- Copyright
- Preface
- 1. Introduction
- 2. Foundations
- 2. Access Control Matrix
- 3. Foundational Results
- 3. Policy
- 4. Security Policies
- 5. Confidentiality Policies
- 5.1. Goals of Confidentiality Policies
- 5.2. The Bell-LaPadula Model
- 5.3. Tranquility
- 5.4. The Controversy over the Bell-LaPadula Model
- 5.5. Summary
- 5.6. Research Issues
- 5.7. Further Reading
- 5.8. Exercises
- 6. Integrity Policies
- 7. Hybrid Policies
- 8. Noninterference and Policy Composition
- 4. Implementation I: Cryptography
- 9. Basic Cryptography
- 10. Key Management
- 11. Cipher Techniques
- 11.1. Problems
- 11.2. Stream and Block Ciphers
- 11.3. Networks and Cryptography
- 11.4. Example Protocols
- 11.5. Summary
- 11.6. Research Issues
- 11.7. Further Reading
- 11.8. Exercises
- 12. Authentication
- 5. Implementation II: Systems
- 13. Design Principles
- 13.1. Overview
- 13.2. Design Principles
- 13.2.1. Principle of Least Privilege
- 13.2.2. Principle of Fail-Safe Defaults
- 13.2.3. Principle of Economy of Mechanism
- 13.2.4. Principle of Complete Mediation
- 13.2.5. Principle of Open Design
- 13.2.6. Principle of Separation of Privilege
- 13.2.7. Principle of Least Common Mechanism
- 13.2.8. Principle of Psychological Acceptability
- 13.3. Summary
- 13.4. Research Issues
- 13.5. Further Reading
- 13.6. Exercises
- 14. Representing Identity
- 15. Access Control Mechanisms
- 15.1. Access Control Lists
- 15.2. Capabilities
- 15.3. Locks and Keys
- 15.4. Ring-Based Access Control
- 15.5. Propagated Access Control Lists
- 15.6. Summary
- 15.7. Research Issues
- 15.8. Further Reading
- 15.9. Exercises
- 16. Information Flow
- 16.1. Basics and Background
- 16.2. Nonlattice Information Flow Policies
- 16.3. Compiler-Based Mechanisms
- 16.4. Execution-Based Mechanisms
- 16.5. Example Information Flow Controls
- 16.6. Summary
- 16.7. Research Issues
- 16.8. Further Reading
- 16.9. Exercises
- 17. Confinement Problem
- 13. Design Principles
- 6. Assurance
- 18. Introduction to Assurance
- 19. Building Systems with Assurance
- 19.1. Assurance in Requirements Definition and Analysis
- 19.2. Assurance During System and Software Design
- 19.3. Assurance in Implementation and Integration
- 19.4. Assurance During Operation and Maintenance
- 19.5. Summary
- 19.6. Research Issues
- 19.7. Further Reading
- 19.8. Exercises
- 20. Formal Methods
- 20.1. Formal Verification Techniques
- 20.2. Formal Specification
- 20.3. Early Formal Verification Techniques
- 20.4. Current Verification Systems
- 20.5. Summary
- 20.6. Research Issues
- 20.7. Further Reading
- 20.8. Exercises
- 21. Evaluating Systems
- 21.1. Goals of Formal Evaluation
- 21.2. TCSEC: 1983–1999
- 21.3. International Efforts and the ITSEC: 1991–2001
- 21.4. Commercial International Security Requirements: 1991
- 21.5. Other Commercial Efforts: Early 1990s
- 21.6. The Federal Criteria: 1992
- 21.7. FIPS 140: 1994–Present
- 21.8. The Common Criteria: 1998–Present
- 21.9. SSE-CMM: 1997–Present
- 21.10. Summary
- 21.11. Research Issues
- 21.12. Further Reading
- 21.13. Exercises
- 7. Special Topics
- 22. Malicious Logic
- 22.1. Introduction
- 22.2. Trojan Horses
- 22.3. Computer Viruses
- 22.4. Computer Worms
- 22.5. Other Forms of Malicious Logic
- 22.6. Theory of Malicious Logic
- 22.7. Defenses
- 22.7.1. Malicious Logic Acting as Both Data and Instructions
- 22.7.2. Malicious Logic Assuming the Identity of a User
- 22.7.3. Malicious Logic Crossing Protection Domain Boundaries by Sharing
- 22.7.4. Malicious Logic Altering Files
- 22.7.5. Malicious Logic Performing Actions Beyond Specification
- 22.7.6. Malicious Logic Altering Statistical Characteristics
- 22.7.7. The Notion of Trust
- 22.8. Summary
- 22.9. Research Issues
- 22.10. Further Reading
- 22.11. Exercises
- 23. Vulnerability Analysis
- 23.1. Introduction
- 23.2. Penetration Studies
- 23.2.1. Goals
- 23.2.2. Layering of Tests
- 23.2.3. Methodology at Each Layer
- 23.2.4. Flaw Hypothesis Methodology
- 23.2.5. Example: Penetration of the Michigan Terminal System
- 23.2.6. Example: Compromise of a Burroughs System
- 23.2.7. Example: Penetration of a Corporate Computer System
- 23.2.8. Example: Penetrating a UNIX System
- 23.2.9. Example: Penetrating a Windows NT System
- 23.2.10. Debate
- 23.2.11. Conclusion
- 23.3. Vulnerability Classification
- 23.4. Frameworks
- 23.5. Gupta and Gligor's Theory of Penetration Analysis
- 23.6. Summary
- 23.7. Research Issues
- 23.8. Further Reading
- 23.9. Exercises
- 24. Auditing
- 25. Intrusion Detection
- 22. Malicious Logic
- 8. Practicum
- 26. Network Security
- 26.1. Introduction
- 26.2. Policy Development
- 26.3. Network Organization
- 26.4. Availability and Network Flooding
- 26.5. Anticipating Attacks
- 26.6. Summary
- 26.7. Research Issues
- 26.8. Further Reading
- 26.9. Exercises
- 27. System Security
- 28. User Security
- 29. Program Security
- 29.1. Introduction
- 29.2. Requirements and Policy
- 29.3. Design
- 29.4. Refinement and Implementation
- 29.5. Common Security-Related Programming Problems
- 29.5.1. Improper Choice of Initial Protection Domain
- 29.5.2. Improper Isolation of Implementation Detail
- 29.5.3. Improper Change
- 29.5.4. Improper Naming
- 29.5.5. Improper Deallocation or Deletion
- 29.5.6. Improper Validation
- 29.5.7. Improper Indivisibility
- 29.5.8. Improper Sequencing
- 29.5.9. Improper Choice of Operand or Operation
- 29.5.10. Summary
- 29.6. Testing, Maintenance, and Operation
- 29.7. Distribution
- 29.8. Conclusion
- 29.9. Summary
- 29.10. Research Issues
- 29.11. Further Reading
- 29.12. Exercises
- 26. Network Security
- 9. End Matter
- 30. Lattices
- 31. The Extended Euclidean Algorithm
- 32. Entropy and Uncertainty
- 33. Virtual Machines
- 34. Symbolic Logic
- 35. Example Academic Security Policy
- 35.1. University of California E-mail Policy
- 35.1.1. Summary: E-mail Policy Highlights
- 35.1.2. University of California Electronic Mail Policy
- 35.1.2.1. Introduction
- 35.1.2.2. Purpose
- 35.1.2.3. Definitions
- 35.1.2.4. Scope
- 35.1.2.5. General Provisions
- 35.1.2.6. Specific Provisions
- 35.1.2.7. Policy Violations
- 35.1.2.8. Responsibility for Policy
- 35.1.2.9. Campus Responsibilities and Discretion
- 35.1.2.10. Appendix A—Definitions
- 35.1.2.11. Appendix B—References
- 35.1.2.12. Appendix C—Policies Relating to Nonconsensual Access
- 35.1.3. UC Davis Implementation of the Electronic Mail Policy
- 35.1.4. References and Related Policy
- 35.2. The Acceptable Use Policy for the University of California, Davis
- 35.1. University of California E-mail Policy
- Bibliography
Part 7 explores four topics that play important roles in computer security. They underlie the security of modern systems and networks.
Chapter 22, “Malicious Logic,” discusses programs set up by attackers to perform actions that violate the site's security policy. The programs act with the privileges of an authorized user but execute without that user's knowledge.
Chapter 23, “Vulnerability Analysis,” describes penetration testing. Although important as a standard a posteriori testing technique, penetration testing models the way attackers analyze a system when determining how best to attack it. The insight gained from this mode of thinking is invaluable to defenders. Chapter 23 also discusses models of vulnerabilities to gain insight into why they occur.
Chapter 24, “Auditing,” considers auditing and logging. These operations are important in the analysis of attacks. However, they introduce complexities, particularly in the areas of knowing what to log and how to correlate logs kept on different systems.
Chapter 25, “Intrusion Detection,” examines the different ways to detect and respond to various types of intrusions. Intrusion detection automates analysis of logs and systems to detect attacks and, in some cases, counter them.
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.