My Account Log in

1 option

The craft of system security

O'Reilly Online Learning: Academic/Public Library Edition Available online

View online
Format:
Book
Author/Creator:
Smith, Sean W, Author.
Contributor:
Marchesini, John, Contributor.
Language:
English
Subjects (All):
Computer security--Security measures.
Computer security.
System design.
Computer networks.
Physical Description:
1 online resource (592 pages)
Edition:
1st edition
Place of Publication:
[Place of publication not identified] Addison Wesley 2008
Language Note:
English
System Details:
text file
Summary:
"I believe The Craft of System Security is one of the best software security books on the market today. It has not only breadth, but depth, covering topics ranging from cryptography, networking, and operating systems--to the Web, computer-human interaction, and how to improve the security of software systems by improving hardware. Bottom line, this book should be required reading for all who plan to call themselves security practitioners, and an invaluable part of every university's computer science curriculum." --Edward Bonver, CISSP, Senior Software QA Engineer, Product Security, Symantec Corporation "Here's to a fun, exciting read: a unique book chock-full of practical examples of the uses and the misuses of computer security. I expect that it will motivate a good number of college students to want to learn more about the field, at the same time that it will satisfy the more experienced professional." --L. Felipe Perrone, Department of Computer Science, Bucknell University Whether you're a security practitioner, developer, manager, or administrator, this book will give you the deep understanding necessary to meet today's security challenges--and anticipate tomorrow's. Unlike most books, The Craft of System Security doesn't just review the modern security practitioner's toolkit: It explains why each tool exists, and discusses how to use it to solve real problems. After quickly reviewing the history of computer security, the authors move on to discuss the modern landscape, showing how security challenges and responses have evolved, and offering a coherent framework for understanding today's systems and vulnerabilities. Next, they systematically introduce the basic building blocks for securing contemporary systems, apply those building blocks to today's applications, and consider important emerging trends such as hardware-based security. After reading this book, you will be able to Understand the classic Orange Book approach to security, and its limitations Use operating system security tools and structures--with examples from Windows, Linux, BSD, and Solaris Learn how networking, the Web, and wireless technologies affect security Identify software security defects, from buffer overflows to development process flaws Understand cryptographic primitives and their use in secure systems Use best practice techniques for authenticating people and computer systems in diverse settings Use validation, standards, and testing to enhance confidence in a s...
Contents:
Cover
Contents
Preface
Acknowledgments
Part I: History
1 Introduction
1.1 The Standard Rubric
1.2 The Matrix
1.3 Other Views
1.4 Safe States and the Access Control Matrix
1.5 Other Hard Questions
1.6 The Take-Home Message
1.7 Project Ideas
2 The Old Testament
2.1 The Basic Framework
2.2 Security Models
2.3 The Orange Book
2.4 INFOSEC, OPSEC, JOBSEC
2.5 The Take-Home Message
2.6 Project Ideas
3 Old Principles, New World
3.1 Solving the Wrong Problem?
3.2 Lack of Follow-Through?
3.3 Too Unwieldy?
3.4 Saltzer and Schroeder
3.5 Modern Relevance
3.6 The Take-Home Message
3.7 Project Ideas
Part II: Security and the Modern Computing Landscape
4 OS Security
4.1 OS Background
4.2 OS Security Primitives and Principles
4.3 Real OSes: Everything but the Kitchen Sink
4.4 When the Foundation Cracks
4.5 Where Are We?
4.6 The Take-Home Message
4.7 Project Ideas
5 Network Security
5.1 Basic Framework
5.2 Protocols
5.3 The Network as a Battlefield
5.4 The Brave New World
5.5 The Take-Home Message
5.6 Project Ideas
6 Implementation Security
6.1 Buffer Overflow
6.2 Argument Validation and Other Mishaps
6.3 TOCTOU
6.4 Malware
6.5 Programming Language Security
6.6 Security in the Development Lifecycle
6.7 The Take-Home Message
6.8 Project Ideas
Part III: Building Blocks for Secure Systems
7 Using Cryptography
7.1 Framework and Terminology
7.2 Randomness
7.3 Symmetric Cryptography
7.4 Applications of Symmetric Cryptography
7.5 Public-Key Cryptography
7.6 Hash Functions
7.7 Practical Issues: Public Key
7.8 Past and Future
7.9 The Take-Home Message
7.10 Project Ideas
8 Subverting Cryptography
8.1 Breaking Symmetric Key without Brute Force.
8.2 Breaking Symmetric Key with Brute Force
8.3 Breaking Public Key without Factoring
8.4 Breaking Cryptography via the Real World
8.5 The Potential of Efficiently Factoring Moduli
8.6 The Take-Home Message
8.7 Project Ideas
9 Authentication
9.1 Basic Framework
9.2 Authenticating Humans
9.3 Human Factors
9.4 From the Machine's Point of View
9.5 Advanced Approaches
9.6 Case Studies
9.7 Broader Issues
9.8 The Take-Home Message
9.9 Project Ideas
10 Public Key Infrastructure
10.1 Basic Definitions
10.2 Basic Structure
10.3 Complexity Arrives
10.4 Multiple CAs
10.5 Revocation
10.6 The X.509 World
10.7 Dissent
10.8 Ongoing Trouble
10.9 The Take-Home Message
10.10 Project Ideas
11 Standards, Compliance, and Testing
11.1 Standards
11.2 Policy Compliance
11.3 Testing
11.4 The Take-Home Message
11.5 Project Ideas
Part IV: Applications
12 The Web and Security
12.1 Basic Structure
12.2 Security Techniques
12.3 Privacy Issues
12.4 Web Services
12.5 The Take-Home Message
12.6 Project Ideas
13 Office Tools and Security
13.1 Word
13.2 Lotus 1-2-3
13.3 PDF
13.4 Cut-and-Paste
13.5 PKI and Office Tools
13.6 Mental Models
13.7 The Take-Home Message
13.8 Project Ideas
14 Money, Time, Property
14.1 Money
14.2 Time
14.3 Property
14.4 The Take-Home Message
14.5 Project Ideas
Part V: Emerging Tools
15 Formal Methods and Security
15.1 Specification
15.2 Logics
15.3 Cranking the Handle
15.4 Case Studies
15.5 Spinning Your Bank Account
15.6 Limits
15.7 The Take-Home Message
15.8 Project Ideas
16 Hardware-Based Security
16.1 Data Remanence
16.2 Attacks and Defenses
16.3 Tools
16.4 Alternative Architectures
16.5 Coming Trends
16.6 The Take-Home Message.
16.7 Project Ideas
17 In Search of the Evil Bit
17.1 The AI Toolbox
17.2 Application Taxonomy
17.3 Case Study
17.4 Making it Real
17.5 The Take-Home Message
17.6 Project Ideas
18 Human Issues
18.1 The Last Mile
18.2 Design Principles
18.3 Other Human-Space Issues
18.4 Trust
18.5 The Take-Home Message
18.6 Project Ideas
The Take-Home Lesson
A: Exiled Theory
A.1 Relations, Orders, and Lattices
A.2 Functions
A.3 Computability Theory
A.4 Frameworks
A.5 Quantum Physics and Quantum Computation
Bibliography
Index.
Notes:
Bibliographic Level Mode of Issuance: Monograph
Includes bibliographical references and index.
Description based on publisher supplied metadata and other sources.
ISBN:
9786612648656
9781282648654
1282648659
9780321543707
032154370X
OCLC:
1027177578

The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.

Find

Home Release notes

My Account

Shelf Request an item Bookmarks Fines and fees Settings

Guides

Using the Find catalog Using Articles+ Using your account