第1页 / 共519页
第2页 / 共519页
第3页 / 共519页
第4页 / 共519页
第5页 / 共519页
第6页 / 共519页
第7页 / 共519页
第8页 / 共519页
Introduction to Computer Security (2014).pdf
Cover
Table of Contents
1. Introduction
2. Physical Security
3. Operating Systems Security
4. Malware
5. Network Security I
6. Network Security II
7. Web Security
8. Cryptography
9. Distributed-Applications Security
10. Bibliography
Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
Y
Z
Introduction to Computer SecurityMichael Goodrich Roberto TamassiaFirst Edition
Pearson Education LimitedEdinburgh GateHarlowEssex CM20 2JEEngland and Associated Companies throughout the worldVisit us on the World Wide Web at: www.pearsoned.co.uk© Pearson Education Limited 2014 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without either the prior written permission of the publisher or a licence permitting restricted copying in the United Kingdom issued by the Copyright Licensing Agency Ltd, Saffron House, 6–10 Kirby Street, London EC1N 8TS.All trademarks used herein are the property of their respective owners. The use of any trademark in this text does not vest in the author or publisher any trademark ownership rights in such trademarks, nor does the use of such trademarks imply any affi liation with or endorsement of this book by such owners. British Library Cataloguing-in-Publication DataA catalogue record for this book is available from the British Library Printed in the United States of AmericaISBN 10: 1-292-02540-9ISBN 13: 978-1-292-02540-7ISBN 10: 1-292-02540-9ISBN 13: 978-1-292-02540-7
Table of ContentsPEARSON CUSTOM LIBRARY I1. Introduction11Michael T. Goodrich/Roberto Tamassia2. Physical Security5555Michael T. Goodrich/Roberto Tamassia3. Operating Systems Security113113Michael T. Goodrich/Roberto Tamassia4. Malware173173Michael T. Goodrich/Roberto Tamassia5. Network Security I221221Michael T. Goodrich/Roberto Tamassia6. Network Security II269269Michael T. Goodrich/Roberto Tamassia7. Web Security327327Michael T. Goodrich/Roberto Tamassia8. Cryptography387387Michael T. Goodrich/Roberto Tamassia9. Distributed-Applications Security445445Michael T. Goodrich/Roberto Tamassia10. Bibliography499499Michael T. Goodrich/Roberto Tamassia505505Index
This page intentionally left blank
IntroductionContents1FundamentalConcepts1.1Confidentiality,Integrity,andAvailability1.2Assurance,Authenticity,andAnonymity1.3ThreatsandAttacks1.4SecurityPrinciples2AccessControlModels2.1AccessControlMatrices2.2AccessControlLists2.3Capabilities2.4Role-BasedAccessControl3CryptographicConcepts3.1Encryption3.2DigitalSignatures3.3SimpleAttacksonCryptosystems3.4CryptographicHashFunctions3.5DigitalCertificates4ImplementationandUsabilityIssues4.1EfficiencyandUsability4.2Passwords4.3SocialEngineering4.4VulnerabilitiesfromProgrammingErrors5ExercisesFromChapter1ofIntroductionFirstEdition,MichaelT.Goodrich,RobertoTamassia. Copyright 2011byPearsonEducation,Inc.PublishedbyPearsonAddison-Wesley.Allrightsreserved.toComputerScience,1
1FundamentalConceptsInthischapter,weintroduceseveralfundamentalconceptsincomputersecurity.Topicsrangefromtheoreticalcryptographicprimitives,suchasdigitalsignatures,topracticalusabilityissues,suchassocialengineering.Existingcomputersystemsmaycontainlegacyfeaturesofearlierver-sionsdatingbacktobygoneeras,suchaswhentheInternetwasthesoledomainofacademicresearchersandmilitarylabs.Forinstance,assump-tionsoftrustandlackofmaliciousbehavioramongnetwork-connectedmachines,whichmayhavebeenjustifiableintheearlyeighties,aresurpris-inglystillpresentinthewaytheInternetoperatestoday.SuchassumptionshaveledtothegrowthofInternet-basedcrime.Animportantaspectofcomputersecurityistheidentificationofvulner-abilitiesincomputersystems,whichcan,forinstance,allowamalicioususertogainaccesstoprivatedataandevenassumefullcontrolofamachine.Vulnerabilitiesenableavarietyofattacks.Analysisoftheseattackscandeterminetheseverityofdamagethatcanbeinflictedandthelikelihoodthattheattackcanbefurtherreplicated.Actionsthatneedtobetakentodefendagainstattacksincludeidentifyingcompromisedmachines,removingthemaliciouscode,andpatchingsystemstoeliminatethevulnerability.Inordertohaveasecurecomputersystem,soundmodelsareafirststep.Inparticular,itisimportanttodefinethesecuritypropertiesthatmustbeassured,anticipatethetypesofattacksthatcouldbelaunched,anddevelopspecificdefenses.Thedesignshouldalsotakeintoaccountusabilityissues.Indeed,securitymeasuresthataredifficulttounderstandandinconvenienttofollowwilllikelyleadtofailureofadoption.Next,thehardwareandsoftwareimplementationofasystemneedstoberigorouslytestedtodetectprogrammingerrorsthatintroducevulnerabilities.Oncethesystemisdeployed,proceduresshouldbeputinplacetomonitorthebehaviorofthesystem,detectsecuritybreaches,andreacttothem.Finally,security-relatedpatchestothesystemmustbeappliedassoonastheybecomeavailable.Computersecurityconceptsoftenarebetterunderstoodbylookingatissuesinabroadercontext.Forthisreason,thistextalsoincludesdiscussionsofthesecurityofvariousphysicalandreal-worldsystems,includinglocks,ATMmachines,andpassengerscreeningatairports.Introduction2
1.1Confidentiality,Integrity,andAvailabilityComputersandnetworksarebeingmisusedatagrowingrate.Spam,phishing,andcomputervirusesarebecomingmultibillion-dollarproblems,asisidentitytheft,whichposesaseriousthreattothepersonalfinancesandcreditratingsofusers,andcreatesliabilitiesforcorporations.Thus,thereisagrowingneedforbroaderknowledgeofcomputersecurityinsocietyaswellasincreasedexpertiseamonginformationtechnologypro-fessionals.Societyneedsmoresecurity-educatedcomputerprofessionals,whocansuccessfullydefendagainstandpreventcomputerattacks,aswellassecurity-educatedcomputerusers,whocansafelymanagetheirowninformationandthesystemstheyuse.Oneofthefirstthingsweneedtodoinatextoncomputersecurityistodefineourconceptsandterms.Classically,informationsecurityhasbeendefinedintermsoftheacronymC.I.A.,whichinthiscasestandsforconfidentiality,integrity,andavailability.(SeeFigure1.)IntegrityConfidentialityAvailabilityFigure1:TheC.I.A.concepts:confidentiality,integrity,andavailability.© Fotolia, LLC–Royalty Free© Andresr/Shutterstock© Yuri Arcurs/Fotolia, LLC–Royalty FreeIntroduction3
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
