Security in Computing

Charles P. Pfleeger is a master security architect at Exodus Communications, Inc. He has worked on security projects in Europe and Australia as well as in the USA. He has also spent 14 years as a professor of computer science at the University of Tennessee. Dr. Pfleeger is a graduate of Ohio Wesleyan University, and holds a Ph. D. in Computer Science from Pennsylvania State University.

Preface.


1. Is There a Security Problem in Computing?


Characteristics of Computer Intrusion. Kinds of Security Breaches. Security Goals and Vulnerabilities. The People Involved. Methods of Defense. Plan of Attack. Bibliographic Notes. Terms and Concepts. Exercises.



2. Basic Encryption and Decryption.


Terminology and Background. Monoalphabetic Ciphers (Substitutions). Polyalphabetic Substitution Ciphers. Transpositions (Permutations). Fractionated Morse. Stream and Block Ciphers. Characteristics of “Good” Ciphers. What the Cryptanalyst Has to Work With. Summary of Basic Encryption. Bibliographic Notes. Terms and Concepts. Exercises.



3. Secure Encryption Systems.


“Hard” Problems: Complexity. Properties of Arithmetic. Public Key Encryption Systems. Merkle—Hellman Knapsacks. Rivest—Shamir— Adelman (RSA) Encryption. El Gamal and Digital Signature Algorithms. Hash Algorithms. Secure Secret Key (Symmetric) Systems. The Data Encryption Standard (DES). Key Escrow and Clipper. The Clipper Program. Conclusions. Summary of Secure Encryption. Bibliographic Notes. Terms and Concepts. Exercises.



4. Using Encryption: Protocols and Practices.


Protocols: Orderly Behavior. How to Use Encryption. Enhancing Cryptographic Security. Modes of Encryption. Summary of Protocols and Practices. Bibliographic Notes. Terms and Concepts. Exercises.



5. Program Security.


Viruses and Other Malicious Code. Targeted Malicious Code. Controls Against Program Threats. Summary of Program Threats and Controls. Bibliographic Notes. Terms and Concepts. Exercises.



6. Protection in General-Purpose Operating Systems.


Protected Objects and Methods of Protection. Protecting Memory and Addressing. Protecting Access to General Objects. File Protection Mechanisms. User Authentication. Summary of Security for Users. Bibliographic Notes. Terms and Concepts. Exercises.



7. Designing Trusted Operating Systems.


What Is a Trusted System? Security Policies. Models of Security. Design of Trusted Operating Systems. Assurance in Trusted Operating Systems. Implementation Examples. Summary of Security in Operating Systems. Bibliographic Notes. Terms and Concepts. Exercises.



8. Data Base Security.


Introduction to Data Bases. Security Requirements. Reliability and Integrity. Sensitive Data. Inference Problem. Multilevel Data Bases. Proposals for Multilevel Security. Summary of Data Base Security. Bibliographic Notes. Terms and Concepts. Exercises.



9. Security in Networks and Distributed Systems.


Network Concepts. Threats in Networks. Network Security Controls. Privacy Enhanced Electronic Mail. Firewalls. Encrypting Gateway. Multilevel Security on Networks. Summary of Network Security. Bibliographic Notes. Terms and Concepts. Exercises.



10. Administering Security.


Personal Computer Security Management. UNIX Security Management. Network Security Management. Risk Analysis. Security Planning. Organizational Security Policies. Summary of Administering Security. Bibliographic Notes. Terms and Concepts. Exercises.



11. Legal and Ethical Issues in Computer Security.


Protecting Programs and Data. Information and the Law. Rights of Employees and Employers. Computer Crime. Ethical Issues in Computer Security. Ethical Reasoning. Electronic Privacy. Privacy of Electronic Data. Use of Encryption. Cryptographic Key Escrow. Case Studies of Ethics. Case Studies of Ethics. Codes of Ethics. Conclusion. Bibliographic Notes. Terms and Concepts.



Bibliography.


Index.