Security In Computing 2nd Edition

The classic guide to information security—fully updated for the latest attacks and countermeasures

Security in Computing, Third Edition systematically demonstrates how to control failures of confidentiality, integrity, and availability in applications, databases, operating systems, and networks alike.

This sweeping revision of the field's classic guide to computer security reflects today's entirely new generation of network- and Internet-based threats and vulnerabilities, and offers practical guidance for responding to them.

• Updated to cover wireless security, intrusion detection, AES, DRM, biometrics, honeypots, online privacy, and more
• Security in Internet-based, distributed, desktop and traditional centralized applications
• New attacks, including scripted vulnerability probing, denial of service, and buffer overflows—with symptoms and cures
• Clear, accessible introduction to cryptography—without sophisticated math
• Up-to-the-minute explanations of digital signatures, certificates, and leading-edge quantum cryptography
• Thoroughly revamped coverage of software engineering practices designed to enhance program security
• Expanded coverage of risk management, contingency planning, and security policies
• Detailed presentation of protection in general-purpose and trusted operating systems
• Extensive pedagogical resources: end-of-chapter reviews and exercises, lists of key terms, and authoritative references

Exceptionally clear and easy to understand, the book covers not only technical issues, but also law, privacy, ethics, and the physical and administrative aspects of security.

The companion website (http://www.phptr.com/pfleeger/) contains additional information, book updates, and instructor's resources.

Includes bibliographical references (p. 537-559) and index.

CHARLES P. PFLEEGER is a Master Security Architect for Cable & Wireless, the world's premier web hosting and Internet solutions provider. He regularly advises clients on secure design and implementation of network applications and architectures.

SHARI LAWRENCE PFLEEGER, senior researcher for RAND, is author of eight books on software engineering, measurement, and quality, including Software Engineering: Theory and Practice, Second Edition (Prentice Hall). She was named by The Journal of Systems and Software as one of the world's top software engineering researchers.

Foreword by Willis H. Ware.

Foreword.

Preface to the Third Edition.

1. Is There a Security Problem in Computing?

What Does “Secure” Mean? Attacks. The Meaning of Computer Security. Computer Criminals. Methods of Defense. What's Next. Summary. Terms and Concepts. Where the Field Is Headed. To Learn More. Exercises.

2. Elementary Cryptography.

Terminology and Background. Substitution Ciphers. Transposition (Permutations). Making “Good” Encryption Algorithms. The Data Encryption Standard (DES). The AES Encryption Algorithm. Public Key Encryption. The Uses of Encryption. Summary of Encryption. Terms and Concepts. Where the Field Is Headed. To Learn More. Exercises.

3. Program Security.

Secure Programs. Nonmalicious Program Errors. Viruses and Other Malicious Code. Targeted Malicious Code. Controls Against Program Threats. Summary of Program Threats and Controls. Terms and Concepts. Where the Field Is Headed. To Learn More. Exercises.

4. Protection in General-Purpose Operating Systems.

Protected Objects and Methods of Protection. Memory and Address Protection. Control of Access to General Objects. File Protection Mechanisms. User Authentication. Summary of Security for Users. Terms and Concepts. Where the Field Is Headed. To Learn More. Exercises.

5.Designing Trusted Operating Systems.

What Is a Trusted System? Security Policies. Models of Security. Trusted Operating System Design. Assurance in Trusted Operating Systems. Implementation Examples. Summary of Security in Operating Systems. Terms and Concepts. Where the Field Is Headed. To Learn More. Exercises.

6. Database Security.

Introduction to Databases. Security Requirements. Reliability and Integrity. Sensitive Data. Inference. Multilevel Databases. Proposals for Multilevel Security. Summary of Database Security. Terms and Concepts. Where the Field Is Headed. To Learn More. Exercises.

7. Security in Networks.

Network Concepts. Threats in Networks. Network Security Controls. Firewalls. Intrusion Detection Systems. Secure E-Mail. Summary of Network Security. Terms and Concepts. Where the Field Is Headed. To Learn More. Exercises.

8. Administering Security.

Security Planning. Risk Analysis. Organizational Security Policies. Physical Security. Summary. Terms and Concepts. To Learn More. Exercises.

9. Legal, Privacy, and Ethical Issues in Computer Security.

Protecting Programs and Data. Information and the Law. Rights of Employees and Employers. Software Failures. Computer Crime. Privacy. Ethical Issues in Computer Security. Case Studies of Ethics. Case I: Use of Computer Services. Case II: Privacy Rights. Case III: Denial of Service. Case IV: Ownership of Programs. Case V: Proprietary Resources. Case VI: Fraud. Case VII: Accuracy of Information. Case VIII: Ethics of Hacking or Cracking. Codes of Ethics. Conclusion of Computer Ethics. Terms and Concepts. To Learn More. Exercises.

10. Cryptography Explained.

Mathematics for Cryptography. Symmetric Encryption. Public Key Encryption Systems. Quantum Cryptography. Summary of Encryption. Terms and Concepts. Where the Field Is Headed. To Learn More. Exercises.

Bibliography.

Index.