Computer security: Principles & practice

In recent years, the need for education in computer security and related topics has grown dramatically and is essential for anyone studying Computer Science or Computer Engineering. This is the only text available to provide integrated, comprehensive, up-to-date coverage of the broad range of topics in this subject. In addition to an extensive pedagogical program, the book provides unparalleled support for both research and modeling projects, giving students a broader perspective. The password protected Instructor's Resource Center includes Power Point Lecture Slides, online transparencies, supplementary reading and assignments with instructor tips, a hacking exercice, solutions and lab exercices. Extensive author maintained websites for both students and instructors offer valuable Computer Security related links related to individual chapters in the book and other relevant downloads, and a moderated mailing list for instructors to exchange information, suggestions, and questions with each other and the author.

Notation Preface Chapter 0 Reader's and Instructor's Guide

0.1 Outline of the Book

0.2 A Roadmap for Readers and Instructors

0.3 Internet and Web Resources

0.4 Standards

Chapter 1 Overview

1.1 Computer Security Concepts

1.2 Threats, Attacks, and Assets

1.3 Security Functional Requirements

1.4 A Security Architecture for Open Systems

1.5 The Scope of Computer Security

1.6 Computer Security Trends

1.7 Computer Security Strategy

1.8 Recommended Reading and Web Sites

1.9 Key Terms, Review Questions, and Problems

Appendix 1A Signficant Security Standards and Documents

PART ONE COMPUTER SECURITY TECHNOLOGY AND PRINCIPLES

Chapter 2 Cryptographic Tools

2.1 Confidentiality with Symmetric Encryption

2.2 Message Authentication and Hash Functions

2.3 Public-Key Encryption

2.4 Digital Signatures and Key Management

2.5 Random and Pseudorandom Numbers

2.6 Practical Application: Encryption of Stored Data

2.7 Recommended Reading and Web Sites

2.8 Key Terms, Review Questions, and Problems

Chapter 3 User Authentication

3.1 Means of Authentication

3.2 Password-Based Authentication

3.3 Token-Based Authentication

3.4 Biometric Authentication

3.5 Remote User Authentication

3.6 Security Issues for User Authentication

3.7 Practical Application: An Iris Biometric System

3.8 Case Study: Security Problems for ATM Systems

3.9 Recommended Reading and Web Sites

3.10 Key Terms, Review Questions, and Problems

Chapter 4 Access Control

4.1 Access Control Principles

4.2 Subjects, Objects, and Access Rights

4.3 Discretionary Access Control

4.4 Example: UNIX File Access Control

4.5 Role-Based Access Control

4.6 Case Study: RBAC System for a Bank

4.7 Recommended Reading and Web Sites

4.8 Key Terms, Review Questions, and Problems

Chapter 5 Database Security

5.1 Relational Databases

5.2 Database Access Control

5.3 Inference

5.4 Statistical Databases

5.5 Database Encryption

5.6 Recommended Reading

5.7 Key Terms, Review Questions, and Problems

Chapter 6 Intrusion Detection

6.1 Intruders

6.2 Intrusion Detection

6.3 Host-Based Intrusion Detection

6.4 Distributed Host-Based Intrusion Detection

6.5 Network-Based Intrusion Detection

6.6 Distributed Adaptive Intrusion Detection

6.7 Intrustion Detection Exchange Format

6.8 Honeypots

6.9 Example System: Snort

6.10 Recommended Reading and Web Sites

6.11 Key Terms, Review Questions, and Problems

Appendix 6A:The Base-Rate Fallacy

Chapter 7 Malicious Software

7.1 Types of Malicious Software

7.2 Viruses

7.3 Virus Countermeasures

7.4 Worms

7.5 Bots

7.6 Rootkits

7.7 Recommended Reading and Web Sites

7.8 Key Terms, Review Questions, and Problems

Chapter 8 Denial of Service

8.1 Denial of Service Attacks

8.2 Flooding Attacks

8.3 Distributed Denial of Service Attacks

8.4 Reflector and Amplifier Attacks

8.5 Defenses Against Denial of Service Attacks

8.6 Responding to a Denial of Service Attack

8.7 Recommended Reading and Web Sites

8.8 Key Terms, Review Questions, and Problems

Chapter 9 Firewalls and Intrusion Prevention