Title Details

Chapter 1: Introduction.

1.1 Attacks and Attackers.

1.2 Security.

1.3 Security Management.

1.4 Risk and Threat Analysis.

1.5 Further Reading.

1.6 Exercises.

Chapter 2: Foundations of Computer Security.

2.1 Definitions.

2.2 The Fundamental Dilemma of Computer Security.

2.3 Data vs Information.

2.4 Principles of Computer Security.

2.5 The Layer Below.

2.6 Further Reading.

2.7 Exercises.

Chapter 3: Identification & Authentication.

3.1 Username and Password.

3.2 Managing Passwords.

3.3 Choosing Passwords.

3.4 Spoofing Attacks.

3.5 Protecting the Password File.

3.6 Single Sign-on.

3.7 Alternative Approaches.

3.8 Further Reading.

3.9 Exercises.

Chapter 4: Access Control.

4.1 Background.

4.2 Authentication and Authorization.

4.3 Access Operations.

4.4 Ownership.

4.5 Access Control Structures.

4.6 Intermediate Controls.

4.7 Partial Orderings.

4.8 Further Reading.

4.9 Exercises.

Chapter 5: Reference Monitors.

5.1 Introduction.

5.2 Operating System Integrity.

5.3 Hardware Security Features.

5.4 Protecting Memory.

5.5 Further Reading.

5.6 Exercises.

Chapter 6: Unix Security.

6.1 Introduction.

6.2 Principals.

6.3 Subjects.

6.4 Objects.

6.5 Access Control.

6.6 Instances of General Security Principles.

6.7 Management Issues.

6.8 Further Reading.

6.9 Exercises.

Chapter 7: Windows 2000 Security.

7.1 Introduction.

7.2 Access Control – Components.

7.3 Access Decisions.

7.4 Restricted Context.

7.5 Administration.

7.6 Further Reading.

7.7 Exercises.

Chapter 8: Bell-LaPadula Model.

8.1 State Machine Models.

8.2 The Bell-LaPadula Model.

8.3 The Multics Interpretation of BLP.

8.4 Further Reading.

8.5 Exercises.

Chapter 9: Security Models.

9.1 The Biba Model.

9.2 The Chinese Wall Model.

9.3 The Clark-Wilson Model.

9.4 The Harrison-Ruzzo-Ullman Model.

9.5 Information-Flow Models.

9.6 Execution Monitors.

9.7 Further Reading.

9.8 Exercises.

Chapter 10: Security Evaluation.

10.1 Introduction.

10.2 The Orange Book.

10.3 The Rainbow Series.

10.4 Information Technology Security Evaluation Criteria.

10.5 The Federal Criteria.

10.6 The Common Criteria.

10.7 Quality Standards.

10.8 An E_ort Well Spent?.

10.9 Further Reading.

10.10Exercises.

Chapter 11: Cryptography.

11.1 Introduction.

11.2 Modular Arithmetic.

11.3 Integrity Check Functions.

11.4 Digital Signatures.

11.5 Encryption.

11.6 Strength of Mechanisms.

11.7 Performance.

11.8 Further Reading.

11.9 Exercises.

Chapter 12: Authentication in Distributed Systems.

12.1 Introduction.

12.2 Key Establishment and Authentication.

12.3 Key Establishment Protocols.

12.4 Kerberos.

12.5 Public Key Infrastructures.

12.6 Trusted Computing – Attestation.

12.7 Further Reading.

12.8 Exercises.

Chapter 13: Network Security.

13.1 Introduction.

13.2 Protocol Design Principles.

13.3 IP Security.

13.4 SSL/TLS.

13.5 DNS.

13.6 Firewalls.

13.7 Intrusion Detection.

13.8 Further Reading.

13.9 Exercises.

Chapetr 14: Software Security.

14.1 Introduction.

14.2 Characters and Numbers.

14.3 Canonical Representations.

14.4 Memory Management.

14.5 Data and Code.

14.6 Race conditions.

14.7 Defences.

14.8 Further Reading.

14.9 Exercises.

Chapter 15: New Access Control Paradigms.

15.1 Introduction.

15.2 Code-based Access Control.

15.3 Java Security.

15.4 .NET Security Framework.

15.5 Cookies.

15.6 SPKI.

15.7 Trust Management.

15.8 Digital Rights Management.

15.9 Further Reading.

15.10Exercises.

Chapter 16: Mobility.

16.1 Introduction.

16.2 GSM.

16.3 UMTS.

16.4 Mobile IPv6 Security.

16.5 WLAN.

16.6 Bluetooth.

16.7 Further Reading.

16.8 Exercises.

Chapter 17: Database Security.

17.1 Introduction.

17.2 Relational Databases.

17.3 Access Control.

17.4 Statistical Database Security.

17.5 Integration with the Operating System.

17.6 Privacy.

Bibliography.

Index.