Security in computing

Appropriate for beginning to intermediate courses in computer security. This sweeping revision of the classic computer security book provides an authoritative overview of computer security for every type of system, from traditional centralized systems to distributed networks and the Internet. The Third Edition has been updated to reflect the state-of-the-art in networking; cryptography; program and operating system security; administration; legal, privacy, and ethical issues, and much more. It combines core computer science concepts related to operating systems, networks, data bases, and programming, with accessible discussions of the use of cryptography and protocols. The book describes each important area from a developer's or user's point of view, lays out the security vulnerabilities and threats, and follows countermeasures to address them. Their book's layered approach is ideal for instructors who wish to customize courses based on their unique requirements. They also provide extensive pedagogical resources-including overviews, end-of-chapter reviews, lists of key terms, and updated exercises and references. The authors are recognized experts in their fields. Lead author Dr. Charles P. Pfleeger, CISSP, is currently Master Security Architect for Cable & Wireless, one of the world's leading providers of Internet and secure infrastructure services. Co-author Dr. Shari Lawrence Pfleeger is a Senior Researcher at RAND Corporation, a not-for-profit company providing strategy and decision-making support in the public interest. They are the authors of more than a dozen previous books on computer security, software engineering, software measurement, software quality, and programming. Supplements including a solutions manual, PowerPoints and a companion website are available. In the "Resources" box above, please click on "Instructor."

Foreword. Preface to the Third Edition. 1. Is There a Security Problem in Computing? What Does "Secure" Mean? Attacks. The Meaning of Computer Security. Computer Criminals. Methods of Defense. What's Next. Summary. Terms and Concepts. Where the Field Is Headed. To Learn More. Exercises. 2. Elementary Cryptography. Terminology and Background. Substitution Ciphers. Transposition (Permutations). Making "Good" Encryption Algorithms. The Data Encryption Standard (DES). The AES Encryption Algorithm. Public Key Encryption. The Uses of Encryption. Summary of Encryption. Terms and Concepts. Where the Field Is Headed. To Learn More. Exercises. 3. Program Security. Secure Programs. Nonmalicious Program Errors. Viruses and Other Malicious Code. Targeted Malicious Code. Controls Against Program Threats. Summary of Program Threats and Controls. Terms and Concepts. Where the Field Is Headed. To Learn More. Exercises. 4. Protection in General-Purpose Operating Systems. Protected Objects and Methods of Protection. Memory and Address Protection. Control of Access to General Objects. File Protection Mechanisms. User Authentication. Summary of Security for Users. Terms and Concepts. Where the Field Is Headed. To Learn More. Exercises. 5.Designing Trusted Operating Systems. What Is a Trusted System? Security Policies. Models of Security. Trusted Operating System Design. Assurance in Trusted Operating Systems. Implementation Examples. Summary of Security in Operating Systems. Terms and Concepts. Where the Field Is Headed. To Learn More. Exercises. 6. Database Security. Introduction to Databases. Security Requirements. Reliability and Integrity. Sensitive Data. Inference. Multilevel Databases. Proposals for Multilevel Security. Summary of Database Security. Terms and Concepts. Where the Field Is Headed. To Learn More. Exercises. 7. Security in Networks. Network Concepts. Threats in Networks. Network Security Controls. Firewalls. Intrusion Detection Systems. Secure E-Mail. Summary of Network Security. Terms and Concepts. Where the Field Is Headed. To Learn More. Exercises. 8. Administering Security. Security Planning. Risk Analysis. Organizational Security Policies. Physical Security. Summary. Terms and Concepts. To Learn More. Exercises. 9. Legal, Privacy, and Ethical Issues in Computer Security. Protecting Programs and Data. Information and the Law. Rights of Employees and Employers. Software Failures. Computer Crime. Privacy. Ethical Issues in Computer Security. Case Studies of Ethics. Case I: Use of Computer Services. Case II: Privacy Rights. Case III: Denial of Service. Case IV: Ownership of Programs. Case V: Proprietary Resources. Case VI: Fraud. Case VII: Accuracy of Information. Case VIII: Ethics of Hacking or Cracking. Codes of Ethics. Conclusion of Computer Ethics. Terms and Concepts. To Learn More. Exercises. 10. Cryptography Explained. Mathematics for Cryptography. Symmetric Encryption. Public Key Encryption Systems. Quantum Cryptography. Summary of Encryption. Terms and Concepts. Where the Field Is Headed. To Learn More. Exercises. Bibliography. Index.