Computer Security

<>Computer Security: Principles and Practice

William Stallings and Lawrie Brown

 

A thorough, up-to-date survey of the entire discipline of computer security.

 

Security experts William Stallings and Lawrie Brown provide a comprehensive survey of computer security threats, technical approaches to the detection and prevention of security attacks, software security issues, and management issues.

 

Throughout, the authors focus on core principles, showing how they unify the field of computer securuity and demonstrating their applications in real-world systems and networks. They examine alternate design approaches to meeting security requirements and illuminate the standards that are central to today's security solutions.

 

Ideal for both academic and professional audiences, Computer Security offers exceptional clarity, careful organization, and extensive pedagogical support - including hundreds of carefully crafted practice problems.

 

COVERAGE

• Security technologies and principles, including cryptography, authentication, and access control
• Threats and countermeasures, from detecting intruders to countering DOS attacks
• Trusted computing and multilevel security
• Secure software: avoiding buffer overflows, malicious input, and other weaknesses
• Linux and Windows security models
• Managing security: physical security, training, audits, policies, and more
• Computer crime, intellectual property, privacy, and ethics
• Cryptographic algorithms, including public-key cryptography
• Internet security: SSL, TLS, IP security, S/MIME, Kerberos, X.509, and federatetd identity management

KEY FEATURES

• Strong coverage of unifying principles and design techniques
• Dozens of figures and tables that clarify key concepts
• Field-tested homework problems
• Extensive Web support at WilliamStallings.com/CompSec/CompSec1e.html
• Keyword/acronym lists, recommended readings, and glossary

About the Authors

 

William Stallings has won the Best Computer Science and Engineering Textbook award seven times. His Prentice Hall books include Operating Systems; Cryptography and Network Security; and Data and Computer Communications. Stallings consults widely with technology providers, customers, and researchers. He holds a Ph.D. in Computer Science from MIT. Dr. Lawrie Brown is Senior Lecturer at the School of Information Technology and Electrical Engineering at the University of New South Wales at the Australian Defence Force Academy, Canberra, Australia.

 

Comprehensive Web support at WilliamStallings.com

(Pearson)

Bli först med att recensera och betygsätt boken Computer Security - du kan vinna 200 kr varje månad i tävlingen "Månadens recension".

William Stallings has made a unique contribution to understanding the broad sweep of technical developments in computer networking and computer architecture. He has authored 17 titles, and counting revised editions, a total of 41 books on various aspects of these subjects. In over 20 years in the field, he has been a technical contributor, technical manager, and an executive with several high-technology firms. Currently he is an independent consultant whose clients have included computer and networking manufacturers and customers, software development firms, and leading-edge government research institutions. He is a member of the editorial board of Cryptologia, a scholarly journal devoted to all aspects of cryptology. He is a frequent lecturer and author of numerous technical papers. His books include Data and Computer Communications, Eighth Edition (Prentice Hall, 2007), which has become the standard in the field. Dr. Stallings holds a PhD from M.I.T. in Computer Science and a B.S. from Notre Dame in electrical engineering.

(Pearson)

Notation   Preface   Chapter 0 Reader's and Instructor's Guide

0.1  Outline of the Book

0.2 A Roadmap for Readers and Instructors

0.3 Internet and Web Resources

0.4  Standards

 

  Chapter 1 Overview

1.1 Computer Security Concepts

1.2 Threats, Attacks, and Assets

1.3  Security Functional Requirements

1.4 A Security Architecture for Open Systems

1.5 The Scope of Computer Security

1.6 Computer Security Trends

1.7  Computer Security Strategy

1.8  Recommended Reading and Web Sites

1.9  Key Terms, Review Questions, and Problems

Appendix 1A   Signficant Security Standards and Documents

 

  PART ONE  COMPUTER SECURITY TECHNOLOGY AND PRINCIPLES

 

Chapter 2 Cryptographic Tools

2.1 Confidentiality with Symmetric Encryption

2.2  Message Authentication and Hash Functions

2.3  Public-Key Encryption

2.4  Digital Signatures and Key Management

2.5  Random and Pseudorandom Numbers

2.6  Practical Application: Encryption of Stored Data

2.7  Recommended Reading and Web Sites

2.8  Key Terms, Review Questions, and Problems

 

Chapter 3 User Authentication

3.1 Means of Authentication

3.2  Password-Based Authentication

3.3  Token-Based Authentication

3.4  Biometric Authentication

3.5  Remote User Authentication

3.6  Security Issues for User Authentication

3.7  Practical Application: An Iris Biometric System

3.8  Case Study: Security Problems for ATM Systems

3.9  Recommended Reading and Web Sites

3.10 Key Terms, Review Questions, and Problems

 

Chapter 4 Access Control

4.1  Access Control Principles

4.2  Subjects, Objects, and Access Rights

4.3  Discretionary Access Control

4.4  Example: UNIX File Access Control

4.5  Role-Based Access Control

4.6  Case Study: RBAC System for a Bank

4.7  Recommended Reading and Web Sites

4.8  Key Terms, Review Questions, and Problems

 

Chapter 5 Database Security

5.1  Relational Databases

5.2  Database Access Control

5.3  Inference

5.4  Statistical Databases

5.5  Database Encryption

5.6  Recommended Reading

5.7  Key Terms, Review Questions, and Problems

 

  Chapter 6 Intrusion Detection

6.1  Intruders

6.2  Intrusion Detection

6.3  Host-Based Intrusion Detection

6.4  Distributed Host-Based Intrusion Detection

6.5  Network-Based Intrusion Detection

6.6  Distributed Adaptive Intrusion Detection

6.7  ...

(Pearson)