapter 6: Integrity Policies 173
6.1 Goals 173
6.2 The Biba Model 175
6.3 Lipner’s Integrity Matrix Model 178
6.4 Clark-Wilson Integrity Model 183
6.5 Trust Models 189
6.6 Summary 196
6.7 Research Issues 196
6.8 Further Reading 197
6.9 Exercises 198
Chapter 7: Availability Policies 201
7.1 Goals of Availability Policies 201
7.2 Deadlock 202
7.3 Denial of Service Models 203
7.4 Example: Availability and Network Flooding 215
7.5 Summary 222
7.6 Research Issues 222
7.7 Further Reading 223
7.8 Exercises 224
Chapter 8: Hybrid Policies 227
8.1 Chinese Wall Model 227
8.2 Clinical Information Systems Security Policy 236
8.3 Originator Controlled Access Control 239
8.4 Role-Based Access Control 244
8.5 Break-the-Glass Policies 249
8.6 Summary 250
8.7 Research Issues 250
8.8 Further Reading 251
8.9 Exercises 252
Chapter 9: Noninterference and Policy Composition 255
9.1 The Problem 255
9.2 Deterministic Noninterference 259
9.3 Nondeducibility 271
9.4 Generalized Noninterference 274
9.5 Restrictiveness 277
9.6 Side Channels and Deducibility 280
9.7 Summary 282
9.8 Research Issues 283
9.9 Further Reading 283
9.10 Exercises 285
Part IV: Implementation I: Cryptography 287
Chapter 10: Basic Cryptography 289
10.1 Cryptography 289
10.2 Symmetric Cryptosystems 291
10.3 Public Key Cryptography 306
10.4 Cryptographic Checksums 315
10.5 Digital Signatures 318
10.6 Summary 323
10.7 Research Issues 324
10.8 Further Reading 325
10.9 Exercises 326
Chapter 11: Key Management 331
11.1 Session and Interchange Keys 332
11.2 Key Exchange 332
11.3 Key Generation 341
11.4 Cryptographic Key Infrastructures 343
11.5 Storing and Revoking Keys 353
11.6 Summary 359
11.7 Research Issues 360
11.8 Further Reading 361
11.9 Exercises 362
Chapter 12: Cipher Techniques 367
12.1 Problems 367
12.2 Stream and Block Ciphers 370
12.3 Authenticated Encryption 377
12.4 Networks and Cryptography 381
12.5 Example Protocols 384
12.6 Summary 410
12.7 Research Issues 411
12.8 Further Reading 411
12.9 Exercises 413
Chapter 13: Authentication 415
13.1 Authentication Basics 415
13.2 Passwords 416
13.3 Password Selection 418
13.4 Attacking Passwords 426
13.5 Password Aging 434
13.6 Challenge-Response 438
13.7 Biometrics 441
13.8 Location 445
13.9 Multifactor Authentication 446
13.10 Summary 448
13.11 Research Issues 449
13.12 Further Reading 450
13.13 Exercises 451
Part V: Implementation II: Systems 453
Chapter 14: Design Principles 455
14.1 Underlying Ideas 455
14.2 Principles of Secure Design 457
14.3 Summary 466
14.4 Research Issues 466
14.5 Further Reading 467
14.6 Exercises 468
Chapter 15: Representing Identity 471
15.1 What Is Identity? 471
15.2 Files and Objects 472
15.3 Users 473
15.4 Groups and Roles 475
15.5 Naming and Certificates 476
15.6 Identity on the Web 484
15.7 Anonymity on the Web 490
15.8 Summary 501
15.9 Research Issues 502
15.10 Further Reading 503
15.11 Exercises 504
Chapter 16: Access Control Mechanisms 507
16.1 Access Control Lists 507
16.2 Capabilities 518
16.3 Locks and Keys 526
16.4 Ring-Based Access Control 531
16.5 Propagated Access Control Lists 533
16.6 Summary 535
16.7 Research Issues 535
16.8 Further Reading 536
16.9 Exercises 536
Chapter 17: Information Flow 539
17.1 Basics and Background 539
17.2 Nonlattice Information Flow Policies 542
17.3 Static Mechanisms 548
17.4 Dynamic Mechanisms 562
17.5 Integrity Mechanisms 566
17.6 Example Information Flow Controls 567
17.7 Summary 574
17.8 Research Issues 574
17.9 Further Reading 575
17.10 Exercises 576
Chapter 18: Confinement Problem 579
18.1 The Confinement Problem 579
18.2 Isolation 582
18.3 Covert Channels 594
18.4 Summary 619
18.5 Research Issues 620
18.6 Further Reading 620
18.7 Exercises 622
Part VI: Assurance 625
Contributed by Elisabeth Sullivan and Michelle Ruppel
Chapter 19: Introduction to Assurance 627
19.1 Assurance and Trust 627
19.2 Building Secure and Trusted Systems 634
19.3 Summary 645
19.4 Research Issues 645
19.5 Further Reading 646
19.6 Exercises 647
Chapter 20: Building Systems with Assurance 649
20.1 Assurance in Requirements Definition and Analysis 649
20.2 Assurance during System and Software Design 662
20.3 Assurance in Implementation and Integration 685
20.4 Assurance during Operation and Maintenance 695
20.5 Summary 696
20.6 Research Issues 696
20.7 Further Reading 697
20.8 Exercises 698
Chapter 21: Formal Methods 699
21.1 Formal Verification Techniques 699
21.2 Formal Specification 702
21.3 Early Formal Verification Techniques 705
21.4 Current Verification Systems 713
21.5 Functional Programming Languages 721
21.6 Formally Verified Products 722
21.7 Summary 723
21.8 Research Issues 724
21.9 Further Reading 725
21.10 Exercises 725
Chapter 22: Evaluating Systems 727
22.1 Goals of Formal Evaluation 727
22.2 TCSEC: 1983-1999 730
22.3 International Efforts and the ITSEC: 1991-2001 737
22.4 Commercial International Security Requirements: 1991 742
22.5 Other Commercial Efforts: Early 1990s 744
22.6 The Federal Criteria: 1992 744
22.7 FIPS 140: 1994-Present 746
22.8 The Common Criteria: 1998-Present 749
22.9 SSE-CMM: 1997-Present 765
22.10 Summary 768
22.11 Research Issues 769
22.12 Further Reading 769
22.13 Exercises 770
Part VII: Special Topics 773
Chapter 23: Malware 775
23.1 Introduction 775
23.2 Trojan Horses 776
23.3 Computer Viruses 780
23.4 Computer Worms 790
23.5 Bots and Botnets 793
23.6 Other Malware 796
23.7 Combinations 803
23.8 Theory of Computer Viruses 803
23.9 Defenses 808
23.10 Summary 820
23.11 Research Issues 820
23.12 Further Reading 821
23.13 Exercises 822
Chapter 24: Vulnerability Analysis 825
24.1 Introduction 825
24.2 Penetration Studies 827
24.3 Vulnerability Classification 845
24.4 Frameworks 849
24.5 Standards 864
24.6 Gupta and Gligor’s Theory of Penetration Analysis 868
24.7 Summary 873
24.8 Research Issues 874
24.9 Further Reading 875
24.10 Exercises 876
Chapter 25: Auditing 879
25.1 Definition 879
25.2 Anatomy of an Auditing System 880
25.3 Designing an Auditing System 884
25.4 A Posteriori Design 893
25.5 Auditing Mechanisms 897
25.6 Examples: Auditing File Systems 900
25.7 Summary 910
25.8 Research Issues 911
25.9 Further Reading 912
25.10 Exercises 913
Chapter 26: Intrusion Detection 917
26.1 Principles 917
26.2 Basic Intrusion Detection 918
26.3 Models 920
26.4 Architecture...
| Erscheinungsjahr: | 2018 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Buch |
| ISBN-13: | 9780321712332 |
| ISBN-10: | 0321712331 |
| UPC: | 785342712339 |
| EAN: | 0785342712339 |
| Sprache: | Englisch |
| Einband: | Gebunden |
| Autor: | Bishop, Matt |
| Auflage: | 2nd Revised edition |
| Hersteller: | Pearson Education |
| Maße: | 241 x 202 x 53 mm |
| Von/Mit: | Matt Bishop |
| Erscheinungsdatum: | 26.11.2018 |
| Gewicht: | 2,012 kg |
Matt Bishop is a professor in the Department of Computer Science at the University of California at Davis. His main research interest is the analysis of vulnerabilities in computer systems, including modeling them, building tools to detect vulnerabilities, and ameliorating or eliminating them. He works in the areas of network security, including the study of denial of service attacks and defenses, policy modeling, software assurance testing, resilience, and formal modeling of access control. He was co-chair of the Joint Task Force that developed the Cybersecurity Curricula 2017: Curriculum Guidelines for Post-Secondary Degree Programs in Cybersecurity, released in December 2017. He earned his Ph.D. in computer science from Purdue University in 1984.
Preface xxix
Acknowledgments xlv
About the Author xlix
Part I: Introduction 1
Chapter 1: An Overview of Computer Security 3
1.1 The Basic Components 3
1.2 Threats 6
1.3 Policy and Mechanism 9
1.4 Assumptions and Trust 11
1.5 Assurance 12
1.6 Operational Issues 16
1.7 Human Issues 20
1.8 Tying It All Together 22
1.9 Summary 24
1.10 Research Issues 24
1.11 Further Reading 25
1.12 Exercises 25
Part II: Foundations 29
Chapter 2: Access Control Matrix 31
2.1 Protection State 31
2.2 Access Control Matrix Model 32
2.3 Protection State Transitions 37
2.4 Copying, Owning, and the Attenuation of Privilege 42
2.5 Summary 44
2.6 Research Issues 44
2.7 Further Reading 44
2.8 Exercises 45
Chapter 3: Foundational Results 49
3.1 The General Question 49
3.2 Basic Results 51
3.3 The Take-Grant Protection Model 56
3.4 Closing the Gap: The Schematic Protection Model 68
3.5 Expressive Power and the Models 81
3.6 Comparing Security Properties of Models 94
3.7 Summary 101
3.8 Research Issues 102
3.9 Further Reading 102
3.10 Exercises 103
Part III: Policy 107
Chapter 4: Security Policies 109
4.1 The Nature of Security Policies 109
4.2 Types of Security Policies 113
4.3 The Role of Trust 115
4.4 Types of Access Control 117
4.5 Policy Languages 118
4.6 Example: Academic Computer Security Policy 126
4.7 Security and Precision 131
4.8 Summary 136
4.9 Research Issues 136
4.10 Further Reading 137
4.11 Exercises 138
Chapter 5: Confidentiality Policies 141
5.1 Goals of Confidentiality Policies 141
5.2 The Bell-LaPadula Model 142
5.3 Tranquility 161
5.4 The Controversy over the Bell-LaPadula Model 164
5.5 Summary 169
5.6 Research Issues 169
5.7 Further Reading 170
5.8 Exercises 171
Chapter 6: Integrity Policies 173
6.1 Goals 173
6.2 The Biba Model 175
6.3 Lipner’s Integrity Matrix Model 178
6.4 Clark-Wilson Integrity Model 183
6.5 Trust Models 189
6.6 Summary 196
6.7 Research Issues 196
6.8 Further Reading 197
6.9 Exercises 198
Chapter 7: Availability Policies 201
7.1 Goals of Availability Policies 201
7.2 Deadlock 202
7.3 Denial of Service Models 203
7.4 Example: Availability and Network Flooding 215
7.5 Summary 222
7.6 Research Issues 222
7.7 Further Reading 223
7.8 Exercises 224
Chapter 8: Hybrid Policies 227
8.1 Chinese Wall Model 227
8.2 Clinical Information Systems Security Policy 236
8.3 Originator Controlled Access Control 239
8.4 Role-Based Access Control 244
8.5 Break-the-Glass Policies 249
8.6 Summary 250
8.7 Research Issues 250
8.8 Further Reading 251
8.9 Exercises 252
Chapter 9: Noninterference and Policy Composition 255
9.1 The Problem 255
9.2 Deterministic Noninterference 259
9.3 Nondeducibility 271
9.4 Generalized Noninterference 274
9.5 Restrictiveness 277
9.6 Side Channels and Deducibility 280
9.7 Summary 282
9.8 Research Issues 283
9.9 Further Reading 283
9.10 Exercises 285
Part IV: Implementation I: Cryptography 287
Chapter 10: Basic Cryptography 289
10.1 Cryptography 289
10.2 Symmetric Cryptosystems 291
10.3 Public Key Cryptography 306
10.4 Cryptographic Checksums 315
10.5 Digital Signatures 318
10.6 Summary 323
10.7 Research Issues 324
10.8 Further Reading 325
10.9 Exercises 326
Chapter 11: Key Management 331
11.1 Session and Interchange Keys 332
11.2 Key Exchange 332
11.3 Key Generation 341
11.4 Cryptographic Key Infrastructures 343
11.5 Storing and Revoking Keys 353
11.6 Summary 359
11.7 Research Issues 360
11.8 Further Reading 361
11.9 Exercises 362
Chapter 12: Cipher Techniques 367
12.1 Problems 367
12.2 Stream and Block Ciphers 370
12.3 Authenticated Encryption 377
12.4 Networks and Cryptography 381
12.5 Example Protocols 384
12.6 Summary 410
12.7 Research Issues 411
12.8 Further Reading 411
12.9 Exercises 413
Chapter 13: Authentication 415
13.1 Authentication Basics 415
13.2 Passwords 416
13.3 Password Selection 418
13.4 Attacking Passwords 426
13.5 Password Aging 434
13.6 Challenge-Response 438
13.7 Biometrics 441
13.8 Location 445
13.9 Multifactor Authentication 446
13.10 Summary 448
13.11 Research Issues 449
13.12 Further Reading 450
13.13 Exercises 451
Part V: Implementation II: Systems 453
Chapter 14: Design Principles 455
14.1 Underlying Ideas 455
14.2 Principles of Secure Design 457
14.3 Summary 466
14.4 Research Issues 466
14.5 Further Reading 467
14.6 Exercises 468
Chapter 15: Representing Identity 471
15.1 What Is Identity? 471
15.2 Files and Objects 472
15.3 Users 473
15.4 Groups and Roles 475
15.5 Naming and Certificates 476
15.6 Identity on the Web 484
15.7 Anonymity on the Web 490
15.8 Summary 501
15.9 Research Issues 502
15.10 Further Reading 503
15.11 Exercises 504
Chapter 16: Access Control Mechanisms 507
16.1 Access Control Lists 507
16.2 Capabilities 518
16.3 Locks and Keys 526
16.4 Ring-Based Access Control 531
16.5 Propagated Access Control Lists 533
16.6 Summary 535
16.7 Research Issues 535
16.8 Further Reading 536
16.9 Exercises 536
Chapter 17: Information Flow 539
17.1 Basics and Background 539
17.2 Nonlattice Information Flow Policies 542
17.3 Static Mechanisms 548
17.4 Dynamic Mechanisms 562
17.5 Integrity Mechanisms 566
17.6 Example Information Flow Controls 567
17.7 Summary 574
17.8 Research Issues 574
17.9 Further Reading 575
17.10 Exercises 576
Chapter 18: Confinement Problem 579
18.1 The Confinement Problem 579
18.2 Isolation 582
18.3 Covert Channels 594
18.4 Summary 619
18.5 Research Issues 620
18.6 Further Reading 620
18.7 Exercises 622
Part VI: Assurance 625
Contributed by Elisabeth Sullivan and Michelle Ruppel
Chapter 19: Introduction to Assurance 627
19.1 Assurance and Trust 627
19.2 Building Secure and Trusted Systems 634
19.3 Summary 645
19.4 Research Issues 645
19.5 Further Reading 646
19.6 Exercises 647
Chapter 20: Building Systems with Assurance 649
20.1 Assurance in Requirements Definition and Analysis 649
20.2 Assurance during System and Software Design 662
20.3 Assurance in Implementation and Integration 685
20.4 Assurance during Operation and Maintenance 695
20.5 Summary 696
20.6 Research Issues 696
20.7 Further Reading 697
20.8 Exercises 698
Chapter 21: Formal Methods 699
21.1 Formal Verification Techniques 699
21.2 Formal Specification 702
21.3 Early Formal Verification Techniques 705
21.4 Current Verification Systems 713
21.5 Functional Programming Languages 721
21.6 Formally Verified Products 722
21.7 Summary 723
21.8 Research Issues 724
21.9 Further Reading 725
21.10 Exercises 725
Chapter 22: Evaluating Systems 727
22.1 Goals of Formal Evaluation 727
22.2 TCSEC: 1983-1999 730
22.3 International Efforts and the ITSEC: 1991-2001 737
22.4 Commercial International Security Requirements: 1991 742
22.5 Other Commercial Efforts: Early 1990s 744
22.6 The Federal Criteria: 1992 744
22.7 FIPS 140: 1994-Present 746
22.8 The Common Criteria: 1998-Present 749
22.9 SSE-CMM: 1997-Present 765
22.10 Summary 768
22.11 Research Issues 769
22.12 Further Reading 769
22.13 Exercises 770
Part VII: Special Topics 773
Chapter 23: Malware 775
23.1 Introduction 775
23.2 Trojan Horses 776
23.3 Computer Viruses 780
23.4 Computer Worms 790
23.5 Bots and Botnets 793
23.6 Other Malware 796
23.7 Combinations 803
23.8 Theory of Computer Viruses 803
23.9 Defenses 808
23.10 Summary 820
23.11 Research Issues 820
23.12 Further Reading 821
23.13 Exercises 822
Chapter 24: Vulnerability Analysis 825
24.1 Introduction 825
24.2 Penetration Studies 827
24.3 Vulnerability Classification 845
24.4 Frameworks 849
24.5 Standards 864
24.6 Gupta and Gligor’s Theory of Penetration Analysis 868
24.7 Summary 873
24.8 Research Issues 874
24.9 Further Reading 875
24.10 Exercises 876
Chapter 25: Auditing 879
25.1 Definition 879
25.2 Anatomy of an Auditing System 880
25.3 Designing an Auditing System 884
25.4 A Posteriori Design 893
25.5 Auditing Mechanisms 897
25.6 Examples: Auditing File Systems 900
25.7 Summary 910
25.8 Research Issues 911
25.9 Further Reading 912
25.10 Exercises 913
Chapter 26: Intrusion Detection 917
26.1 Principles 917
26.2 Basic Intrusion Detection 918
26.3 Models 920
26.4 Architecture...
| Erscheinungsjahr: | 2018 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Buch |
| ISBN-13: | 9780321712332 |
| ISBN-10: | 0321712331 |
| UPC: | 785342712339 |
| EAN: | 0785342712339 |
| Sprache: | Englisch |
| Einband: | Gebunden |
| Autor: | Bishop, Matt |
| Auflage: | 2nd Revised edition |
| Hersteller: | Pearson Education |
| Maße: | 241 x 202 x 53 mm |
| Von/Mit: | Matt Bishop |
| Erscheinungsdatum: | 26.11.2018 |
| Gewicht: | 2,012 kg |
Ähnliche Produkte
Lieferzeit 1-2 Wochen
Lieferzeit 1-2 Werktage
Lieferzeit 1-2 Wochen
Lieferzeit 1-2 Werktage
Lieferzeit 1-2 Werktage
Lieferzeit 1-2 Werktage
