第1页 / 共978页
第2页 / 共978页
第3页 / 共978页
第4页 / 共978页
第5页 / 共978页
第6页 / 共978页
第7页 / 共978页
第8页 / 共978页
The Craft of System Security PDF英文版本.pdf
The Craft of System Security - Graphically Rich Book
Table of Contents
Copyright
List of Figures
Preface
Acknowledgments
About the Authors
Part I: History
Chapter 1. Introduction
Section 1.1. The Standard Rubric
Section 1.2. The Matrix
Section 1.3. Other Views
Section 1.4. Safe States and the Access Control Matrix
Section 1.5. Other Hard Questions
Section 1.6. The Take-Home Message
Section 1.7. Project Ideas
Chapter 2. The Old Testament
Section 2.1. The Basic Framework
Section 2.2. Security Models
Section 2.3. The Orange Book
Section 2.4. INFOSEC, OPSEC, JOBSEC
Section 2.5. The Take-Home Message
Section 2.6. Project Ideas
Chapter 3. Old Principles, New World
Section 3.1. Solving the Wrong Problem?
Section 3.2. Lack of Follow-Through?
Section 3.3. Too Unwieldy?
Section 3.4. Saltzer and Schroeder
Section 3.5. Modern Relevance
Section 3.6. The Take-Home Message
Section 3.7. Project Ideas
Part II: Security and the Modern Computing Landscape
Chapter 4. OS Security
Section 4.1. OS Background
Section 4.2. OS Security Primitives and Principles
Section 4.3. Real OSes: Everything but the Kitchen Sink
Section 4.4. When the Foundation Cracks
Section 4.5. Where Are We?
Section 4.6. The Take-Home Message
Section 4.7. Project Ideas
Chapter 5. Network Security
Section 5.1. Basic Framework
Section 5.2. Protocols
Section 5.3. The Network as a Battlefield
Section 5.4. The Brave New World
Section 5.5. The Take-Home Message
Section 5.6. Project Ideas
Chapter 6. Implementation Security
Section 6.1. Buffer Overflow
Section 6.2. Argument Validation and Other Mishaps
Section 6.3. TOCTOU
Section 6.4. Malware
Section 6.5. Programming Language Security
Section 6.6. Security in the Development Lifecycle
Section 6.7. The Take-Home Message
Section 6.8. Project Ideas
Part III: Building Blocks for Secure Systems
Chapter 7. Using Cryptography
Section 7.1. Framework and Terminology
Section 7.2. Randomness
Section 7.3. Symmetric Cryptography
Section 7.4. Applications of Symmetric Cryptography
Section 7.5. Public-Key Cryptography
Section 7.6. Hash Functions
Section 7.7. Practical Issues: Public Key
Section 7.8. Past and Future
Section 7.9. The Take-Home Message
Section 7.10. Project Ideas
Chapter 8. Subverting Cryptography
Section 8.1. Breaking Symmetric Key without Brute Force
Section 8.2. Breaking Symmetric Key with Brute Force
Section 8.3. Breaking Public Key without Factoring
Section 8.4. Breaking Cryptography via the Real World
Section 8.5. The Potential of Efficiently Factoring Moduli
Section 8.6. The Take-Home Message
Section 8.7. Project Ideas
Chapter 9. Authentication
Section 9.1. Basic Framework
Section 9.2. Authenticating Humans
Section 9.3. Human Factors
Section 9.4. From the Machine's Point of View
Section 9.5. Advanced Approaches
Section 9.6. Case Studies
Section 9.7. Broader Issues
Section 9.8. The Take-Home Message
Section 9.9. Project Ideas
Chapter 10. Public Key Infrastructure
Section 10.1. Basic Definitions
Section 10.2. Basic Structure
Section 10.3. Complexity Arrives
Section 10.4. Multiple CAs
Section 10.5. Revocation
Section 10.6. The X.509 World
Section 10.7. Dissent
Section 10.8. Ongoing Trouble
Section 10.9. The Take-Home Message
Section 10.10. Project Ideas
Chapter 11. Standards, Compliance, and Testing
Section 11.1. Standards
Section 11.2. Policy Compliance
Section 11.3. Testing
Section 11.4. The Take-Home Message
Section 11.5. Project Ideas
Part IV: Applications
Chapter 12. The Web and Security
Section 12.1. Basic Structure
Section 12.2. Security Techniques
Section 12.3. Privacy Issues
Section 12.4. Web Services
Section 12.5. The Take-Home Message
Section 12.6. Project Ideas
Chapter 13. Office Tools and Security
Section 13.1. Word
Section 13.2. Lotus 1-2-3
Section 13.3. PDF
Section 13.4. Cut-and-Paste
Section 13.5. PKI and Office Tools
Section 13.6. Mental Models
Section 13.7. The Take-Home Message
Section 13.8. Project Ideas
Chapter 14. Money, Time, Property
Section 14.1. Money
Section 14.2. Time
Section 14.3. Property
Section 14.4. The Take-Home Message
Section 14.5. Project Ideas
Part V: Emerging Tools
Chapter 15. Formal Methods and Security
Section 15.1. Specification
Section 15.2. Logics
Section 15.3. Cranking the Handle
Section 15.4. Case Studies
Section 15.5. Spinning Your Bank Account
Section 15.6. Limits
Section 15.7. The Take-Home Message
Section 15.8. Project Ideas
Chapter 16. Hardware-Based Security
Section 16.1. Data Remanence
Section 16.2. Attacks and Defenses
Section 16.3. Tools
Section 16.4. Alternative Architectures
Section 16.5. Coming Trends
Section 16.6. The Take-Home Message
Section 16.7. Project Ideas
Chapter 17. In Search of the Evil Bit
Section 17.1. The AI Toolbox
Section 17.2. Application Taxonomy
Section 17.3. Case Study
Section 17.4. Making It Real
Section 17.5. The Take-Home Message
Section 17.6. Project Ideas
Chapter 18. Human Issues
Section 18.1. The Last Mile
Section 18.2. Design Principles
Section 18.3. Other Human-Space Issues
Section 18.4. Trust
Section 18.5. The Take-Home Message
Section 18.6. Project Ideas
The Take-Home Lesson
Appendix A. Exiled Theory
A.1 Relations, Orders, and Lattices
A.2 Functions
A.3 Computability Theory
A.4 Frameworks
A.5 Quantum Physics and Quantum Computation
Bibliography
Unknown
Index
SYMBOL
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
The Craft of System Security
by Sean Smith; John Marchesini
Publisher: Addison Wesley Professional
Pub Date: November 21, 2007
Print ISBN-10: 0-321-43483-8
Print ISBN-13: 978-0-321-43483-8
Pages: 592
Table of Contents | Index
Overview
"I believe The Craft of System Security is one of the best software security
books on the market today. It has not only breadth, but depth, covering topics
ranging from cryptography, networking, and operating systems--to the Web,
computer-human interaction, and how to improve the security of software
systems by improving hardware. Bottom line, this book should be required
reading for all who plan to call themselves security practitioners, and an
invaluable part of every university's computer science curriculum."
--Edward Bonver, CISSP, Senior Software QA Engineer, Product Security,
Symantec Corporation
"Here's to a fun, exciting read: a unique book chock-full of practical examples
of the uses and the misuses of computer security. I expect that it will motivate
a good number of college students to want to learn more about the field, at the
same time that it will satisfy the more experienced professional."
--L. Felipe Perrone, Department of Computer Science, Bucknell University
Whether you're a security practitioner, developer, manager, or administrator,
this book will give you the deep understanding necessary to meet today's
security challenges--and anticipate tomorrow's. Unlike most books, The Craft
of System Security doesn't just review the modern security practitioner's
toolkit: It explains why each tool exists, and discusses how to use it to solve
real problems.
After quickly reviewing the history of computer security, the authors move on
to discuss the modern landscape, showing how security challenges and
responses have evolved, and offering a coherent framework for understanding
today's systems and vulnerabilities. Next, they systematically introduce the
basic building blocks for securing contemporary systems, apply those building
blocks to today's applications, and consider important emerging trends such as
hardware-based security.
After reading this book, you will be able to
Understand the classic Orange Book approach to security, and its
limitations
Use operating system security tools and structures--with examples from
Windows, Linux, BSD, and Solaris
Learn how networking, the Web, and wireless technologies affect security
Identify software security defects, from buffer overflows to development
process flaws
Understand cryptographic primitives and their use in secure systems
Use best practice techniques for authenticating people and computer
systems in diverse settings
Use validation, standards, and testing to enhance confidence in a system's
security
Discover the security, privacy, and trust issues arising from desktop
productivity tools
Understand digital rights management, watermarking, information hiding,
and policy expression
Learn principles of human-computer interaction (HCI) design for improved
security
Understand the potential of emerging work in hardware-based security and
trusted computing
The Craft of System Security
by Sean Smith; John Marchesini
Publisher: Addison Wesley Professional
Pub Date: November 21, 2007
Print ISBN-10: 0-321-43483-8
Print ISBN-13: 978-0-321-43483-8
Pages: 592
Table of Contents | Index
Copyright
List of Figures
Preface
Acknowledgments
About the Authors
Part I: History
Chapter 1. Introduction
Section 1.1. The Standard Rubric
Section 1.2. The Matrix
Section 1.3. Other Views
Section 1.4. Safe States and the Access Control Matrix
Section 1.5. Other Hard Questions
Section 1.6. The Take-Home Message
Section 1.7. Project Ideas
Chapter 2. The Old Testament
Section 2.1. The Basic Framework
Section 2.2. Security Models
Section 2.3. The Orange Book
Section 2.4. INFOSEC, OPSEC, JOBSEC
Section 2.5. The Take-Home Message
Section 2.6. Project Ideas
Chapter 3. Old Principles, New World
Section 3.1. Solving the Wrong Problem?
Section 3.2. Lack of Follow-Through?
Section 3.3. Too Unwieldy?
Section 3.4. Saltzer and Schroeder
Section 3.5. Modern Relevance
Section 3.6. The Take-Home Message
Section 3.7. Project Ideas
Part II: Security and the Modern Computing Landscape
Chapter 4. OS Security
Section 4.1. OS Background
Section 4.2. OS Security Primitives and Principles
Section 4.3. Real OSes: Everything but the Kitchen Sink
Section 4.4. When the Foundation Cracks
Section 4.5. Where Are We?
Section 4.6. The Take-Home Message
Section 4.7. Project Ideas
Chapter 5. Network Security
Section 5.1. Basic Framework
Section 5.2. Protocols
Section 5.3. The Network as a Battlefield
Section 5.4. The Brave New World
Section 5.5. The Take-Home Message
Section 5.6. Project Ideas
Chapter 6. Implementation Security
Section 6.1. Buffer Overflow
Section 6.2. Argument Validation and Other Mishaps
Section 6.3. TOCTOU
Section 6.4. Malware
Section 6.5. Programming Language Security
Section 6.6. Security in the Development Lifecycle
Section 6.7. The Take-Home Message
Section 6.8. Project Ideas
Part III: Building Blocks for Secure Systems
Chapter 7. Using Cryptography
Section 7.1. Framework and Terminology
Section 7.2. Randomness
Section 7.3. Symmetric Cryptography
Section 7.4. Applications of Symmetric Cryptography
Section 7.5. Public-Key Cryptography
Section 7.6. Hash Functions
Section 7.7. Practical Issues: Public Key
Section 7.8. Past and Future
Section 7.9. The Take-Home Message
Section 7.10. Project Ideas
Chapter 8. Subverting Cryptography
Section 8.1. Breaking Symmetric Key without Brute Force
Section 8.2. Breaking Symmetric Key with Brute Force
Section 8.3. Breaking Public Key without Factoring
Section 8.4. Breaking Cryptography via the Real World
Section 8.5. The Potential of Efficiently Factoring Moduli
Section 8.6. The Take-Home Message
Section 8.7. Project Ideas
Chapter 9. Authentication
Section 9.1. Basic Framework
Section 9.2. Authenticating Humans
Section 9.3. Human Factors
Section 9.4. From the Machine's Point of View
Section 9.5. Advanced Approaches
Section 9.6. Case Studies
Section 9.7. Broader Issues
Section 9.8. The Take-Home Message
Section 9.9. Project Ideas
Chapter 10. Public Key Infrastructure
Section 10.1. Basic Definitions
Section 10.2. Basic Structure
Section 10.3. Complexity Arrives
Section 10.4. Multiple CAs
Section 10.5. Revocation
Section 10.6. The X.509 World
Section 10.7. Dissent
Section 10.8. Ongoing Trouble
Section 10.9. The Take-Home Message
Section 10.10. Project Ideas
Chapter 11. Standards, Compliance, and Testing
Section 11.1. Standards
Section 11.2. Policy Compliance
Section 11.3. Testing
Section 11.4. The Take-Home Message
Section 11.5. Project Ideas
Part IV: Applications
Chapter 12. The Web and Security
Section 12.1. Basic Structure
Section 12.2. Security Techniques
Section 12.3. Privacy Issues
Section 12.4. Web Services
Section 12.5. The Take-Home Message
Section 12.6. Project Ideas
Chapter 13. Office Tools and Security
Section 13.1. Word
Section 13.2. Lotus 1-2-3
Section 13.3. PDF
Section 13.4. Cut-and-Paste
Section 13.5. PKI and Office Tools
Section 13.6. Mental Models
Section 13.7. The Take-Home Message
Section 13.8. Project Ideas
Chapter 14. Money, Time, Property
Section 14.1. Money
Section 14.2. Time
Section 14.3. Property
Section 14.4. The Take-Home Message
Section 14.5. Project Ideas
Part V: Emerging Tools
Chapter 15. Formal Methods and Security
Section 15.1. Specification
Section 15.2. Logics
Section 15.3. Cranking the Handle
Section 15.4. Case Studies
Section 15.5. Spinning Your Bank Account
Section 15.6. Limits
Section 15.7. The Take-Home Message
Section 15.8. Project Ideas
Chapter 16. Hardware-Based Security
Section 16.1. Data Remanence
Section 16.2. Attacks and Defenses
Section 16.3. Tools
Section 16.4. Alternative Architectures
Section 16.5. Coming Trends
Section 16.6. The Take-Home Message
Section 16.7. Project Ideas
Chapter 17. In Search of the Evil Bit
Section 17.1. The AI Toolbox
Section 17.2. Application Taxonomy
Section 17.3. Case Study
Section 17.4. Making It Real
Section 17.5. The Take-Home Message
Section 17.6. Project Ideas
Chapter 18. Human Issues
Section 18.1. The Last Mile
Section 18.2. Design Principles
Section 18.3. Other Human-Space Issues
Section 18.4. Trust
Section 18.5. The Take-Home Message
Section 18.6. Project Ideas
The Take-Home Lesson
Appendix A. Exiled Theory
A.1 Relations, Orders, and Lattices
A.2 Functions
A.3 Computability Theory
A.4 Frameworks
A.5 Quantum Physics and Quantum Computation
Bibliography
Index
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
