Computer Security: Art and Science, 2nd edition
Published by Addison-Wesley Professional (November 26, 2018) © 2019
- Matt Bishop University of California - Davis
eTextbook
- Available for purchase from all major ebook resellers, including InformIT.com.
- To request a review copy, click on the "Request a Review Copy" button.
- A print text (hardcover or paperback)Â
- Free shipping
- Also available for purchase as an ebook from all major ebook resellers, including InformIT.com
In this updated guide, University of California at Davis Computer Security Laboratory co-director Matt Bishop offers clear, rigorous, and thorough coverage of modern computer security. Reflecting dramatic growth in the quantity, complexity, and consequences of security incidents, Computer Security, Second Edition, links core principles with technologies, methodologies, and ideas that have emerged since the first edition’s publication.
Writing for advanced undergraduates and graduate students, Bishop covers foundational issues, policies, cryptography, systems design, assurance, and much more. He thoroughly addresses malware, vulnerability analysis, auditing, intrusion detection, and best-practice responses to attacks. In addition to new examples throughout, Bishop presents entirely new chapters on availability policy models and attack analysis.
- Understand computer security goals, problems, and challenges, and the deep links between theory and practice
- Learn how computer scientists seek to prove whether systems are secure
- Define security policies for confidentiality, integrity, availability, and more
- Analyze policies to reflect core questions of trust, and use them to constrain operations and change
- Implement cryptography as one component of a wider computer and network security strategy
- Use system-oriented techniques to establish effective security mechanisms, defining who can act and what they can do
- Set appropriate security goals for a system or product, and ascertain how well it meets them
- Recognize program flaws and malicious logic, and detect attackers seeking to exploit them
Four entirely new chapters have been added:
1. Availability Policies, covering early availability policies (usually oriented around ‘fairness’); generalized to ‘quality of service’ policies for defining availability; and encompassing ideas related to network defense, reliability, and performance.
2. Attack Analysis, covering diverse attacks, linking them to attack models, and examining detection and related forensic issues.3. Security Management, addressing the management of technology and policies for providing and assuring security, and presenting leading sets of management practices.
4. Electronic Voting, an ideal case study that integrates and applies policies, procedures, technology, and many other aspects of security in an important real world application.
Other notable updates include extensive revisions to the chapter on Malicious Logic to reflect newer malware threats and advances in anti-malware techniques and technologies. Examples and exercises will be updated or added as appropriate. For all chapters, ‘Research Issues’ and ‘Further Reading’ sections will be updated.
Preface xxix
Acknowledgments xlv
About the Author xlix
Â
Part I: Introduction 1
Â
Chapter 1: An Overview of Computer Security 3
1.1 The Basic Components 3
1.2 Threats 6
1.3 Policy and Mechanism 9
1.4 Assumptions and Trust 11
1.5 Assurance 12
1.6 Operational Issues 16
1.7 Human Issues 20
1.8 Tying It All Together 22
1.9 Summary 24
1.10 Research Issues 24
1.11 Further Reading 25
1.12 Exercises 25
Â
Part II: Foundations 29
Â
Chapter 2: Access Control Matrix 31
2.1 Protection State 31
2.2 Access Control Matrix Model 32
2.3 Protection State Transitions 37
2.4 Copying, Owning, and the Attenuation of Privilege 42
2.5 Summary 44
2.6 Research Issues 44
2.7 Further Reading 44
2.8 Exercises 45
Â
Chapter 3: Foundational Results 49
3.1 The General Question 49
3.2 Basic Results 51
3.3 The Take-Grant Protection Model 56
3.4 Closing the Gap: The Schematic Protection Model 68
3.5 Expressive Power and the Models 81
3.6 Comparing Security Properties of Models 94
3.7 Summary 101
3.8 Research Issues 102
3.9 Further Reading 102
3.10 Exercises 103
Â
Part III: Policy 107
Â
Chapter 4: Security Policies 109
4.1 The Nature of Security Policies 109
4.2 Types of Security Policies 113
4.3 The Role of Trust 115
4.4 Types of Access Control 117
4.5 Policy Languages 118
4.6 Example: Academic Computer Security Policy 126
4.7 Security and Precision 131
4.8 Summary 136
4.9 Research Issues 136
4.10 Further Reading 137
4.11 Exercises 138
Â
Chapter 5: Confidentiality Policies 141
5.1 Goals of Confidentiality Policies 141
5.2 The Bell-LaPadula Model 142
5.3 Tranquility 161
5.4 The Controversy over the Bell-LaPadula Model 164
5.5 Summary 169
5.6 Research Issues 169
5.7 Further Reading 170
5.8 Exercises 171
Â
Chapter 6: Integrity Policies 173
6.1 Goals 173
6.2 The Biba Model 175
6.3 Lipner’s Integrity Matrix Model 178
6.4 Clark-Wilson Integrity Model 183
6.5 Trust Models 189
6.6 Summary 196
6.7 Research Issues 196
6.8 Further Reading 197
6.9 Exercises 198
Â
Chapter 7: Availability Policies 201
7.1 Goals of Availability Policies 201
7.2 Deadlock 202
7.3 Denial of Service Models 203
7.4 Example: Availability and Network Flooding 215
7.5 Summary 222
7.6 Research Issues 222
7.7 Further Reading 223
7.8 Exercises 224
Â
Chapter 8: Hybrid Policies 227
8.1 Chinese Wall Model 227
8.2 Clinical Information Systems Security Policy 236
8.3 Originator Controlled Access Control 239
8.4 Role-Based Access Control 244
8.5 Break-the-Glass Policies 249
8.6 Summary 250
8.7 Research Issues 250
8.8 Further Reading 251
8.9 Exercises 252
Â
Chapter 9: Noninterference and Policy Composition 255
9.1 The Problem 255
9.2 Deterministic Noninterference 259
9.3 Nondeducibility 271
9.4 Generalized Noninterference 274
9.5 Restrictiveness 277
9.6 Side Channels and Deducibility 280
9.7 Summary 282
9.8 Research Issues 283
9.9 Further Reading 283
9.10 Exercises 285
Â
Part IV: Implementation I: Cryptography 287
Â
Chapter 10: Basic Cryptography 289
10.1 Cryptography 289
10.2 Symmetric Cryptosystems 291
10.3 Public Key Cryptography 306
10.4 Cryptographic Checksums 315
10.5 Digital Signatures 318
10.6 Summary 323
10.7 Research Issues 324
10.8 Further Reading 325
10.9 Exercises 326
Â
Chapter 11: Key Management 331
11.1 Session and Interchange Keys 332
11.2 Key Exchange 332
11.3 Key Generation 341
11.4 Cryptographic Key Infrastructures 343
11.5 Storing and Revoking Keys 353
11.6 Summary 359
11.7 Research Issues 360
11.8 Further Reading 361
11.9 Exercises 362
Â
Chapter 12: Cipher Techniques 367
12.1 Problems 367
12.2 Stream and Block Ciphers 370
12.3 Authenticated Encryption 377
12.4 Networks and Cryptography 381
12.5 Example Protocols 384
12.6 Summary 410
12.7 Research Issues 411
12.8 Further Reading 411
12.9 Exercises 413
Â
Chapter 13: Authentication 415
13.1 Authentication Basics 415
13.2 Passwords 416
13.3 Password Selection 418
13.4 Attacking Passwords 426
13.5 Password Aging 434
13.6 Challenge-Response 438
13.7 Biometrics 441
13.8 Location 445
13.9 Multifactor Authentication 446
13.10 Summary 448
13.11 Research Issues 449
13.12 Further Reading 450
13.13 Exercises 451
Â
Part V: Implementation II: Systems 453
Â
Chapter 14: Design Principles 455
14.1 Underlying Ideas 455
14.2 Principles of Secure Design 457
14.3 Summary 466
14.4 Research Issues 466
14.5 Further Reading 467
14.6 Exercises 468
Â
Chapter 15: Representing Identity 471
15.1 What Is Identity? 471
15.2 Files and Objects 472
15.3 Users 473
15.4 Groups and Roles 475
15.5 Naming and Certificates 476
15.6 Identity on the Web 484
15.7 Anonymity on the Web 490
15.8 Summary 501
15.9 Research Issues 502
15.10 Further Reading 503
15.11 Exercises 504
Â
Chapter 16: Access Control Mechanisms 507
16.1 Access Control Lists 507
16.2 Capabilities 518
16.3 Locks and Keys 526
16.4 Ring-Based Access Control 531
16.5 Propagated Access Control Lists 533
16.6 Summary 535
16.7 Research Issues 535
16.8 Further Reading 536
16.9 Exercises 536
Â
Chapter 17: Information Flow 539
17.1 Basics and Background 539
17.2 Nonlattice Information Flow Policies 542
17.3 Static Mechanisms 548
17.4 Dynamic Mechanisms 562
17.5 Integrity Mechanisms 566
17.6 Example Information Flow Controls 567
17.7 Summary 574
17.8 Research Issues 574
17.9 Further Reading 575
17.10 Exercises 576
Â
Chapter 18: Confinement Problem 579
18.1 The Confinement Problem 579
18.2 Isolation 582
18.3 Covert Channels 594
18.4 Summary 619
18.5 Research Issues 620
18.6 Further Reading 620
18.7 Exercises 622
Â
Part VI: Assurance 625
Contributed by Elisabeth Sullivan and Michelle Ruppel
Â
Chapter 19: Introduction to Assurance 627
19.1 Assurance and Trust 627
19.2 Building Secure and Trusted Systems 634
19.3 Summary 645
19.4 Research Issues 645
19.5 Further Reading 646
19.6 Exercises 647
Â
Chapter 20: Building Systems with Assurance 649
20.1 Assurance in Requirements Definition and Analysis 649
20.2 Assurance during System and Software Design 662
20.3 Assurance in Implementation and Integration 685
20.4 Assurance during Operation and Maintenance 695
20.5 Summary 696
20.6 Research Issues 696
20.7 Further Reading 697
20.8 Exercises 698
Â
Chapter 21: Formal Methods 699
21.1 Formal Verification Techniques 699
21.2 Formal Specification 702
21.3 Early Formal Verification Techniques 705
21.4 Current Verification Systems 713
21.5 Functional Programming Languages 721
21.6 Formally Verified Products 722
21.7 Summary 723
21.8 Research Issues 724
21.9 Further Reading 725
21.10 Exercises 725
Â
Chapter 22: Evaluating Systems 727
22.1 Goals of Formal Evaluation 727
22.2 TCSEC: 1983-1999 730
22.3 International Efforts and the ITSEC: 1991-2001 737
22.4 Commercial International Security Requirements: 1991 742
22.5 Other Commercial Efforts: Early 1990s 744
22.6 The Federal Criteria: 1992 744
22.7 FIPS 140: 1994-Present 746
22.8 The Common Criteria: 1998-Present 749
22.9 SSE-CMM: 1997-Present 765
22.10 Summary 768
22.11 Research Issues 769
22.12 Further Reading 769
22.13 Exercises 770
Â
Part VII: Special Topics 773
Â
Chapter 23: Malware 775
23.1 Introduction 775
23.2 Trojan Horses 776
23.3 Computer Viruses 780
23.4 Computer Worms 790
23.5 Bots and Botnets 793
23.6 Other Malware 796
23.7 Combinations 803
23.8 Theory of Computer Viruses 803
23.9 Defenses 808
23.10 Summary 820
23.11 Research Issues 820
23.12 Further Reading 821
23.13 Exercises 822
Â
Chapter 24: Vulnerability Analysis 825
24.1 Introduction 825
24.2 Penetration Studies 827
24.3 Vulnerability Classification 845
24.4 Frameworks 849
24.5 Standards 864
24.6 Gupta and Gligor’s Theory of Penetration Analysis 868
24.7 Summary 873
24.8 Research Issues 874
24.9 Further Reading 875
24.10 Exercises 876
Â
Chapter 25: Auditing 879
25.1 Definition 879
25.2 Anatomy of an Auditing System 880
25.3 Designing an Auditing System 884
25.4 A Posteriori Design 893
25.5 Auditing Mechanisms 897
25.6 Examples: Auditing File Systems 900
25.7 Summary 910
25.8 Research Issues 911
25.9 Further Reading 912
25.10 Exercises 913
Â
Chapter 26: Intrusion Detection 917
26.1 Principles 917
26.2 Basic Intrusion Detection 918
26.3 Models 920
26.4 Architecture 942
26.5 Organization of Intrusion Detection Systems 948
26.6 Summary 954
26.7 Research Issues 954
26.8 Further Reading 955
26.9 Exercises 956
Â
Chapter 27: Attacks and Responses 959
27.1 Attacks 959
27.2 Representing Attacks 960
27.3 Intrusion Response 971
27.4 Digital Forensics 987
27.5 Summary 996
27.6 Research Issues 997
27.7 Further Reading 998
27.8 Exercises 999
Â
Part VIII: Practicum 1003
Â
Chapter 28: Network Security 1005
28.1 Introduction 1005
28.2 Policy Development 1006
28.3 Network Organization 1011
28.4 Availability 1026
28.5 Anticipating Attacks 1027
28.6 Summary 1028
28.7 Research Issues 1028
28.8 Further Reading 1029
28.9 Exercises 1030
Â
Chapter 29: System Security 1035
29.1 Introduction 1035
29.2 Policy 1036
29.3 Networks 1042
29.4 Users 1048
29.5 Authentication 1053
29.6 Processes 1055
29.7 Files 1061
29.8 Retrospective 1066
29.9 Summary 1068
29.10 Research Issues 1068
29.11 Further Reading 1069
29.12 Exercises 1070
Â
Chapter 30: User Security 1073
30.1 Policy 1073
30.2 Access 1074
30.3 Files and Devices 1080
30.4 Processes 1087
30.5 Electronic Communications 1092
30.6 Summary 1094
30.7 Research Issues 1095
30.8 Further Reading 1095
30.9 Exercises 1096
Â
Chapter 31: Program Security 1099
31.1 Problem 1099
31.2 Requirements and Policy 1100
31.3 Design 1104
31.4 Refinement and Implementation 1111
31.5 Common Security-Related Programming Problems 1117
31.6 Testing, Maintenance, and Operation 1141
31.7 Distribution 1146
31.8 Summary 1147
31.9 Research Issues 1147
31.10 Further Reading 1148
31.11 Exercises 1148
Â
Part IX: Appendices 1151
Â
Appendix A: Lattices 1153
A.1 Basics 1153
A.2 Lattices 1154
A.3 Exercises 1155
Â
Appendix B: The Extended Euclidean Algorithm 1157
B.1 The Euclidean Algorithm 1157
B.2 The Extended Euclidean Algorithm 1158
B.3 Solving ax mod n = 1 1160
B.4 Solving ax mod n = b 1161
B.5 Exercises 1161
Â
Appendix C: Entropy and Uncertainty 1163
C.1 Conditional and Joint Probability 1163
C.2 Entropy and Uncertainty 1165
C.3 Joint and Conditional Entropy 1166
C.4 Exercises 1169
Â
Appendix D: Virtual Machines 1171
D.1 Virtual Machine Structure 1171
D.2 Virtual Machine Monitor 1171
D.3 Exercises 1176
Â
Appendix E: Symbolic Logic 1179
E.1 Propositional Logic 1179
E.2 Predicate Logic 1184
E.3 Temporal Logic Systems 1186
E.4 Exercises 1188
Â
Appendix F: The Encryption Standards 1191
F.1 Data Encryption Standard 1191
F.2 Advanced Encryption Standard 1196
F.3 Exercises 1205
Â
Appendix G: Example Academic Security Policy 1207
G.1 Acceptable Use Policy 1207
G.2 University of California Electronic Communications Policy 1212
G.3 User Advisories 1234
G.4 Electronic Communications—Allowable Use 1241
Â
Appendix H: Programming Rules 1247
H.1 Implementation Rules 1247
H.2 Management Rules 1249
Â
References 1251
Index 1341
Need help? Get in touch