Computer Security: Art and Science
This book is both a reference book and a textbook. Its audience is undergraduate and graduate students as well as practitioners.
Computer Security: Art and Science
Part 1. Introduction
Chapter 1. An Overview of Computer Security
Section 1.1. The Basic Components
Section 1.2. Threats
Section 1.3. Policy and Mechanism
Section 1.4. Assumptions and Trust
Section 1.5. Assurance
Section 1.6. Operational Issues
Section 1.7. Human Issues
Section 1.8. Tying It All Together
Section 1.9. Summary
Section 1.10. Research Issues
Section 1.11. Further Reading
Section 1.12. Exercises
Part 2. Foundations
Chapter 2. Access Control Matrix
Section 2.1. Protection State
Section 2.2. Access Control Matrix Model
Section 2.3. Protection State Transitions
Section 2.4. Copying, Owning, and the Attenuation of Privilege
Section 2.5. Summary
Section 2.6. Research Issues
Section 2.7. Further Reading
Section 2.8. Exercises
Chapter 3. Foundational Results
Section 3.1. The General Question
Section 3.2. Basic Results
Section 3.3. The Take-Grant Protection Model
Section 3.4. Closing the Gap
Section 3.5. Expressive Power and the Models
Section 3.6. Summary
Section 3.7. Research Issues
Section 3.8. Further Reading
Section 3.9. Exercises
Part 3. Policy
Chapter 4. Security Policies
Section 4.1. Security Policies
Section 4.2. Types of Security Policies
Section 4.3. The Role of Trust
Section 4.4. Types of Access Control
Section 4.5. Policy Languages
Section 4.6. Example: Academic Computer Security Policy
Section 4.7. Security and Precision
Section 4.8. Summary
Section 4.9. Research Issues
Section 4.10. Further Reading
Section 4.11. Exercises
Chapter 5. Confidentiality Policies
Section 5.1. Goals of Confidentiality Policies
Section 5.2. The Bell-LaPadula Model
Section 5.3. Tranquility
Section 5.4. The Controversy over the Bell-LaPadula Model
Section 5.5. Summary
Section 5.6. Research Issues
Section 5.7. Further Reading
Section 5.8. Exercises
Chapter 6. Integrity Policies
Section 6.1. Goals
Section 6.2. Biba Integrity Model
Section 6.3. Lipner's Integrity Matrix Model
Section 6.4. Clark-Wilson Integrity Model
Section 6.5. Summary
Section 6.6. Research Issues
Section 6.7. Further Reading
Section 6.8. Exercises
Chapter 7. Hybrid Policies
Section 7.1. Chinese Wall Model
Section 7.2. Clinical Information Systems Security Policy
Section 7.3. Originator Controlled Access Control
Section 7.4. Role-Based Access Control
Section 7.5. Summary
Section 7.6. Research Issues
Section 7.7. Further Reading
Section 7.8. Exercises
Chapter 8. Noninterference and Policy Composition
Section 8.1. The Problem
Section 8.2. Deterministic Noninterference
Section 8.3. Nondeducibility
Section 8.4. Generalized Noninterference
Section 8.5. Restrictiveness
Section 8.6. Summary
Section 8.7. Research Issues
Section 8.8. Further Reading
Section 8.9. Exercises
Part 4. Implementation I: Cryptography
Chapter 9. Basic Cryptography
Section 9.1. What Is Cryptography?
Section 9.2. Classical Cryptosystems
Section 9.3. Public Key Cryptography
Section 9.4. Cryptographic Checksums
Section 9.5. Summary
Section 9.6. Research Issues
Section 9.7. Further Reading
Section 9.8. Exercises
Chapter 10. Key Management
Section 10.1. Session and Interchange Keys
Section 10.2. Key Exchange
Section 10.3. Key Generation
Section 10.4. Cryptographic Key Infrastructures
Section 10.5. Storing and Revoking Keys
Section 10.6. Digital Signatures
Section 10.7. Summary
Section 10.8. Research Issues
Section 10.9. Further Reading
Section 10.10. Exercises
Chapter 11. Cipher Techniques
Section 11.1. Problems
Section 11.2. Stream and Block Ciphers
Section 11.3. Networks and Cryptography
Section 11.4. Example Protocols
Section 11.5. Summary
Section 11.6. Research Issues
Section 11.7. Further Reading
Section 11.8. Exercises
Chapter 12. Authentication
Section 12.1. Authentication Basics
Section 12.2. Passwords
Section 12.3. Challenge-Response
Section 12.4. Biometrics
Section 12.5. Location
Section 12.6. Multiple Methods
Section 12.7. Summary
Section 12.8. Research Issues
Section 12.9. Further Reading
Section 12.10. Exercises
Part 5. Implementation II: Systems
Chapter 13. Design Principles
Section 13.1. Overview
Section 13.2. Design Principles
Section 13.3. Summary
Section 13.4. Research Issues
Section 13.5. Further Reading
Section 13.6. Exercises
Chapter 14. Representing Identity
Section 14.1. What Is Identity?
Section 14.2. Files and Objects
Section 14.3. Users
Section 14.4. Groups and Roles
Section 14.5. Naming and Certificates
Section 14.6. Identity on the Web
Section 14.7. Summary
Section 14.8. Research Issues
Section 14.9. Further Reading
Section 14.10. Exercises
Chapter 15. Access Control Mechanisms
Section 15.1. Access Control Lists
Section 15.2. Capabilities
Section 15.3. Locks and Keys
Section 15.4. Ring-Based Access Control
Section 15.5. Propagated Access Control Lists
Section 15.6. Summary
Section 15.7. Research Issues
Section 15.8. Further Reading
Section 15.9. Exercises
Chapter 16. Information Flow
Section 16.1. Basics and Background
Section 16.2. Nonlattice Information Flow Policies
Section 16.3. Compiler-Based Mechanisms
Section 16.4. Execution-Based Mechanisms
Section 16.5. Example Information Flow Controls
Section 16.6. Summary
Section 16.7. Research Issues
Section 16.8. Further Reading
Section 16.9. Exercises
Chapter 17. Confinement Problem
Section 17.1. The Confinement Problem
Section 17.2. Isolation
Section 17.3. Covert Channels
Section 17.4. Summary
Section 17.5. Research Issues
Section 17.6. Further Reading
Section 17.7. Exercises
Part 6. Assurance
Chapter 18. Introduction to Assurance
Section 18.1. Assurance and Trust
Section 18.2. Building Secure and Trusted Systems
Section 18.3. Summary
Section 18.4. Research Issues
Section 18.5. Further Reading
Section 18.6. Exercises
Chapter 19. Building Systems with Assurance
Section 19.1. Assurance in Requirements Definition and Analysis
Section 19.2. Assurance During System and Software Design
Section 19.3. Assurance in Implementation and Integration
Section 19.4. Assurance During Operation and Maintenance
Section 19.5. Summary
Section 19.6. Research Issues
Section 19.7. Further Reading
Section 19.8. Exercises
Chapter 20. Formal Methods
Section 20.1. Formal Verification Techniques
Section 20.2. Formal Specification
Section 20.3. Early Formal Verification Techniques
Section 20.4. Current Verification Systems
Section 20.5. Summary
Section 20.6. Research Issues
Section 20.7. Further Reading
Section 20.8. Exercises
Chapter 21. Evaluating Systems
Section 21.1. Goals of Formal Evaluation
Section 21.2. TCSEC: 1983–1999
Section 21.3. International Efforts and the ITSEC: 1991–2001
Section 21.4. Commercial International Security Requirements: 1991
Section 21.5. Other Commercial Efforts: Early 1990s
Section 21.6. The Federal Criteria: 1992
Section 21.7. FIPS 140: 1994–Present
Section 21.8. The Common Criteria: 1998–Present
Section 21.9. SSE-CMM: 1997–Present
Section 21.10. Summary
Section 21.11. Research Issues
Section 21.12. Further Reading
Section 21.13. Exercises
Part 7. Special Topics
Chapter 22. Malicious Logic
Section 22.1. Introduction
Section 22.2. Trojan Horses
Section 22.3. Computer Viruses
Section 22.4. Computer Worms
Section 22.5. Other Forms of Malicious Logic
Section 22.6. Theory of Malicious Logic
Section 22.7. Defenses
Section 22.8. Summary
Section 22.9. Research Issues
Section 22.10. Further Reading
Section 22.11. Exercises
Chapter 23. Vulnerability Analysis
Section 23.1. Introduction
Section 23.2. Penetration Studies
Section 23.3. Vulnerability Classification
Section 23.4. Frameworks
Section 23.5. Gupta and Gligor's Theory of Penetration Analysis
Section 23.6. Summary
Section 23.7. Research Issues
Section 23.8. Further Reading
Section 23.9. Exercises
Chapter 24. Auditing
Section 24.1. Definitions
Section 24.2. Anatomy of an Auditing System
Section 24.3. Designing an Auditing System
Section 24.4. A Posteriori Design
Section 24.5. Auditing Mechanisms
Section 24.6. Examples: Auditing File Systems
Section 24.7. Audit Browsing
Section 24.8. Summary
Section 24.9. Research Issues
Section 24.10. Further Reading
Section 24.11. Exercises
Chapter 25. Intrusion Detection
Section 25.1. Principles
Section 25.2. Basic Intrusion Detection
Section 25.3. Models
Section 25.4. Architecture
Section 25.5. Organization of Intrusion Detection Systems
Section 25.6. Intrusion Response
Section 25.7. Summary
Section 25.8. Research Issues
Section 25.9. Further Reading
Section 25.10. Exercises
Part 8. Practicum
Chapter 26. Network Security
Section 26.1. Introduction
Section 26.2. Policy Development
Section 26.3. Network Organization
Section 26.4. Availability and Network Flooding
Section 26.5. Anticipating Attacks
Section 26.6. Summary
Section 26.7. Research Issues
Section 26.8. Further Reading
Section 26.9. Exercises
Chapter 27. System Security
Section 27.1. Introduction
Section 27.2. Policy
Section 27.3. Networks
Section 27.4. Users
Section 27.5. Authentication
Section 27.6. Processes
Section 27.7. Files
Section 27.8. Retrospective
Section 27.9. Summary
Section 27.10. Research Issues
Section 27.11. Further Reading
Section 27.12. Exercises
Chapter 28. User Security
Section 28.1. Policy
Section 28.2. Access
Section 28.3. Files and Devices
Section 28.4. Processes
Section 28.5. Electronic Communications
Section 28.6. Summary
Section 28.7. Research Issues
Section 28.8. Further Reading
Section 28.9. Exercises
Chapter 29. Program Security
Section 29.1. Introduction
Section 29.2. Requirements and Policy
Section 29.3. Design
Section 29.4. Refinement and Implementation
Section 29.5. Common Security-Related Programming Problems
Section 29.6. Testing, Maintenance, and Operation
Section 29.7. Distribution
Section 29.8. Conclusion
Section 29.9. Summary
Section 29.10. Research Issues
Section 29.11. Further Reading
Section 29.12. Exercises
Part 9. End Matter
Chapter 30. Lattices
Section 30.1. Basics
Section 30.2. Lattices
Section 30.3. Exercises
Chapter 31. The Extended Euclidean Algorithm
Section 31.1. The Euclidean Algorithm
Section 31.2. The Extended Euclidean Algorithm
Section 31.3. Solving ax mod n = 1
Section 31.4. Solving ax mod n = b
Section 31.5. Exercises
Chapter 32. Entropy and Uncertainty
Section 32.1. Conditional and Joint Probability
Section 32.2. Entropy and Uncertainty
Section 32.3. Joint and Conditional Entropy
Section 32.4. Exercises
Chapter 33. Virtual Machines
Section 33.1. Virtual Machine Structure
Section 33.2. Virtual Machine Monitor
Section 33.3. Exercises
Chapter 34. Symbolic Logic
Section 34.1. Propositional Logic
Section 34.2. Predicate Logic
Section 34.3. Temporal Logic Systems
Section 34.4. Exercises
Chapter 35. Example Academic Security Policy
Section 35.1. University of California E-mail Policy
Section 35.2. The Acceptable Use Policy for the University of California, Davis
Bibliography
Computer Security: Art and Science includes detailed discussions on:
- The nature and challenges of computer security
- The relationship between policy and security
- The role and application of cryptography
- The mechanisms used to implement policies
- Methodologies and technologies for assurance
- Vulnerability analysis and intrusion detection
Computer Security discusses different policy models, and presents mechanisms that can be used to enforce these policies. It concludes with examples that show how to apply the principles discussed in earlier
Sections, beginning with networks and moving on to systems, users, and programs.
This important work is essential for anyone who needs to understand, implement, or maintain a secure network or computer system
Organization
Part 1, "Introduction," describes what computer security is all about and explores the problems and challenges to be faced. It sets the context for the remainder of the book.
Part 2, "Foundations," deals with basic questions such as how "security" can be clearly and functionally defined, whether or not it is realistic, and whether or not it is decidable. If it is decidable, under what conditions is it decidable, and if not, how must the definition be bounded in order to make it decidable?
Part 3, "Policy," probes the relationship between policy and security. The definition of "security" depends on policy. In Part 3 we examine several types of policies, including the ever-present fundamental questions of trust, analysis of policies, and the use of policies to constrain operations and transitions.
Part 4, "Implementation I: Cryptography," discusses cryptography and its role in security. It focuses on applications and discusses issues such as key management and escrow, key distribution, and how cryptosystems are used in networks. A quick study of authentication completes Part 4.
Part 5, "Implementation II: Systems," considers how to implement the requirements imposed by policies using system-oriented techniques. Certain design principles are fundamental to effective security mechanisms. Policies define who can act and how they can act, and so identity is a critical aspect of implementation. Mechanisms implementing access control and flow control enforce various aspects of policies.
Part 6, "Assurance," presents methodologies and technologies for ascertaining how well a system, or a product, meets its goals. After setting the background, to explain exactly what "assurance" is, the art of building systems to meet varying levels of assurance is discussed. Formal verification methods play a role. Part 6 shows how the progression of standards has enhanced our understanding of assurance techniques.
Part 7, "Special Topics," discusses some miscellaneous aspects of computer security. Malicious logic thwarts many mechanisms. Despite our best efforts at high assurance, systems today are replete with vulnerabilities. Why? How can a system be analyzed to detect vulnerabilities? What models might help us improve the state of the art? Given these security holes, how can we detect attackers who exploit them? A discussion of auditing flows naturally into a discussion of intrusion detection—a detection method for such attacks.
Part 8, "Practicum," presents examples of how to apply the principles discussed throughout the book. It begins with networks and proceeds to systems, users, and programs. Each chapter states a desired policy and shows how to translate that policy into a set of mechanisms and procedures that support the policy. Part 8 tries to demonstrate that the material covered elsewhere can be, and should be, used in practice.
Each chapter in this book ends with a summary, descriptions of some research issues, and some suggestions for further reading. The summary highlights the important ideas in the chapter. The research issues are current "hot topics" or are topics that may prove to be fertile ground for advancing the state of the art and science of computer security. Interested readers who wish to pursue the topics in any chapter in more depth can go to some of the suggested readings. They expand on the material in the chapter or present other interesting avenues.