- Copyright
- Preface
- 1. Introduction
- 2. Foundations
- 2. Access Control Matrix
- 3. Foundational Results
- 3. Policy
- 4. Security Policies
- 5. Confidentiality Policies
- 5.1. Goals of Confidentiality Policies
- 5.2. The Bell-LaPadula Model
- 5.3. Tranquility
- 5.4. The Controversy over the Bell-LaPadula Model
- 5.5. Summary
- 5.6. Research Issues
- 5.7. Further Reading
- 5.8. Exercises
- 6. Integrity Policies
- 7. Hybrid Policies
- 8. Noninterference and Policy Composition
- 4. Implementation I: Cryptography
- 9. Basic Cryptography
- 10. Key Management
- 11. Cipher Techniques
- 11.1. Problems
- 11.2. Stream and Block Ciphers
- 11.3. Networks and Cryptography
- 11.4. Example Protocols
- 11.5. Summary
- 11.6. Research Issues
- 11.7. Further Reading
- 11.8. Exercises
- 12. Authentication
- 5. Implementation II: Systems
- 13. Design Principles
- 13.1. Overview
- 13.2. Design Principles
- 13.2.1. Principle of Least Privilege
- 13.2.2. Principle of Fail-Safe Defaults
- 13.2.3. Principle of Economy of Mechanism
- 13.2.4. Principle of Complete Mediation
- 13.2.5. Principle of Open Design
- 13.2.6. Principle of Separation of Privilege
- 13.2.7. Principle of Least Common Mechanism
- 13.2.8. Principle of Psychological Acceptability
- 13.3. Summary
- 13.4. Research Issues
- 13.5. Further Reading
- 13.6. Exercises
- 14. Representing Identity
- 15. Access Control Mechanisms
- 15.1. Access Control Lists
- 15.2. Capabilities
- 15.3. Locks and Keys
- 15.4. Ring-Based Access Control
- 15.5. Propagated Access Control Lists
- 15.6. Summary
- 15.7. Research Issues
- 15.8. Further Reading
- 15.9. Exercises
- 16. Information Flow
- 16.1. Basics and Background
- 16.2. Nonlattice Information Flow Policies
- 16.3. Compiler-Based Mechanisms
- 16.4. Execution-Based Mechanisms
- 16.5. Example Information Flow Controls
- 16.6. Summary
- 16.7. Research Issues
- 16.8. Further Reading
- 16.9. Exercises
- 17. Confinement Problem
- 13. Design Principles
- 6. Assurance
- 18. Introduction to Assurance
- 19. Building Systems with Assurance
- 19.1. Assurance in Requirements Definition and Analysis
- 19.2. Assurance During System and Software Design
- 19.3. Assurance in Implementation and Integration
- 19.4. Assurance During Operation and Maintenance
- 19.5. Summary
- 19.6. Research Issues
- 19.7. Further Reading
- 19.8. Exercises
- 20. Formal Methods
- 20.1. Formal Verification Techniques
- 20.2. Formal Specification
- 20.3. Early Formal Verification Techniques
- 20.4. Current Verification Systems
- 20.5. Summary
- 20.6. Research Issues
- 20.7. Further Reading
- 20.8. Exercises
- 21. Evaluating Systems
- 21.1. Goals of Formal Evaluation
- 21.2. TCSEC: 1983–1999
- 21.3. International Efforts and the ITSEC: 1991–2001
- 21.4. Commercial International Security Requirements: 1991
- 21.5. Other Commercial Efforts: Early 1990s
- 21.6. The Federal Criteria: 1992
- 21.7. FIPS 140: 1994–Present
- 21.8. The Common Criteria: 1998–Present
- 21.9. SSE-CMM: 1997–Present
- 21.10. Summary
- 21.11. Research Issues
- 21.12. Further Reading
- 21.13. Exercises
- 7. Special Topics
- 22. Malicious Logic
- 22.1. Introduction
- 22.2. Trojan Horses
- 22.3. Computer Viruses
- 22.4. Computer Worms
- 22.5. Other Forms of Malicious Logic
- 22.6. Theory of Malicious Logic
- 22.7. Defenses
- 22.7.1. Malicious Logic Acting as Both Data and Instructions
- 22.7.2. Malicious Logic Assuming the Identity of a User
- 22.7.3. Malicious Logic Crossing Protection Domain Boundaries by Sharing
- 22.7.4. Malicious Logic Altering Files
- 22.7.5. Malicious Logic Performing Actions Beyond Specification
- 22.7.6. Malicious Logic Altering Statistical Characteristics
- 22.7.7. The Notion of Trust
- 22.8. Summary
- 22.9. Research Issues
- 22.10. Further Reading
- 22.11. Exercises
- 23. Vulnerability Analysis
- 23.1. Introduction
- 23.2. Penetration Studies
- 23.2.1. Goals
- 23.2.2. Layering of Tests
- 23.2.3. Methodology at Each Layer
- 23.2.4. Flaw Hypothesis Methodology
- 23.2.5. Example: Penetration of the Michigan Terminal System
- 23.2.6. Example: Compromise of a Burroughs System
- 23.2.7. Example: Penetration of a Corporate Computer System
- 23.2.8. Example: Penetrating a UNIX System
- 23.2.9. Example: Penetrating a Windows NT System
- 23.2.10. Debate
- 23.2.11. Conclusion
- 23.3. Vulnerability Classification
- 23.4. Frameworks
- 23.5. Gupta and Gligor's Theory of Penetration Analysis
- 23.6. Summary
- 23.7. Research Issues
- 23.8. Further Reading
- 23.9. Exercises
- 24. Auditing
- 25. Intrusion Detection
- 22. Malicious Logic
- 8. Practicum
- 26. Network Security
- 26.1. Introduction
- 26.2. Policy Development
- 26.3. Network Organization
- 26.4. Availability and Network Flooding
- 26.5. Anticipating Attacks
- 26.6. Summary
- 26.7. Research Issues
- 26.8. Further Reading
- 26.9. Exercises
- 27. System Security
- 28. User Security
- 29. Program Security
- 29.1. Introduction
- 29.2. Requirements and Policy
- 29.3. Design
- 29.4. Refinement and Implementation
- 29.5. Common Security-Related Programming Problems
- 29.5.1. Improper Choice of Initial Protection Domain
- 29.5.2. Improper Isolation of Implementation Detail
- 29.5.3. Improper Change
- 29.5.4. Improper Naming
- 29.5.5. Improper Deallocation or Deletion
- 29.5.6. Improper Validation
- 29.5.7. Improper Indivisibility
- 29.5.8. Improper Sequencing
- 29.5.9. Improper Choice of Operand or Operation
- 29.5.10. Summary
- 29.6. Testing, Maintenance, and Operation
- 29.7. Distribution
- 29.8. Conclusion
- 29.9. Summary
- 29.10. Research Issues
- 29.11. Further Reading
- 29.12. Exercises
- 26. Network Security
- 9. End Matter
- 30. Lattices
- 31. The Extended Euclidean Algorithm
- 32. Entropy and Uncertainty
- 33. Virtual Machines
- 34. Symbolic Logic
- 35. Example Academic Security Policy
- 35.1. University of California E-mail Policy
- 35.1.1. Summary: E-mail Policy Highlights
- 35.1.2. University of California Electronic Mail Policy
- 35.1.2.1. Introduction
- 35.1.2.2. Purpose
- 35.1.2.3. Definitions
- 35.1.2.4. Scope
- 35.1.2.5. General Provisions
- 35.1.2.6. Specific Provisions
- 35.1.2.7. Policy Violations
- 35.1.2.8. Responsibility for Policy
- 35.1.2.9. Campus Responsibilities and Discretion
- 35.1.2.10. Appendix A—Definitions
- 35.1.2.11. Appendix B—References
- 35.1.2.12. Appendix C—Policies Relating to Nonconsensual Access
- 35.1.3. UC Davis Implementation of the Electronic Mail Policy
- 35.1.4. References and Related Policy
- 35.2. The Acceptable Use Policy for the University of California, Davis
- 35.1. University of California E-mail Policy
- Bibliography
Part 5 discusses noncryptographic implementation mechanisms. It focuses on the sharing of rights and information.
Chapter 13, “Design Principles,” presents eight basic design principles for security mechanisms. These principles underlie computer security mechanisms and apply to some extent to the policies that the mechanisms enforce.
Chapter 14, “Representing Identity,” discusses the representation of identity within a system. Identities include group and role representation of users, as well as the privileges they have or acquire.
Chapter 15, “Access Control Mechanisms,” presents the basic access control mechanisms and the various ways in which they are organized. These mechanisms can be discretionary or mandatory, and sometimes even based on the originator of a document.
Chapter 16, “Information Flow,” discusses mechanisms for analyzing and controlling the flow of information throughout a system. Both runtime mechanisms and compiler-based mechanisms allow such flows to be restricted.
Chapter 17, “Confinement Problem,” discusses the problem of containing data for authorized uses only. It presents sandboxes and covert channels.
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.