Fundamentals of Computer Security Technology

Edward Amoroso is a Distinguished Member of Technical Staff in the Secure Systems Department at AT&T Bell Laboratories. Dr. Amoroso's experience in secure systems design, development, and research has ranged from system and security engineering on the UNIX system V/MLS effort at Bell Labs to technical lead responsibilities in the development of the Trusted Software Methodology (TSM) for the U.S. Department of Defense (DoD). Dr. Amoroso also holds adjunct positions in the Computer Science Department at the Stevens Institute and the Software Engineering Department at Monmouth College.

 1. Threats to Computer Systems.


 2. Threat Trees.


 3. Categorization of Attacks.


 4. Trojan Horses and Viruses.


 5. Common Attack Methods.


 6. Security Labels.


 7. The Lattice of Security Labels.


 8. Security Policies.


 9. The Bell-Lapadula Disclosure Model.


10. BLM Analysis and Debate.


11. Non-Deductibility and Non-Interference Security.


12. The Biba Integrity Model.


13. The Clark-Wilson Integrity Model.


14. Denial of Service.


15. Safeguards and Countermeasures.


16. Auditing.


17. Intrusion Detection.


18. Identification and Authentication.


19. Passwords.


20. Encryption.


21. Key Management Protocols.


22. Access Control.


23. Covert Channels.


24. Composing Security.


25. Privileges and Roles.


26. Security Kernels.


27. Network Security.


28. Database Security.


29. Security Evaluation.


Annotated Bibliography.


25 Greatest Works in Computer Security.


Index.