Dekorationsartikel gehören nicht zum Leistungsumfang.
Sprache:
Englisch
56,95 €*
Versandkostenfrei per Post / DHL
auf Lager, Lieferzeit 1-2 Werktage
Kategorien:
Beschreibung
Now that there's software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic
In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.
This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability.
Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including:
* How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of Things
* Who the attackers are - from nation states and business competitors through criminal gangs to stalkers and playground bullies
* What they do - from phishing and carding through SIM swapping and software exploits to DDoS and fake news
* Security psychology, from privacy through ease-of-use to deception
* The economics of security and dependability - why companies build vulnerable systems and governments look the other way
* How dozens of industries went online - well or badly
* How to manage security and safety engineering in a world of agile development - from reliability engineering to DevSecOps
The third edition of Security Engineering ends with a grand challenge: sustainable security. As we build ever more software and connectivity into safety-critical durable goods like cars and medical devices, how do we design systems we can maintain and defend for decades? Or will everything in the world need monthly software upgrades, and become unsafe once they stop?
In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.
This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability.
Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including:
* How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of Things
* Who the attackers are - from nation states and business competitors through criminal gangs to stalkers and playground bullies
* What they do - from phishing and carding through SIM swapping and software exploits to DDoS and fake news
* Security psychology, from privacy through ease-of-use to deception
* The economics of security and dependability - why companies build vulnerable systems and governments look the other way
* How dozens of industries went online - well or badly
* How to manage security and safety engineering in a world of agile development - from reliability engineering to DevSecOps
The third edition of Security Engineering ends with a grand challenge: sustainable security. As we build ever more software and connectivity into safety-critical durable goods like cars and medical devices, how do we design systems we can maintain and defend for decades? Or will everything in the world need monthly software upgrades, and become unsafe once they stop?
Now that there's software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic
In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.
This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability.
Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including:
* How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of Things
* Who the attackers are - from nation states and business competitors through criminal gangs to stalkers and playground bullies
* What they do - from phishing and carding through SIM swapping and software exploits to DDoS and fake news
* Security psychology, from privacy through ease-of-use to deception
* The economics of security and dependability - why companies build vulnerable systems and governments look the other way
* How dozens of industries went online - well or badly
* How to manage security and safety engineering in a world of agile development - from reliability engineering to DevSecOps
The third edition of Security Engineering ends with a grand challenge: sustainable security. As we build ever more software and connectivity into safety-critical durable goods like cars and medical devices, how do we design systems we can maintain and defend for decades? Or will everything in the world need monthly software upgrades, and become unsafe once they stop?
In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.
This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability.
Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including:
* How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of Things
* Who the attackers are - from nation states and business competitors through criminal gangs to stalkers and playground bullies
* What they do - from phishing and carding through SIM swapping and software exploits to DDoS and fake news
* Security psychology, from privacy through ease-of-use to deception
* The economics of security and dependability - why companies build vulnerable systems and governments look the other way
* How dozens of industries went online - well or badly
* How to manage security and safety engineering in a world of agile development - from reliability engineering to DevSecOps
The third edition of Security Engineering ends with a grand challenge: sustainable security. As we build ever more software and connectivity into safety-critical durable goods like cars and medical devices, how do we design systems we can maintain and defend for decades? Or will everything in the world need monthly software upgrades, and become unsafe once they stop?
Über den Autor
ROSS ANDERSON is Professor of Security Engineering at Cambridge University in England. He is widely recognized as one of the world's foremost authorities on security. In 2015 he won the Lovelace Medal, Britain's top award in computing. He is a Fellow of the Royal Society and the Royal Academy of Engineering. He is one of the pioneers of the economics of information security, peer-to-peer systems, API analysis and hardware security. Over the past 40 years, he has also worked or consulted for most of the tech majors.
Inhaltsverzeichnis
Preface to the Third Edition xxxvii
Preface to the Second Edition xli
Preface to the First Edition xliii
Formy daughter, and other lawyers... xlvii
Foreword xlix
Part I
Chapter 1 What Is Security Engineering? 3
1.1 Introduction 3
1.2 A framework 4
1.3 Example 1 - a bank 6
1.4 Example 2 - a military base 7
1.5 Example 3 - a hospital 8
1.6 Example 4 - the home 10
1.7 Definitions 11
1.8 Summary 16
Chapter 2 Who Is the Opponent? 17
2.1 Introduction 17
2.2 Spies 19
2.2.1 The Five Eyes 19
2.2.1.1 Prism 19
2.2.1.2 Tempora 20
2.2.1.3 Muscular 21
2.2.1.4 Special collection 22
2.2.1.5 Bullrun and Edgehill 22
2.2.1.6 Xkeyscore 23
2.2.1.7 Longhaul 24
2.2.1.8 Quantum 25
2.2.1.9 CNE 25
2.2.1.10 The analyst's viewpoint 27
2.2.1.11 Offensive operations 28
2.2.1.12 Attack scaling 29
2.2.2 China 30
2.2.3 Russia 35
2.2.4 The rest 38
2.2.5 Attribution 40
2.3 Crooks 41
2.3.1 Criminal infrastructure 42
2.3.1.1 Botnet herders 42
2.3.1.2 Malware devs 44
2.3.1.3 Spam senders 45
2.3.1.4 Bulk account compromise 45
2.3.1.5 Targeted attackers 46
2.3.1.6 Cashout gangs 46
2.3.1.7 Ransomware 47
2.3.2 Attacks on banking and payment systems 47
2.3.3 Sectoral cybercrime ecosystems 49
2.3.4 Internal attacks 49
2.3.5 CEO crimes 49
2.3.6 Whistleblowers 50
2.4 Geeks 52
2.5 The swamp 53
2.5.1 Hacktivism and hate campaigns 54
2.5.2 Child sex abuse material 55
2.5.3 School and workplace bullying 57
2.5.4 Intimate relationship abuse 57
2.6 Summary 59
Research problems 60
Further reading 61
Chapter 3 Psychology and Usability 63
3.1 Introduction 63
3.2 Insights from psychology research 64
3.2.1 Cognitive psychology 65
3.2.2 Gender, diversity and interpersonal variation 68
3.2.3 Social psychology 70
3.2.3.1 Authority and its abuse 71
3.2.3.2 The bystander effect 72
3.2.4 The social-brain theory of deception 73
3.2.5 Heuristics, biases and behavioural economics 76
3.2.5.1 Prospect theory and risk misperception 77
3.2.5.2 Present bias and hyperbolic discounting 78
3.2.5.3 Defaults and nudges 79
3.2.5.4 The default to intentionality 79
3.2.5.5 The affect heuristic 80
3.2.5.6 Cognitive dissonance 81
3.2.5.7 The risk thermostat 81
3.3 Deception in practice 81
3.3.1 The salesman and the scamster 82
3.3.2 Social engineering 84
3.3.3 Phishing 86
3.3.4 Opsec 88
3.3.5 Deception research 89
3.4 Passwords 90
3.4.1 Password recovery 92
3.4.2 Password choice 94
3.4.3 Difficulties with reliable password entry 94
3.4.4 Difficulties with remembering the password 95
3.4.4.1 Naïve choice 96
3.4.4.2 User abilities and training 96
3.4.4.3 Design errors 98
3.4.4.4 Operational failures 100
3.4.4.5 Social-engineering attacks 101
3.4.4.6 Customer education 102
3.4.4.7 Phishing warnings 103
3.4.5 System issues 104
3.4.6 Can you deny service? 105
3.4.7 Protecting oneself or others? 105
3.4.8 Attacks on password entry 106
3.4.8.1 Interface design 106
3.4.8.2 Trusted path, and bogus terminals 107
3.4.8.3 Technical defeats of password retry counters 107
3.4.9 Attacks on password storage 108
3.4.9.1 One-way encryption 109
3.4.9.2 Password cracking 109
3.4.9.3 Remote password checking 109
3.4.10 Absolute limits 110
3.4.11 Using a password manager 111
3.4.12 Will we ever get rid of passwords? 113
3.5 CAPTCHAs 115
3.6 Summary 116
Research problems 117
Further reading 118
Chapter 4 Protocols 119
4.1 Introduction 119
4.2 Password eavesdropping risks 120
4.3 Who goes there? - simple authentication 122
4.3.1 Challenge and response 124
4.3.2 Two-factor authentication 128
4.3.3 The MIG-in-the-middle attack 129
4.3.4 Reflection attacks 132
4.4 Manipulating the message 133
4.5 Changing the environment 134
4.6 Chosen protocol attacks 135
4.7 Managing encryption keys 136
4.7.1 The resurrecting duckling 137
4.7.2 Remote key management 137
4.7.3 The Needham-Schroeder protocol 138
4.7.4 Kerberos 139
4.7.5 Practical key management 141
4.8 Design assurance 141
4.9 Summary 143
Research problems 143
Further reading 144
Chapter 5 Cryptography 145
5.1 Introduction 145
5.2 Historical background 146
5.2.1 An early stream cipher - the Vigenère 147
5.2.2 The one-time pad 148
5.2.3 An early block cipher - Playfair 150
5.2.4 Hash functions 152
5.2.5 Asymmetric primitives 154
5.3 Security models 155
5.3.1 Random functions - hash functions 157
5.3.1.1 Properties 157
5.3.1.2 The birthday theorem 158
5.3.2 Random generators - stream ciphers 159
5.3.3 Random permutations - block ciphers 161
5.3.4 Public key encryption and trapdoor one-way permutations 163
5.3.5 Digital signatures 164
5.4 Symmetric crypto algorithms 165
5.4.1 SP-networks 165
5.4.1.1 Block size 166
5.4.1.2 Number of rounds 166
5.4.1.3 Choice of S-boxes 167
5.4.1.4 Linear cryptanalysis 167
5.4.1.5 Differential cryptanalysis 168
5.4.2 The Advanced Encryption Standard (AES) 169
5.4.3 Feistel ciphers 171
5.4.3.1 The Luby-Rackoff result 173
5.4.3.2 DES 173
5.5 Modes of operation 175
5.5.1 How not to use a block cipher 176
5.5.2 Cipher block chaining 177
5.5.3 Counter encryption 178
5.5.4 Legacy stream cipher modes 178
5.5.5 Message authentication code 179
5.5.6 Galois counter mode 180
5.5.7 XTS 180
5.6 Hash functions 181
5.6.1 Common hash functions 181
5.6.2 Hash function applications - HMAC, commitments and updating 183
5.7 Asymmetric crypto primitives 185
5.7.1 Cryptography based on factoring 185
5.7.2 Cryptography based on discrete logarithms 188
5.7.2.1 One-way commutative encryption 189
5.7.2.2 Diffie-Hellman key establishment 190
5.7.2.3 ElGamal digital signature and DSA 192
5.7.3 Elliptic curve cryptography 193
5.7.4 Certification authorities 194
5.7.5 TLS 195
5.7.5.1 TLS uses 196
5.7.5.2 TLS security 196
5.7.5.3 TLS 1.3 197
5.7.6 Other public-key protocols 197
5.7.6.1 Code signing 197
5.7.6.2 PGP/GPG 198
5.7.6.3 QUIC 199
5.7.7 Special-purpose primitives 199
5.7.8 How strong are asymmetric cryptographic primitives? 200
5.7.9 What else goes wrong 202
5.8 Summary 203
Research problems 204
Further reading 204
Chapter 6 Access Control 207
6.1 Introduction 207
6.2 Operating system access controls 209
6.2.1 Groups and roles 210
6.2.2 Access control lists 211
6.2.3 Unix operating system security 212
6.2.4 Capabilities 214
6.2.5 DAC and MAC 215
6.2.6 Apple's macOS 217
6.2.7 iOS 217
6.2.8 Android 218
6.2.9 Windows 219
6.2.10 Middleware 222
6.2.10.1 Database access controls 222
6.2.10.2 Browsers 223
6.2.11 Sandboxing 224
6.2.12 Virtualisation 225
6.3 Hardware protection 227
6.3.1 Intel processors 228
6.3.2 Arm processors 230
6.4 What goes wrong 231
6.4.1 Smashing the stack 232
6.4.2 Other technical attacks 234
6.4.3 User interface failures 236
6.4.4 Remedies 237
6.4.5 Environmental creep 238
6.5 Summary 239
Research problems 240
Further reading 240
Chapter 7 Distributed Systems 243
7.1 Introduction 243
7.2 Concurrency 244
7.2.1 Using old data versus paying to propagate state 245
7.2.2 Locking to prevent inconsistent updates 246
7.2.3 The order of updates 247
7.2.4 Deadlock 248
7.2.5 Non-convergent state 249
7.2.6 Secure time 250
7.3 Fault tolerance and failure recovery 251
7.3.1 Failure models 252
7.3.1.1 Byzantine failure 252
7.3.1.2 Interaction with fault tolerance 253
7.3.2 What is resilience for? 254
7.3.3 At what level is the redundancy? 255
7.3.4 Service-denial attacks 257
7.4 Naming 259
7.4.1 The Needham naming principles 260
7.4.2 What else goes wrong 263
7.4.2.1 Naming and identity 264
7.4.2.2 Cultural assumptions 265
7.4.2.3 Semantic content of names 267
7.4.2.4 Uniqueness of names 268
7.4.2.5 Stability of names and addresses 269
7.4.2.6 Restrictions on the use of names 269
7.4.3 Types of name 270
7.5 Summary 271
Research problems 272
Further reading 273
Chapter 8 Economics 275
8.1 Introduction 275
8.2 Classical economics 276
8.2.1 Monopoly 278
8.3 Information economics 281
8.3.1 Why information markets are different 281
8.3.2 The value of lock-in 282
8.3.3 Asymmetric information 284
8.3.4 Public goods 285
8.4 Game theory 286
8.4.1 The prisoners' dilemma 287
8.4.2 Repeated and evolutionary games 288
8.5 Auction theory 291
8.6 The economics of security and dependability 293
8.6.1 Why is Windows so insecure? 294
8.6.2 Managing the patching cycle 296
8.6.3 Structural models of attack and defence 298
8.6.4 The economics of lock-in, tying and DRM 300
8.6.5 Antitrust law and competition policy 302
8.6.6 Perversely motivated guards 304
8.6.7 Economics of privacy 305
8.6.8 Organisations and human behaviour 307
8.6.9 Economics of cybercrime 308
8.7 Summary 310
Research problems 311
Further reading 311
Part II
Chapter 9 Multilevel Security 315
9.1 Introduction 315
9.2 What is a security policy model? 316
9.3 Multilevel security policy 318
9.3.1 The Anderson report 319
9.3.2 The Bell-LaPadula model 320
9.3.3 The standard criticisms of Bell-LaPadula 321
9.3.4 The evolution of MLS policies 323
9.3.5 The Biba model 325
9.4 Historical examples of MLS systems 326
9.4.1 SCOMP 326
9.4.2 Data diodes 327
9.5 MAC: from MLS to IFC and integrity 329
9.5.1 Windows 329
9.5.2 SELinux 330
9.5.3 Embedded systems 330
9.6 What goes wrong 331
9.6.1 Composability 331
9.6.2 The cascade problem 332
9.6.3 Covert channels 333
9.6.4 The threat from malware 333
9.6.5 Polyinstantiation 334
9.6.6 Practical problems with MLS 335
9.7 Summary 337
Research problems 338
Further reading 339
Chapter 10 Boundaries 341
10.1 Introduction 341
10.2 Compartmentation and the lattice model 344
10.3 Privacy for tigers 346
10.4 Health record privacy 349
10.4.1 The threat model 351
10.4.2 The BMA security policy 353
10.4.3 First practical steps 356
10.4.4 What actually goes wrong 357
10.4.4.1 Emergency care 358
10.4.4.2 Resilience 359
10.4.4.3 Secondary uses 359
10.4.5 Confidentiality - the future 362
10.4.6 Ethics 365
10.4.7 Social care and education 367
10.4.8 The Chinese Wall 369
10.5...
Preface to the Second Edition xli
Preface to the First Edition xliii
Formy daughter, and other lawyers... xlvii
Foreword xlix
Part I
Chapter 1 What Is Security Engineering? 3
1.1 Introduction 3
1.2 A framework 4
1.3 Example 1 - a bank 6
1.4 Example 2 - a military base 7
1.5 Example 3 - a hospital 8
1.6 Example 4 - the home 10
1.7 Definitions 11
1.8 Summary 16
Chapter 2 Who Is the Opponent? 17
2.1 Introduction 17
2.2 Spies 19
2.2.1 The Five Eyes 19
2.2.1.1 Prism 19
2.2.1.2 Tempora 20
2.2.1.3 Muscular 21
2.2.1.4 Special collection 22
2.2.1.5 Bullrun and Edgehill 22
2.2.1.6 Xkeyscore 23
2.2.1.7 Longhaul 24
2.2.1.8 Quantum 25
2.2.1.9 CNE 25
2.2.1.10 The analyst's viewpoint 27
2.2.1.11 Offensive operations 28
2.2.1.12 Attack scaling 29
2.2.2 China 30
2.2.3 Russia 35
2.2.4 The rest 38
2.2.5 Attribution 40
2.3 Crooks 41
2.3.1 Criminal infrastructure 42
2.3.1.1 Botnet herders 42
2.3.1.2 Malware devs 44
2.3.1.3 Spam senders 45
2.3.1.4 Bulk account compromise 45
2.3.1.5 Targeted attackers 46
2.3.1.6 Cashout gangs 46
2.3.1.7 Ransomware 47
2.3.2 Attacks on banking and payment systems 47
2.3.3 Sectoral cybercrime ecosystems 49
2.3.4 Internal attacks 49
2.3.5 CEO crimes 49
2.3.6 Whistleblowers 50
2.4 Geeks 52
2.5 The swamp 53
2.5.1 Hacktivism and hate campaigns 54
2.5.2 Child sex abuse material 55
2.5.3 School and workplace bullying 57
2.5.4 Intimate relationship abuse 57
2.6 Summary 59
Research problems 60
Further reading 61
Chapter 3 Psychology and Usability 63
3.1 Introduction 63
3.2 Insights from psychology research 64
3.2.1 Cognitive psychology 65
3.2.2 Gender, diversity and interpersonal variation 68
3.2.3 Social psychology 70
3.2.3.1 Authority and its abuse 71
3.2.3.2 The bystander effect 72
3.2.4 The social-brain theory of deception 73
3.2.5 Heuristics, biases and behavioural economics 76
3.2.5.1 Prospect theory and risk misperception 77
3.2.5.2 Present bias and hyperbolic discounting 78
3.2.5.3 Defaults and nudges 79
3.2.5.4 The default to intentionality 79
3.2.5.5 The affect heuristic 80
3.2.5.6 Cognitive dissonance 81
3.2.5.7 The risk thermostat 81
3.3 Deception in practice 81
3.3.1 The salesman and the scamster 82
3.3.2 Social engineering 84
3.3.3 Phishing 86
3.3.4 Opsec 88
3.3.5 Deception research 89
3.4 Passwords 90
3.4.1 Password recovery 92
3.4.2 Password choice 94
3.4.3 Difficulties with reliable password entry 94
3.4.4 Difficulties with remembering the password 95
3.4.4.1 Naïve choice 96
3.4.4.2 User abilities and training 96
3.4.4.3 Design errors 98
3.4.4.4 Operational failures 100
3.4.4.5 Social-engineering attacks 101
3.4.4.6 Customer education 102
3.4.4.7 Phishing warnings 103
3.4.5 System issues 104
3.4.6 Can you deny service? 105
3.4.7 Protecting oneself or others? 105
3.4.8 Attacks on password entry 106
3.4.8.1 Interface design 106
3.4.8.2 Trusted path, and bogus terminals 107
3.4.8.3 Technical defeats of password retry counters 107
3.4.9 Attacks on password storage 108
3.4.9.1 One-way encryption 109
3.4.9.2 Password cracking 109
3.4.9.3 Remote password checking 109
3.4.10 Absolute limits 110
3.4.11 Using a password manager 111
3.4.12 Will we ever get rid of passwords? 113
3.5 CAPTCHAs 115
3.6 Summary 116
Research problems 117
Further reading 118
Chapter 4 Protocols 119
4.1 Introduction 119
4.2 Password eavesdropping risks 120
4.3 Who goes there? - simple authentication 122
4.3.1 Challenge and response 124
4.3.2 Two-factor authentication 128
4.3.3 The MIG-in-the-middle attack 129
4.3.4 Reflection attacks 132
4.4 Manipulating the message 133
4.5 Changing the environment 134
4.6 Chosen protocol attacks 135
4.7 Managing encryption keys 136
4.7.1 The resurrecting duckling 137
4.7.2 Remote key management 137
4.7.3 The Needham-Schroeder protocol 138
4.7.4 Kerberos 139
4.7.5 Practical key management 141
4.8 Design assurance 141
4.9 Summary 143
Research problems 143
Further reading 144
Chapter 5 Cryptography 145
5.1 Introduction 145
5.2 Historical background 146
5.2.1 An early stream cipher - the Vigenère 147
5.2.2 The one-time pad 148
5.2.3 An early block cipher - Playfair 150
5.2.4 Hash functions 152
5.2.5 Asymmetric primitives 154
5.3 Security models 155
5.3.1 Random functions - hash functions 157
5.3.1.1 Properties 157
5.3.1.2 The birthday theorem 158
5.3.2 Random generators - stream ciphers 159
5.3.3 Random permutations - block ciphers 161
5.3.4 Public key encryption and trapdoor one-way permutations 163
5.3.5 Digital signatures 164
5.4 Symmetric crypto algorithms 165
5.4.1 SP-networks 165
5.4.1.1 Block size 166
5.4.1.2 Number of rounds 166
5.4.1.3 Choice of S-boxes 167
5.4.1.4 Linear cryptanalysis 167
5.4.1.5 Differential cryptanalysis 168
5.4.2 The Advanced Encryption Standard (AES) 169
5.4.3 Feistel ciphers 171
5.4.3.1 The Luby-Rackoff result 173
5.4.3.2 DES 173
5.5 Modes of operation 175
5.5.1 How not to use a block cipher 176
5.5.2 Cipher block chaining 177
5.5.3 Counter encryption 178
5.5.4 Legacy stream cipher modes 178
5.5.5 Message authentication code 179
5.5.6 Galois counter mode 180
5.5.7 XTS 180
5.6 Hash functions 181
5.6.1 Common hash functions 181
5.6.2 Hash function applications - HMAC, commitments and updating 183
5.7 Asymmetric crypto primitives 185
5.7.1 Cryptography based on factoring 185
5.7.2 Cryptography based on discrete logarithms 188
5.7.2.1 One-way commutative encryption 189
5.7.2.2 Diffie-Hellman key establishment 190
5.7.2.3 ElGamal digital signature and DSA 192
5.7.3 Elliptic curve cryptography 193
5.7.4 Certification authorities 194
5.7.5 TLS 195
5.7.5.1 TLS uses 196
5.7.5.2 TLS security 196
5.7.5.3 TLS 1.3 197
5.7.6 Other public-key protocols 197
5.7.6.1 Code signing 197
5.7.6.2 PGP/GPG 198
5.7.6.3 QUIC 199
5.7.7 Special-purpose primitives 199
5.7.8 How strong are asymmetric cryptographic primitives? 200
5.7.9 What else goes wrong 202
5.8 Summary 203
Research problems 204
Further reading 204
Chapter 6 Access Control 207
6.1 Introduction 207
6.2 Operating system access controls 209
6.2.1 Groups and roles 210
6.2.2 Access control lists 211
6.2.3 Unix operating system security 212
6.2.4 Capabilities 214
6.2.5 DAC and MAC 215
6.2.6 Apple's macOS 217
6.2.7 iOS 217
6.2.8 Android 218
6.2.9 Windows 219
6.2.10 Middleware 222
6.2.10.1 Database access controls 222
6.2.10.2 Browsers 223
6.2.11 Sandboxing 224
6.2.12 Virtualisation 225
6.3 Hardware protection 227
6.3.1 Intel processors 228
6.3.2 Arm processors 230
6.4 What goes wrong 231
6.4.1 Smashing the stack 232
6.4.2 Other technical attacks 234
6.4.3 User interface failures 236
6.4.4 Remedies 237
6.4.5 Environmental creep 238
6.5 Summary 239
Research problems 240
Further reading 240
Chapter 7 Distributed Systems 243
7.1 Introduction 243
7.2 Concurrency 244
7.2.1 Using old data versus paying to propagate state 245
7.2.2 Locking to prevent inconsistent updates 246
7.2.3 The order of updates 247
7.2.4 Deadlock 248
7.2.5 Non-convergent state 249
7.2.6 Secure time 250
7.3 Fault tolerance and failure recovery 251
7.3.1 Failure models 252
7.3.1.1 Byzantine failure 252
7.3.1.2 Interaction with fault tolerance 253
7.3.2 What is resilience for? 254
7.3.3 At what level is the redundancy? 255
7.3.4 Service-denial attacks 257
7.4 Naming 259
7.4.1 The Needham naming principles 260
7.4.2 What else goes wrong 263
7.4.2.1 Naming and identity 264
7.4.2.2 Cultural assumptions 265
7.4.2.3 Semantic content of names 267
7.4.2.4 Uniqueness of names 268
7.4.2.5 Stability of names and addresses 269
7.4.2.6 Restrictions on the use of names 269
7.4.3 Types of name 270
7.5 Summary 271
Research problems 272
Further reading 273
Chapter 8 Economics 275
8.1 Introduction 275
8.2 Classical economics 276
8.2.1 Monopoly 278
8.3 Information economics 281
8.3.1 Why information markets are different 281
8.3.2 The value of lock-in 282
8.3.3 Asymmetric information 284
8.3.4 Public goods 285
8.4 Game theory 286
8.4.1 The prisoners' dilemma 287
8.4.2 Repeated and evolutionary games 288
8.5 Auction theory 291
8.6 The economics of security and dependability 293
8.6.1 Why is Windows so insecure? 294
8.6.2 Managing the patching cycle 296
8.6.3 Structural models of attack and defence 298
8.6.4 The economics of lock-in, tying and DRM 300
8.6.5 Antitrust law and competition policy 302
8.6.6 Perversely motivated guards 304
8.6.7 Economics of privacy 305
8.6.8 Organisations and human behaviour 307
8.6.9 Economics of cybercrime 308
8.7 Summary 310
Research problems 311
Further reading 311
Part II
Chapter 9 Multilevel Security 315
9.1 Introduction 315
9.2 What is a security policy model? 316
9.3 Multilevel security policy 318
9.3.1 The Anderson report 319
9.3.2 The Bell-LaPadula model 320
9.3.3 The standard criticisms of Bell-LaPadula 321
9.3.4 The evolution of MLS policies 323
9.3.5 The Biba model 325
9.4 Historical examples of MLS systems 326
9.4.1 SCOMP 326
9.4.2 Data diodes 327
9.5 MAC: from MLS to IFC and integrity 329
9.5.1 Windows 329
9.5.2 SELinux 330
9.5.3 Embedded systems 330
9.6 What goes wrong 331
9.6.1 Composability 331
9.6.2 The cascade problem 332
9.6.3 Covert channels 333
9.6.4 The threat from malware 333
9.6.5 Polyinstantiation 334
9.6.6 Practical problems with MLS 335
9.7 Summary 337
Research problems 338
Further reading 339
Chapter 10 Boundaries 341
10.1 Introduction 341
10.2 Compartmentation and the lattice model 344
10.3 Privacy for tigers 346
10.4 Health record privacy 349
10.4.1 The threat model 351
10.4.2 The BMA security policy 353
10.4.3 First practical steps 356
10.4.4 What actually goes wrong 357
10.4.4.1 Emergency care 358
10.4.4.2 Resilience 359
10.4.4.3 Secondary uses 359
10.4.5 Confidentiality - the future 362
10.4.6 Ethics 365
10.4.7 Social care and education 367
10.4.8 The Chinese Wall 369
10.5...
Details
| Erscheinungsjahr: | 2021 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Buch |
| Seiten: | 1182 |
| Inhalt: |
XLVIII
1184 S. |
| ISBN-13: | 9781119642787 |
| ISBN-10: | 1119642787 |
| Sprache: | Englisch |
| Herstellernummer: | 1W119642780 |
| Einband: | Gebunden |
| Autor: | Anderson, Ross |
| Auflage: | 3. Auflage |
| Hersteller: | Wiley John + Sons |
| Maße: | 244 x 200 x 57 mm |
| Von/Mit: | Ross Anderson |
| Erscheinungsdatum: | 26.01.2021 |
| Gewicht: | 2,13 kg |
Über den Autor
ROSS ANDERSON is Professor of Security Engineering at Cambridge University in England. He is widely recognized as one of the world's foremost authorities on security. In 2015 he won the Lovelace Medal, Britain's top award in computing. He is a Fellow of the Royal Society and the Royal Academy of Engineering. He is one of the pioneers of the economics of information security, peer-to-peer systems, API analysis and hardware security. Over the past 40 years, he has also worked or consulted for most of the tech majors.
Inhaltsverzeichnis
Preface to the Third Edition xxxvii
Preface to the Second Edition xli
Preface to the First Edition xliii
Formy daughter, and other lawyers... xlvii
Foreword xlix
Part I
Chapter 1 What Is Security Engineering? 3
1.1 Introduction 3
1.2 A framework 4
1.3 Example 1 - a bank 6
1.4 Example 2 - a military base 7
1.5 Example 3 - a hospital 8
1.6 Example 4 - the home 10
1.7 Definitions 11
1.8 Summary 16
Chapter 2 Who Is the Opponent? 17
2.1 Introduction 17
2.2 Spies 19
2.2.1 The Five Eyes 19
2.2.1.1 Prism 19
2.2.1.2 Tempora 20
2.2.1.3 Muscular 21
2.2.1.4 Special collection 22
2.2.1.5 Bullrun and Edgehill 22
2.2.1.6 Xkeyscore 23
2.2.1.7 Longhaul 24
2.2.1.8 Quantum 25
2.2.1.9 CNE 25
2.2.1.10 The analyst's viewpoint 27
2.2.1.11 Offensive operations 28
2.2.1.12 Attack scaling 29
2.2.2 China 30
2.2.3 Russia 35
2.2.4 The rest 38
2.2.5 Attribution 40
2.3 Crooks 41
2.3.1 Criminal infrastructure 42
2.3.1.1 Botnet herders 42
2.3.1.2 Malware devs 44
2.3.1.3 Spam senders 45
2.3.1.4 Bulk account compromise 45
2.3.1.5 Targeted attackers 46
2.3.1.6 Cashout gangs 46
2.3.1.7 Ransomware 47
2.3.2 Attacks on banking and payment systems 47
2.3.3 Sectoral cybercrime ecosystems 49
2.3.4 Internal attacks 49
2.3.5 CEO crimes 49
2.3.6 Whistleblowers 50
2.4 Geeks 52
2.5 The swamp 53
2.5.1 Hacktivism and hate campaigns 54
2.5.2 Child sex abuse material 55
2.5.3 School and workplace bullying 57
2.5.4 Intimate relationship abuse 57
2.6 Summary 59
Research problems 60
Further reading 61
Chapter 3 Psychology and Usability 63
3.1 Introduction 63
3.2 Insights from psychology research 64
3.2.1 Cognitive psychology 65
3.2.2 Gender, diversity and interpersonal variation 68
3.2.3 Social psychology 70
3.2.3.1 Authority and its abuse 71
3.2.3.2 The bystander effect 72
3.2.4 The social-brain theory of deception 73
3.2.5 Heuristics, biases and behavioural economics 76
3.2.5.1 Prospect theory and risk misperception 77
3.2.5.2 Present bias and hyperbolic discounting 78
3.2.5.3 Defaults and nudges 79
3.2.5.4 The default to intentionality 79
3.2.5.5 The affect heuristic 80
3.2.5.6 Cognitive dissonance 81
3.2.5.7 The risk thermostat 81
3.3 Deception in practice 81
3.3.1 The salesman and the scamster 82
3.3.2 Social engineering 84
3.3.3 Phishing 86
3.3.4 Opsec 88
3.3.5 Deception research 89
3.4 Passwords 90
3.4.1 Password recovery 92
3.4.2 Password choice 94
3.4.3 Difficulties with reliable password entry 94
3.4.4 Difficulties with remembering the password 95
3.4.4.1 Naïve choice 96
3.4.4.2 User abilities and training 96
3.4.4.3 Design errors 98
3.4.4.4 Operational failures 100
3.4.4.5 Social-engineering attacks 101
3.4.4.6 Customer education 102
3.4.4.7 Phishing warnings 103
3.4.5 System issues 104
3.4.6 Can you deny service? 105
3.4.7 Protecting oneself or others? 105
3.4.8 Attacks on password entry 106
3.4.8.1 Interface design 106
3.4.8.2 Trusted path, and bogus terminals 107
3.4.8.3 Technical defeats of password retry counters 107
3.4.9 Attacks on password storage 108
3.4.9.1 One-way encryption 109
3.4.9.2 Password cracking 109
3.4.9.3 Remote password checking 109
3.4.10 Absolute limits 110
3.4.11 Using a password manager 111
3.4.12 Will we ever get rid of passwords? 113
3.5 CAPTCHAs 115
3.6 Summary 116
Research problems 117
Further reading 118
Chapter 4 Protocols 119
4.1 Introduction 119
4.2 Password eavesdropping risks 120
4.3 Who goes there? - simple authentication 122
4.3.1 Challenge and response 124
4.3.2 Two-factor authentication 128
4.3.3 The MIG-in-the-middle attack 129
4.3.4 Reflection attacks 132
4.4 Manipulating the message 133
4.5 Changing the environment 134
4.6 Chosen protocol attacks 135
4.7 Managing encryption keys 136
4.7.1 The resurrecting duckling 137
4.7.2 Remote key management 137
4.7.3 The Needham-Schroeder protocol 138
4.7.4 Kerberos 139
4.7.5 Practical key management 141
4.8 Design assurance 141
4.9 Summary 143
Research problems 143
Further reading 144
Chapter 5 Cryptography 145
5.1 Introduction 145
5.2 Historical background 146
5.2.1 An early stream cipher - the Vigenère 147
5.2.2 The one-time pad 148
5.2.3 An early block cipher - Playfair 150
5.2.4 Hash functions 152
5.2.5 Asymmetric primitives 154
5.3 Security models 155
5.3.1 Random functions - hash functions 157
5.3.1.1 Properties 157
5.3.1.2 The birthday theorem 158
5.3.2 Random generators - stream ciphers 159
5.3.3 Random permutations - block ciphers 161
5.3.4 Public key encryption and trapdoor one-way permutations 163
5.3.5 Digital signatures 164
5.4 Symmetric crypto algorithms 165
5.4.1 SP-networks 165
5.4.1.1 Block size 166
5.4.1.2 Number of rounds 166
5.4.1.3 Choice of S-boxes 167
5.4.1.4 Linear cryptanalysis 167
5.4.1.5 Differential cryptanalysis 168
5.4.2 The Advanced Encryption Standard (AES) 169
5.4.3 Feistel ciphers 171
5.4.3.1 The Luby-Rackoff result 173
5.4.3.2 DES 173
5.5 Modes of operation 175
5.5.1 How not to use a block cipher 176
5.5.2 Cipher block chaining 177
5.5.3 Counter encryption 178
5.5.4 Legacy stream cipher modes 178
5.5.5 Message authentication code 179
5.5.6 Galois counter mode 180
5.5.7 XTS 180
5.6 Hash functions 181
5.6.1 Common hash functions 181
5.6.2 Hash function applications - HMAC, commitments and updating 183
5.7 Asymmetric crypto primitives 185
5.7.1 Cryptography based on factoring 185
5.7.2 Cryptography based on discrete logarithms 188
5.7.2.1 One-way commutative encryption 189
5.7.2.2 Diffie-Hellman key establishment 190
5.7.2.3 ElGamal digital signature and DSA 192
5.7.3 Elliptic curve cryptography 193
5.7.4 Certification authorities 194
5.7.5 TLS 195
5.7.5.1 TLS uses 196
5.7.5.2 TLS security 196
5.7.5.3 TLS 1.3 197
5.7.6 Other public-key protocols 197
5.7.6.1 Code signing 197
5.7.6.2 PGP/GPG 198
5.7.6.3 QUIC 199
5.7.7 Special-purpose primitives 199
5.7.8 How strong are asymmetric cryptographic primitives? 200
5.7.9 What else goes wrong 202
5.8 Summary 203
Research problems 204
Further reading 204
Chapter 6 Access Control 207
6.1 Introduction 207
6.2 Operating system access controls 209
6.2.1 Groups and roles 210
6.2.2 Access control lists 211
6.2.3 Unix operating system security 212
6.2.4 Capabilities 214
6.2.5 DAC and MAC 215
6.2.6 Apple's macOS 217
6.2.7 iOS 217
6.2.8 Android 218
6.2.9 Windows 219
6.2.10 Middleware 222
6.2.10.1 Database access controls 222
6.2.10.2 Browsers 223
6.2.11 Sandboxing 224
6.2.12 Virtualisation 225
6.3 Hardware protection 227
6.3.1 Intel processors 228
6.3.2 Arm processors 230
6.4 What goes wrong 231
6.4.1 Smashing the stack 232
6.4.2 Other technical attacks 234
6.4.3 User interface failures 236
6.4.4 Remedies 237
6.4.5 Environmental creep 238
6.5 Summary 239
Research problems 240
Further reading 240
Chapter 7 Distributed Systems 243
7.1 Introduction 243
7.2 Concurrency 244
7.2.1 Using old data versus paying to propagate state 245
7.2.2 Locking to prevent inconsistent updates 246
7.2.3 The order of updates 247
7.2.4 Deadlock 248
7.2.5 Non-convergent state 249
7.2.6 Secure time 250
7.3 Fault tolerance and failure recovery 251
7.3.1 Failure models 252
7.3.1.1 Byzantine failure 252
7.3.1.2 Interaction with fault tolerance 253
7.3.2 What is resilience for? 254
7.3.3 At what level is the redundancy? 255
7.3.4 Service-denial attacks 257
7.4 Naming 259
7.4.1 The Needham naming principles 260
7.4.2 What else goes wrong 263
7.4.2.1 Naming and identity 264
7.4.2.2 Cultural assumptions 265
7.4.2.3 Semantic content of names 267
7.4.2.4 Uniqueness of names 268
7.4.2.5 Stability of names and addresses 269
7.4.2.6 Restrictions on the use of names 269
7.4.3 Types of name 270
7.5 Summary 271
Research problems 272
Further reading 273
Chapter 8 Economics 275
8.1 Introduction 275
8.2 Classical economics 276
8.2.1 Monopoly 278
8.3 Information economics 281
8.3.1 Why information markets are different 281
8.3.2 The value of lock-in 282
8.3.3 Asymmetric information 284
8.3.4 Public goods 285
8.4 Game theory 286
8.4.1 The prisoners' dilemma 287
8.4.2 Repeated and evolutionary games 288
8.5 Auction theory 291
8.6 The economics of security and dependability 293
8.6.1 Why is Windows so insecure? 294
8.6.2 Managing the patching cycle 296
8.6.3 Structural models of attack and defence 298
8.6.4 The economics of lock-in, tying and DRM 300
8.6.5 Antitrust law and competition policy 302
8.6.6 Perversely motivated guards 304
8.6.7 Economics of privacy 305
8.6.8 Organisations and human behaviour 307
8.6.9 Economics of cybercrime 308
8.7 Summary 310
Research problems 311
Further reading 311
Part II
Chapter 9 Multilevel Security 315
9.1 Introduction 315
9.2 What is a security policy model? 316
9.3 Multilevel security policy 318
9.3.1 The Anderson report 319
9.3.2 The Bell-LaPadula model 320
9.3.3 The standard criticisms of Bell-LaPadula 321
9.3.4 The evolution of MLS policies 323
9.3.5 The Biba model 325
9.4 Historical examples of MLS systems 326
9.4.1 SCOMP 326
9.4.2 Data diodes 327
9.5 MAC: from MLS to IFC and integrity 329
9.5.1 Windows 329
9.5.2 SELinux 330
9.5.3 Embedded systems 330
9.6 What goes wrong 331
9.6.1 Composability 331
9.6.2 The cascade problem 332
9.6.3 Covert channels 333
9.6.4 The threat from malware 333
9.6.5 Polyinstantiation 334
9.6.6 Practical problems with MLS 335
9.7 Summary 337
Research problems 338
Further reading 339
Chapter 10 Boundaries 341
10.1 Introduction 341
10.2 Compartmentation and the lattice model 344
10.3 Privacy for tigers 346
10.4 Health record privacy 349
10.4.1 The threat model 351
10.4.2 The BMA security policy 353
10.4.3 First practical steps 356
10.4.4 What actually goes wrong 357
10.4.4.1 Emergency care 358
10.4.4.2 Resilience 359
10.4.4.3 Secondary uses 359
10.4.5 Confidentiality - the future 362
10.4.6 Ethics 365
10.4.7 Social care and education 367
10.4.8 The Chinese Wall 369
10.5...
Preface to the Second Edition xli
Preface to the First Edition xliii
Formy daughter, and other lawyers... xlvii
Foreword xlix
Part I
Chapter 1 What Is Security Engineering? 3
1.1 Introduction 3
1.2 A framework 4
1.3 Example 1 - a bank 6
1.4 Example 2 - a military base 7
1.5 Example 3 - a hospital 8
1.6 Example 4 - the home 10
1.7 Definitions 11
1.8 Summary 16
Chapter 2 Who Is the Opponent? 17
2.1 Introduction 17
2.2 Spies 19
2.2.1 The Five Eyes 19
2.2.1.1 Prism 19
2.2.1.2 Tempora 20
2.2.1.3 Muscular 21
2.2.1.4 Special collection 22
2.2.1.5 Bullrun and Edgehill 22
2.2.1.6 Xkeyscore 23
2.2.1.7 Longhaul 24
2.2.1.8 Quantum 25
2.2.1.9 CNE 25
2.2.1.10 The analyst's viewpoint 27
2.2.1.11 Offensive operations 28
2.2.1.12 Attack scaling 29
2.2.2 China 30
2.2.3 Russia 35
2.2.4 The rest 38
2.2.5 Attribution 40
2.3 Crooks 41
2.3.1 Criminal infrastructure 42
2.3.1.1 Botnet herders 42
2.3.1.2 Malware devs 44
2.3.1.3 Spam senders 45
2.3.1.4 Bulk account compromise 45
2.3.1.5 Targeted attackers 46
2.3.1.6 Cashout gangs 46
2.3.1.7 Ransomware 47
2.3.2 Attacks on banking and payment systems 47
2.3.3 Sectoral cybercrime ecosystems 49
2.3.4 Internal attacks 49
2.3.5 CEO crimes 49
2.3.6 Whistleblowers 50
2.4 Geeks 52
2.5 The swamp 53
2.5.1 Hacktivism and hate campaigns 54
2.5.2 Child sex abuse material 55
2.5.3 School and workplace bullying 57
2.5.4 Intimate relationship abuse 57
2.6 Summary 59
Research problems 60
Further reading 61
Chapter 3 Psychology and Usability 63
3.1 Introduction 63
3.2 Insights from psychology research 64
3.2.1 Cognitive psychology 65
3.2.2 Gender, diversity and interpersonal variation 68
3.2.3 Social psychology 70
3.2.3.1 Authority and its abuse 71
3.2.3.2 The bystander effect 72
3.2.4 The social-brain theory of deception 73
3.2.5 Heuristics, biases and behavioural economics 76
3.2.5.1 Prospect theory and risk misperception 77
3.2.5.2 Present bias and hyperbolic discounting 78
3.2.5.3 Defaults and nudges 79
3.2.5.4 The default to intentionality 79
3.2.5.5 The affect heuristic 80
3.2.5.6 Cognitive dissonance 81
3.2.5.7 The risk thermostat 81
3.3 Deception in practice 81
3.3.1 The salesman and the scamster 82
3.3.2 Social engineering 84
3.3.3 Phishing 86
3.3.4 Opsec 88
3.3.5 Deception research 89
3.4 Passwords 90
3.4.1 Password recovery 92
3.4.2 Password choice 94
3.4.3 Difficulties with reliable password entry 94
3.4.4 Difficulties with remembering the password 95
3.4.4.1 Naïve choice 96
3.4.4.2 User abilities and training 96
3.4.4.3 Design errors 98
3.4.4.4 Operational failures 100
3.4.4.5 Social-engineering attacks 101
3.4.4.6 Customer education 102
3.4.4.7 Phishing warnings 103
3.4.5 System issues 104
3.4.6 Can you deny service? 105
3.4.7 Protecting oneself or others? 105
3.4.8 Attacks on password entry 106
3.4.8.1 Interface design 106
3.4.8.2 Trusted path, and bogus terminals 107
3.4.8.3 Technical defeats of password retry counters 107
3.4.9 Attacks on password storage 108
3.4.9.1 One-way encryption 109
3.4.9.2 Password cracking 109
3.4.9.3 Remote password checking 109
3.4.10 Absolute limits 110
3.4.11 Using a password manager 111
3.4.12 Will we ever get rid of passwords? 113
3.5 CAPTCHAs 115
3.6 Summary 116
Research problems 117
Further reading 118
Chapter 4 Protocols 119
4.1 Introduction 119
4.2 Password eavesdropping risks 120
4.3 Who goes there? - simple authentication 122
4.3.1 Challenge and response 124
4.3.2 Two-factor authentication 128
4.3.3 The MIG-in-the-middle attack 129
4.3.4 Reflection attacks 132
4.4 Manipulating the message 133
4.5 Changing the environment 134
4.6 Chosen protocol attacks 135
4.7 Managing encryption keys 136
4.7.1 The resurrecting duckling 137
4.7.2 Remote key management 137
4.7.3 The Needham-Schroeder protocol 138
4.7.4 Kerberos 139
4.7.5 Practical key management 141
4.8 Design assurance 141
4.9 Summary 143
Research problems 143
Further reading 144
Chapter 5 Cryptography 145
5.1 Introduction 145
5.2 Historical background 146
5.2.1 An early stream cipher - the Vigenère 147
5.2.2 The one-time pad 148
5.2.3 An early block cipher - Playfair 150
5.2.4 Hash functions 152
5.2.5 Asymmetric primitives 154
5.3 Security models 155
5.3.1 Random functions - hash functions 157
5.3.1.1 Properties 157
5.3.1.2 The birthday theorem 158
5.3.2 Random generators - stream ciphers 159
5.3.3 Random permutations - block ciphers 161
5.3.4 Public key encryption and trapdoor one-way permutations 163
5.3.5 Digital signatures 164
5.4 Symmetric crypto algorithms 165
5.4.1 SP-networks 165
5.4.1.1 Block size 166
5.4.1.2 Number of rounds 166
5.4.1.3 Choice of S-boxes 167
5.4.1.4 Linear cryptanalysis 167
5.4.1.5 Differential cryptanalysis 168
5.4.2 The Advanced Encryption Standard (AES) 169
5.4.3 Feistel ciphers 171
5.4.3.1 The Luby-Rackoff result 173
5.4.3.2 DES 173
5.5 Modes of operation 175
5.5.1 How not to use a block cipher 176
5.5.2 Cipher block chaining 177
5.5.3 Counter encryption 178
5.5.4 Legacy stream cipher modes 178
5.5.5 Message authentication code 179
5.5.6 Galois counter mode 180
5.5.7 XTS 180
5.6 Hash functions 181
5.6.1 Common hash functions 181
5.6.2 Hash function applications - HMAC, commitments and updating 183
5.7 Asymmetric crypto primitives 185
5.7.1 Cryptography based on factoring 185
5.7.2 Cryptography based on discrete logarithms 188
5.7.2.1 One-way commutative encryption 189
5.7.2.2 Diffie-Hellman key establishment 190
5.7.2.3 ElGamal digital signature and DSA 192
5.7.3 Elliptic curve cryptography 193
5.7.4 Certification authorities 194
5.7.5 TLS 195
5.7.5.1 TLS uses 196
5.7.5.2 TLS security 196
5.7.5.3 TLS 1.3 197
5.7.6 Other public-key protocols 197
5.7.6.1 Code signing 197
5.7.6.2 PGP/GPG 198
5.7.6.3 QUIC 199
5.7.7 Special-purpose primitives 199
5.7.8 How strong are asymmetric cryptographic primitives? 200
5.7.9 What else goes wrong 202
5.8 Summary 203
Research problems 204
Further reading 204
Chapter 6 Access Control 207
6.1 Introduction 207
6.2 Operating system access controls 209
6.2.1 Groups and roles 210
6.2.2 Access control lists 211
6.2.3 Unix operating system security 212
6.2.4 Capabilities 214
6.2.5 DAC and MAC 215
6.2.6 Apple's macOS 217
6.2.7 iOS 217
6.2.8 Android 218
6.2.9 Windows 219
6.2.10 Middleware 222
6.2.10.1 Database access controls 222
6.2.10.2 Browsers 223
6.2.11 Sandboxing 224
6.2.12 Virtualisation 225
6.3 Hardware protection 227
6.3.1 Intel processors 228
6.3.2 Arm processors 230
6.4 What goes wrong 231
6.4.1 Smashing the stack 232
6.4.2 Other technical attacks 234
6.4.3 User interface failures 236
6.4.4 Remedies 237
6.4.5 Environmental creep 238
6.5 Summary 239
Research problems 240
Further reading 240
Chapter 7 Distributed Systems 243
7.1 Introduction 243
7.2 Concurrency 244
7.2.1 Using old data versus paying to propagate state 245
7.2.2 Locking to prevent inconsistent updates 246
7.2.3 The order of updates 247
7.2.4 Deadlock 248
7.2.5 Non-convergent state 249
7.2.6 Secure time 250
7.3 Fault tolerance and failure recovery 251
7.3.1 Failure models 252
7.3.1.1 Byzantine failure 252
7.3.1.2 Interaction with fault tolerance 253
7.3.2 What is resilience for? 254
7.3.3 At what level is the redundancy? 255
7.3.4 Service-denial attacks 257
7.4 Naming 259
7.4.1 The Needham naming principles 260
7.4.2 What else goes wrong 263
7.4.2.1 Naming and identity 264
7.4.2.2 Cultural assumptions 265
7.4.2.3 Semantic content of names 267
7.4.2.4 Uniqueness of names 268
7.4.2.5 Stability of names and addresses 269
7.4.2.6 Restrictions on the use of names 269
7.4.3 Types of name 270
7.5 Summary 271
Research problems 272
Further reading 273
Chapter 8 Economics 275
8.1 Introduction 275
8.2 Classical economics 276
8.2.1 Monopoly 278
8.3 Information economics 281
8.3.1 Why information markets are different 281
8.3.2 The value of lock-in 282
8.3.3 Asymmetric information 284
8.3.4 Public goods 285
8.4 Game theory 286
8.4.1 The prisoners' dilemma 287
8.4.2 Repeated and evolutionary games 288
8.5 Auction theory 291
8.6 The economics of security and dependability 293
8.6.1 Why is Windows so insecure? 294
8.6.2 Managing the patching cycle 296
8.6.3 Structural models of attack and defence 298
8.6.4 The economics of lock-in, tying and DRM 300
8.6.5 Antitrust law and competition policy 302
8.6.6 Perversely motivated guards 304
8.6.7 Economics of privacy 305
8.6.8 Organisations and human behaviour 307
8.6.9 Economics of cybercrime 308
8.7 Summary 310
Research problems 311
Further reading 311
Part II
Chapter 9 Multilevel Security 315
9.1 Introduction 315
9.2 What is a security policy model? 316
9.3 Multilevel security policy 318
9.3.1 The Anderson report 319
9.3.2 The Bell-LaPadula model 320
9.3.3 The standard criticisms of Bell-LaPadula 321
9.3.4 The evolution of MLS policies 323
9.3.5 The Biba model 325
9.4 Historical examples of MLS systems 326
9.4.1 SCOMP 326
9.4.2 Data diodes 327
9.5 MAC: from MLS to IFC and integrity 329
9.5.1 Windows 329
9.5.2 SELinux 330
9.5.3 Embedded systems 330
9.6 What goes wrong 331
9.6.1 Composability 331
9.6.2 The cascade problem 332
9.6.3 Covert channels 333
9.6.4 The threat from malware 333
9.6.5 Polyinstantiation 334
9.6.6 Practical problems with MLS 335
9.7 Summary 337
Research problems 338
Further reading 339
Chapter 10 Boundaries 341
10.1 Introduction 341
10.2 Compartmentation and the lattice model 344
10.3 Privacy for tigers 346
10.4 Health record privacy 349
10.4.1 The threat model 351
10.4.2 The BMA security policy 353
10.4.3 First practical steps 356
10.4.4 What actually goes wrong 357
10.4.4.1 Emergency care 358
10.4.4.2 Resilience 359
10.4.4.3 Secondary uses 359
10.4.5 Confidentiality - the future 362
10.4.6 Ethics 365
10.4.7 Social care and education 367
10.4.8 The Chinese Wall 369
10.5...
Details
| Erscheinungsjahr: | 2021 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Buch |
| Seiten: | 1182 |
| Inhalt: |
XLVIII
1184 S. |
| ISBN-13: | 9781119642787 |
| ISBN-10: | 1119642787 |
| Sprache: | Englisch |
| Herstellernummer: | 1W119642780 |
| Einband: | Gebunden |
| Autor: | Anderson, Ross |
| Auflage: | 3. Auflage |
| Hersteller: | Wiley John + Sons |
| Maße: | 244 x 200 x 57 mm |
| Von/Mit: | Ross Anderson |
| Erscheinungsdatum: | 26.01.2021 |
| Gewicht: | 2,13 kg |
Warnhinweis
Ähnliche Produkte
Taschenbuch
Lieferzeit 1-2 Werktage
Buch
Taschenbuch
Lieferzeit 1-2 Werktage
Taschenbuch
Lieferzeit 4-7 Werktage
Taschenbuch
Lieferzeit 4-7 Werktage
Taschenbuch
Lieferzeit 1-2 Werktage
Taschenbuch
Taschenbuch
Lieferzeit 1-2 Werktage
Taschenbuch
Lieferzeit 1-2 Wochen
Taschenbuch
Lieferzeit 1-2 Werktage
Taschenbuch
Neu
Lieferzeit 1-2 Wochen