In this authoritative book, widely respected practitioner and teacher Matt Bishop presents a clear and useful introduction to the art and science of information security. Bishop's insights and realistic examples will help any practitioner or student understand the crucial links between security theory and the day-to-day security challenges of IT environments.
Bishop explains the fundamentals of security: the different types of widely used policies, the mechanisms that implement these policies, the principles underlying both policies and mechanisms, and how attackers can subvert these tools--as well as how to defend against attackers. A practicum demonstrates how to apply these ideas and mechanisms to a realistic company.
Coverage includes
- Confidentiality, integrity, and availability
- Operational issues, cost-benefit and risk analyses, legal and
human factors
- Planning and implementing effective access control
- Defining security, confidentiality, and integrity policies
- Using cryptography and public-key systems, and recognizing
their limits
- Understanding and using authentication: from passwords to
biometrics
- Security design principles: least-privilege, fail-safe defaults,
open design, economy of mechanism, and more
- Controlling information flow through systems and networks
- Assuring security throughout the system lifecycle
- Malicious logic: Trojan horses, viruses, boot sector and
executable infectors, rabbits, bacteria, logic bombs--and
defenses against them
- Vulnerability analysis, penetration studies, auditing, and
intrusion detection and prevention
- Applying security principles to networks, systems, users, and
programs
Chapter 1 An Overview of Computer Security
Chapter 2 Access Control Matrix
Chapter 3 Foundational Results
Chapter 4 Security Policies
Chapter 5 Confidentiality Policies
Chapter 6 Integrity Policies
Chapter 7 Hybrid Policies
Chapter 8 Basic Cryptography
Chapter 9 Key Management
Chapter 10 Cipher Techniques
etc.