[Book Cover]

Security in Computing, 2/e

Charles P. Pfleeger, Arca Systems, Inc., Vienna, Virginia

Published September, 1996 by Prentice Hall PTR (ECS Professional)

Copyright 1997, 592 pp.
Cloth
ISBN 0-13-337486-6
$67.00


Sign up for future
mailings on this subject.

See other books about:
    Computer & Networking Security

 [Preface]





Every day, more and more critical information is created, transmitted, and archived by computers. This ever-growing reliance on technology has made computer security a higher priority than ever before, yet the pace of computer development has far outstripped the improvements in computer security. Today's computer professionals need a comprehensive understanding of all aspects of security in computing. Security in Computing is the most complete and up-to-date college textbook now available. Enlivened by actual case studies and supported by more than 175 exercises, the book covers:

  • Viruses, worms, Trojan horses, and other forms of malicious code
  • Firewalls and the protection of networked systems
  • E-mail privacy, including PEM, PGP, key management, and certificates
  • Key escrow—both as a technology and in the “Clipper” program
  • Evaluation of trusted systems, including the Common Criteria, the ITSEC, and the Orange Book
  • Standards for program development and quality, including ISO9000 and SEI CMM
  • Administering secure installations of PCs, UNIX¨, and networked environments
  • Ethical and legal issues in computing
A modular, layered structure makes Security in Computing ideal for classroom use as well as a reference for professionals. Once the basic tools have been covered, the remaining chapters can be studied in any order, and to any depth desired.

Since the publication of the first edition in 1989, the number of threats to secure computing have increased, but so have the available countermeasures. This second edition has been thoroughly revised to reflect teaching experiences with the first edition and to incorporate all the latest information on computer security.

Author Bio

Charles P. Pfleeger is a principal consultant at Trusted Information Systems. He has worked on security projects in Europe and Australia as well as in the USA. He has also spent 14 years as a professor of computer science at the University of Tennessee. Dr. Pfleeger is a graduate of Ohio Wesleyan University, and holds a Ph. D. in Computer Science from Pennsylvania State University.



    Preface.
    1. Is There a Security Problem in Computing?

      Characteristics of Computer Intrusion. Kinds of Security Breaches. Security Goals and Vulnerabilities. The People Involved. Methods of Defense. Plan of Attack. Bibliographic Notes. Terms and Concepts. Exercises.

    2. Basic Encryption and Decryption.

      Terminology and Background. Monoalphabetic Ciphers (Substitutions). Polyalphabetic Substitution Ciphers. Transpositions (Permutations). Fractionated Morse. Stream and Block Ciphers. Characteristics of “Good” Ciphers. What the Cryptanalyst Has to Work With. Summary of Basic Encryption. Bibliographic Notes. Terms and Concepts. Exercises.

    3. Secure Encryption Systems.

      “Hard” Problems: Complexity. Properties of Arithmetic. Public Key Encryption Systems. Merkle—Hellman Knapsacks. Rivest—Shamir— Adelman (RSA) Encryption. El Gamal and Digital Signature Algorithms. Hash Algorithms. Secure Secret Key (Symmetric) Systems. The Data Encryption Standard (DES). Key Escrow and Clipper. The Clipper Program. Conclusions. Summary of Secure Encryption. Bibliographic Notes. Terms and Concepts. Exercises.

    4. Using Encryption: Protocols and Practices.

      Protocols: Orderly Behavior. How to Use Encryption. Enhancing Cryptographic Security. Modes of Encryption. Summary of Protocols and Practices. Bibliographic Notes. Terms and Concepts. Exercises.

    5. Program Security.

      Viruses and Other Malicious Code. Targeted Malicious Code. Controls Against Program Threats. Summary of Program Threats and Controls. Bibliographic Notes. Terms and Concepts. Exercises.

    6. Protection in General-Purpose Operating Systems.

      Protected Objects and Methods of Protection. Protecting Memory and Addressing. Protecting Access to General Objects. File Protection Mechanisms. User Authentication. Summary of Security for Users. Bibliographic Notes. Terms and Concepts. Exercises.

    7. Designing Trusted Operating Systems.

      What Is a Trusted System? Security Policies. Models of Security. Design of Trusted Operating Systems. Assurance in Trusted Operating Systems. Implementation Examples. Summary of Security in Operating Systems. Bibliographic Notes. Terms and Concepts. Exercises.

    8. Data Base Security.

      Introduction to Data Bases. Security Requirements. Reliability and Integrity. Sensitive Data. Inference Problem. Multilevel Data Bases. Proposals for Multilevel Security. Summary of Data Base Security. Bibliographic Notes. Terms and Concepts. Exercises.

    9. Security in Networks and Distributed Systems.

      Network Concepts. Threats in Networks. Network Security Controls. Privacy Enhanced Electronic Mail. Firewalls. Encrypting Gateway. Multilevel Security on Networks. Summary of Network Security. Bibliographic Notes. Terms and Concepts. Exercises.

    10. Administering Security.

      Personal Computer Security Management. UNIX Security Management. Network Security Management. Risk Analysis. Security Planning. Organizational Security Policies. Summary of Administering Security. Bibliographic Notes. Terms and Concepts. Exercises.

    11. Legal and Ethical Issues in Computer Security.

      Protecting Programs and Data. Information and the Law. Rights of Employees and Employers. Computer Crime. Ethical Issues in Computer Security. Ethical Reasoning. Electronic Privacy. Privacy of Electronic Data. Use of Encryption. Cryptographic Key Escrow. Case Studies of Ethics. Case Studies of Ethics. Codes of Ethics. Conclusion. Bibliographic Notes. Terms and Concepts.

    Bibliography.
    Index.

[Help] [Home]

© Prentice-Hall, Inc. A Pearson Education Company
Comments To webmaster@prenhall.com