Computer Security: Art and Science • Table of Contents file:///C|/Documenti/Scuola/Actual/Tecniche%20Sicurezza/Book/123/0-201-44099-7.htm (1 of 2)22/03/2007 12.39.09 PM Computer Security: Art and Science Computer Security: Art and Science By Matt Bishop Publisher: Addison Wesley Pub Date: November 29, 2002 ISBN: 0-201-44099-7 Pages: 1136 "This is an excellent text that should be read by every computer security professional and student." —Dick Kemmerer, University of California, Santa Barbara. "This is the most complete book on information security theory, technology, and practice that I have encountered anywhere!" —Marvin Schaefer, Former Chief Scientist, National Computer Security Center, NSA This highly anticipated book fully introduces the theory and practice of computer security. It is both a comprehensive text, explaining the most fundamental and pervasive aspects of the field, and a detailed reference filled with valuable information for even the most seasoned practitioner. In this one extraordinary volume the author incorporates concepts from computer systems, networks, human factors, and cryptography. In doing so, he effectively demonstrates that computer security is an art as well as a science. Computer Security: Art and Science includes detailed discussions on: G The nature and challenges of computer security G The relationship between policy and security G The role and application of cryptography G The mechanisms used to implement policies G Methodologies and technologies for assurance G Vulnerability analysis and intrusion detection Computer Security discusses different policy models, and presents mechanisms that can be used to enforce these policies. It concludes with examples that show how to apply the principles discussed in earlier sections, beginning with networks and moving on to systems, users, and programs. This important work is essential for anyone who needs to understand, implement, or maintain a secure network or computer system. file:///C|/Documenti/Scuola/Actual/Tecniche%20Sicurezza/Book/123/0-201-44099-7.htm (2 of 2)22/03/2007 12.39.09 PM Computer Security: Art and Science • Table of Contents Computer Security: Art and Science By Matt Bishop Publisher: Addison Wesley Pub Date: November 29, 2002 ISBN: 0-201-44099-7 Pages: 1136 Copyright Preface Goals Philosophy Organization Roadmap Special Acknowledgment Acknowledgments Part 1. Introduction Chapter 1. An Overview of Computer Security Section 1.1. The Basic Components Section 1.2. Threats Section 1.3. Policy and Mechanism Section 1.4. Assumptions and Trust Section 1.5. Assurance Section 1.6. Operational Issues Section 1.7. Human Issues Section 1.8. Tying It All Together Section 1.9. Summary Section 1.10. Research Issues file:///C|/Documenti/Scuola/Actual/Tecniche%20Sicurezza/Book/123/0-201-44099-7Toc.htm (1 of 11)22/03/2007 12.39.11 PM Computer Security: Art and Science Section 1.11. Further Reading Section 1.12. Exercises Part 2. Foundations Chapter 2. Access Control Matrix Section 2.1. Protection State Section 2.2. Access Control Matrix Model Section 2.3. Protection State Transitions Section 2.4. Copying, Owning, and the Attenuation of Privilege Section 2.5. Summary Section 2.6. Research Issues Section 2.7. Further Reading Section 2.8. Exercises Chapter 3. Foundational Results Section 3.1. The General Question Section 3.2. Basic Results Section 3.3. The Take-Grant Protection Model Section 3.4. Closing the Gap Section 3.5. Expressive Power and the Models Section 3.6. Summary Section 3.7. Research Issues Section 3.8. Further Reading Section 3.9. Exercises Part 3. Policy Chapter 4. Security Policies Section 4.1. Security Policies Section 4.2. Types of Security Policies Section 4.3. The Role of Trust Section 4.4. Types of Access Control Section 4.5. Policy Languages Section 4.6. Example: Academic Computer Security Policy Section 4.7. Security and Precision Section 4.8. Summary Section 4.9. Research Issues Section 4.10. Further Reading Section 4.11. Exercises file:///C|/Documenti/Scuola/Actual/Tecniche%20Sicurezza/Book/123/0-201-44099-7Toc.htm (2 of 11)22/03/2007 12.39.11 PM Computer Security: Art and Science Chapter 5. Confidentiality Policies Section 5.1. Goals of Confidentiality Policies Section 5.2. The Bell-LaPadula Model Section 5.3. Tranquility Section 5.4. The Controversy over the Bell-LaPadula Model Section 5.5. Summary Section 5.6. Research Issues Section 5.7. Further Reading Section 5.8. Exercises Chapter 6. Integrity Policies Section 6.1. Goals Section 6.2. Biba Integrity Model Section 6.3. Lipner's Integrity Matrix Model Section 6.4. Clark-Wilson Integrity Model Section 6.5. Summary Section 6.6. Research Issues Section 6.7. Further Reading Section 6.8. Exercises Chapter 7. Hybrid Policies Section 7.1. Chinese Wall Model Section 7.2. Clinical Information Systems Security Policy Section 7.3. Originator Controlled Access Control Section 7.4. Role-Based Access Control Section 7.5. Summary Section 7.6. Research Issues Section 7.7. Further Reading Section 7.8. Exercises Chapter 8. Noninterference and Policy Composition Section 8.1. The Problem Section 8.2. Deterministic Noninterference Section 8.3. Nondeducibility Section 8.4. Generalized Noninterference Section 8.5. Restrictiveness Section 8.6. Summary Section 8.7. Research Issues file:///C|/Documenti/Scuola/Actual/Tecniche%20Sicurezza/Book/123/0-201-44099-7Toc.htm (3 of 11)22/03/2007 12.39.11 PM Computer Security: Art and Science Section 8.8. Further Reading Section 8.9. Exercises Part 4. Implementation I: Cryptography Chapter 9. Basic Cryptography Section 9.1. What Is Cryptography? Section 9.2. Classical Cryptosystems Section 9.3. Public Key Cryptography Section 9.4. Cryptographic Checksums Section 9.5. Summary Section 9.6. Research Issues Section 9.7. Further Reading Section 9.8. Exercises Chapter 10. Key Management Section 10.1. Session and Interchange Keys Section 10.2. Key Exchange Section 10.3. Key Generation Section 10.4. Cryptographic Key Infrastructures Section 10.5. Storing and Revoking Keys Section 10.6. Digital Signatures Section 10.7. Summary Section 10.8. Research Issues Section 10.9. Further Reading Section 10.10. Exercises Chapter 11. Cipher Techniques Section 11.1. Problems Section 11.2. Stream and Block Ciphers Section 11.3. Networks and Cryptography Section 11.4. Example Protocols Section 11.5. Summary Section 11.6. Research Issues Section 11.7. Further Reading Section 11.8. Exercises Chapter 12. Authentication Section 12.1. Authentication Basics Section 12.2. Passwords file:///C|/Documenti/Scuola/Actual/Tecniche%20Sicurezza/Book/123/0-201-44099-7Toc.htm (4 of 11)22/03/2007 12.39.11 PM Computer Security: Art and Science Section 12.3. Challenge-Response Section 12.4. Biometrics Section 12.5. Location Section 12.6. Multiple Methods Section 12.7. Summary Section 12.8. Research Issues Section 12.9. Further Reading Section 12.10. Exercises Part 5. Implementation II: Systems Chapter 13. Design Principles Section 13.1. Overview Section 13.2. Design Principles Section 13.3. Summary Section 13.4. Research Issues Section 13.5. Further Reading Section 13.6. Exercises Chapter 14. Representing Identity Section 14.1. What Is Identity? Section 14.2. Files and Objects Section 14.3. Users Section 14.4. Groups and Roles Section 14.5. Naming and Certificates Section 14.6. Identity on the Web Section 14.7. Summary Section 14.8. Research Issues Section 14.9. Further Reading Section 14.10. Exercises Chapter 15. Access Control Mechanisms Section 15.1. Access Control Lists Section 15.2. Capabilities Section 15.3. Locks and Keys Section 15.4. Ring-Based Access Control Section 15.5. Propagated Access Control Lists Section 15.6. Summary Section 15.7. Research Issues file:///C|/Documenti/Scuola/Actual/Tecniche%20Sicurezza/Book/123/0-201-44099-7Toc.htm (5 of 11)22/03/2007 12.39.11 PM Computer Security: Art and Science Section 15.8. Further Reading Section 15.9. Exercises Chapter 16. Information Flow Section 16.1. Basics and Background Section 16.2. Nonlattice Information Flow Policies Section 16.3. Compiler-Based Mechanisms Section 16.4. Execution-Based Mechanisms Section 16.5. Example Information Flow Controls Section 16.6. Summary Section 16.7. Research Issues Section 16.8. Further Reading Section 16.9. Exercises Chapter 17. Confinement Problem Section 17.1. The Confinement Problem Section 17.2. Isolation Section 17.3. Covert Channels Section 17.4. Summary Section 17.5. Research Issues Section 17.6. Further Reading Section 17.7. Exercises Part 6. Assurance Chapter 18. Introduction to Assurance Section 18.1. Assurance and Trust Section 18.2. Building Secure and Trusted Systems Section 18.3. Summary Section 18.4. Research Issues Section 18.5. Further Reading Section 18.6. Exercises Chapter 19. Building Systems with Assurance Section 19.1. Assurance in Requirements Definition and Analysis Section 19.2. Assurance During System and Software Design Section 19.3. Assurance in Implementation and Integration Section 19.4. Assurance During Operation and Maintenance Section 19.5. Summary Section 19.6. Research Issues file:///C|/Documenti/Scuola/Actual/Tecniche%20Sicurezza/Book/123/0-201-44099-7Toc.htm (6 of 11)22/03/2007 12.39.11 PM Computer Security: Art and Science Section 19.7. Further Reading Section 19.8. Exercises Chapter 20. Formal Methods Section 20.1. Formal Verification Techniques Section 20.2. Formal Specification Section 20.3. Early Formal Verification Techniques Section 20.4. Current Verification Systems Section 20.5. Summary Section 20.6. Research Issues Section 20.7. Further Reading Section 20.8. Exercises Chapter 21. Evaluating Systems Section 21.1. Goals of Formal Evaluation Section 21.2. TCSEC: 1983–1999 Section 21.3. International Efforts and the ITSEC: 1991–2001 Section 21.4. Commercial International Security Requirements: 1991 Section 21.5. Other Commercial Efforts: Early 1990s Section 21.6. The Federal Criteria: 1992 Section 21.7. FIPS 140: 1994–Present Section 21.8. The Common Criteria: 1998–Present Section 21.9. SSE-CMM: 1997–Present Section 21.10. Summary Section 21.11. Research Issues Section 21.12. Further Reading Section 21.13. Exercises Part 7. Special Topics Chapter 22. Malicious Logic Section 22.1. Introduction Section 22.2. Trojan Horses Section 22.3. Computer Viruses Section 22.4. Computer Worms Section 22.5. Other Forms of Malicious Logic Section 22.6. Theory of Malicious Logic Section 22.7. Defenses Section 22.8. Summary file:///C|/Documenti/Scuola/Actual/Tecniche%20Sicurezza/Book/123/0-201-44099-7Toc.htm (7 of 11)22/03/2007 12.39.11 PM Computer Security: Art and Science Section 22.9. Research Issues Section 22.10. Further Reading Section 22.11. Exercises Chapter 23. Vulnerability Analysis Section 23.1. Introduction Section 23.2. Penetration Studies Section 23.3. Vulnerability Classification Section 23.4. Frameworks Section 23.5. Gupta and Gligor's Theory of Penetration Analysis Section 23.6. Summary Section 23.7. Research Issues Section 23.8. Further Reading Section 23.9. Exercises Chapter 24. Auditing Section 24.1. Definitions Section 24.2. Anatomy of an Auditing System Section 24.3. Designing an Auditing System Section 24.4. A Posteriori Design Section 24.5. Auditing Mechanisms Section 24.6. Examples: Auditing File Systems Section 24.7. Audit Browsing Section 24.8. Summary Section 24.9. Research Issues Section 24.10. Further Reading Section 24.11. Exercises Chapter 25. Intrusion Detection Section 25.1. Principles Section 25.2. Basic Intrusion Detection Section 25.3. Models Section 25.4. Architecture Section 25.5. Organization of Intrusion Detection Systems Section 25.6. Intrusion Response Section 25.7. Summary Section 25.8. Research Issues Section 25.9. Further Reading file:///C|/Documenti/Scuola/Actual/Tecniche%20Sicurezza/Book/123/0-201-44099-7Toc.htm (8 of 11)22/03/2007 12.39.11 PM Computer Security: Art and Science Section 25.10. Exercises Part 8. Practicum Chapter 26. Network Security Section 26.1. Introduction Section 26.2. Policy Development Section 26.3. Network Organization Section 26.4. Availability and Network Flooding Section 26.5. Anticipating Attacks Section 26.6. Summary Section 26.7. Research Issues Section 26.8. Further Reading Section 26.9. Exercises Chapter 27. System Security Section 27.1. Introduction Section 27.2. Policy Section 27.3. Networks Section 27.4. Users Section 27.5. Authentication Section 27.6. Processes Section 27.7. Files Section 27.8. Retrospective Section 27.9. Summary Section 27.10. Research Issues Section 27.11. Further Reading Section 27.12. Exercises Chapter 28. User Security Section 28.1. Policy Section 28.2. Access Section 28.3. Files and Devices Section 28.4. Processes Section 28.5. Electronic Communications Section 28.6. Summary Section 28.7. Research Issues Section 28.8. Further Reading Section 28.9. Exercises file:///C|/Documenti/Scuola/Actual/Tecniche%20Sicurezza/Book/123/0-201-44099-7Toc.htm (9 of 11)22/03/2007 12.39.11 PM Computer Security: Art and Science Chapter 29. Program Security Section 29.1. Introduction Section 29.2. Requirements and Policy Section 29.3. Design Section 29.4. Refinement and Implementation Section 29.5. Common Security-Related Programming Problems Section 29.6. Testing, Maintenance, and Operation Section 29.7. Distribution Section 29.8. Conclusion Section 29.9. Summary Section 29.10. Research Issues Section 29.11. Further Reading Section 29.12. Exercises Part 9. End Matter Chapter 30. Lattices Section 30.1. Basics Section 30.2. Lattices Section 30.3. Exercises Chapter 31. The Extended Euclidean Algorithm Section 31.1. The Euclidean Algorithm Section 31.2. The Extended Euclidean Algorithm Section 31.3. Solving ax mod n = 1 Section 31.4. Solving ax mod n = b Section 31.5. Exercises Chapter 32. Entropy and Uncertainty Section 32.1. Conditional and Joint Probability Section 32.2. Entropy and Uncertainty Section 32.3. Joint and Conditional Entropy Section 32.4. Exercises Chapter 33. Virtual Machines Section 33.1. Virtual Machine Structure Section 33.2. Virtual Machine Monitor Section 33.3. Exercises Chapter 34. Symbolic Logic Section 34.1. Propositional Logic file:///C|/Documenti/Scuola/Actual/Tecniche%20Sicurezza/Book/123/0-201-44099-7Toc.htm (10 of 11)22/03/2007 12.39.11 PM Computer Security: Art and Science Section 34.2. Predicate Logic Section 34.3. Temporal Logic Systems Section 34.4. Exercises Chapter 35. Example Academic Security Policy Section 35.1. University of California E-mail Policy Section 35.2. The Acceptable Use Policy for the University of California, Davis Bibliography Top file:///C|/Documenti/Scuola/Actual/Tecniche%20Sicurezza/Book/123/0-201-44099-7Toc.htm (11 of 11)22/03/2007 12.39.11 PM Computer Security: Art and Science Bibliography 1. M. Abadi, "Explicit Communication Revisited: Two New Attacks on Authentication Protocols," IEEE Transactions on Software Engineering 23 (3), pp. 185–186 (Mar. 1997). 2. M. Abadi and R. Needham, "Prudent Engineering Practice for Cryptographic Protocols," Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, pp. 122–136 (May 1994). 3. R. Abbott, J. Chin, J. Donnelley, W. Konigsford, S. Tokubo, and D. Webb, "Security Analysis and Enhancements of Computer Operating Systems," Technical Report NBSIR 76–1041, ICET, National Bureau of Standards, Washington, DC 20234 (Apr. 1976). 4. M. Abrams and D. Bailey, "Abstraction and Refinement of Layered Security Policy," in Information Security: An Integrated Collection of Essays [6], pp. 126–136. 5. M. Abrams and P. Brusil, "Application of the Common Criteria to a System: A Real-World Example," Computer Security Journal 16 (2), pp. 11–21 (Spring 2000). 6. M. Abrams, S. Jajodia, and H. Podell (eds.), Information Security: An Integrated Collection of Essays, IEEE Computer Society Press, Los Alamitos, CA (1975). 7. C. Adams and S. Lloyd, Understanding the Public-Key Infrastructure, Macmillan, New York, NY (1999). 8. E. Adams and S. Muchnick, "Dbxtool: A Window-Based Symbolic Debugger for Sun Workstations," Software—Practice and Experience 16 (7), pp. 653–669 (July 1986). 9. L. Adleman, "An Abstract Theory of Computer Viruses," Advances in Cryptology—Proceedings of CRYPTO '88 (1988). 10. L. Adleman, C. Pomerance, and R. Rumley, "On Distinguishing Prime Numbers from Composite Numbers," Annals of Mathematics 117 (1), pp. 173–206 (1983). 11. Adobe Systems, Inc., PostScript Language Reference, 3rd Edition, Addison-Wesley, Reading, MA (1999). 12. G. Agnew, "Random Sources for Cryptographic Systems," Advances in Cryptology—Proceedings of EUROCRYPT '87, pp. 77–81 (1988). 13. Aleph One, "Smashing the Stack," PHRACK 7 (49), File 14 (1998). 14. S. Alexander and R. Droms, DHCP Options and BOOTP Vendor Extensions, RFC 2132 (Mar. 1997). 15. J. Allen, The CERT® Guide to System and Network Security Practices, Addison-Wesley, Boston, MA (2001). file:///C|/Documenti/Scuola/Actual/Tecniche%20Sicurezza/Book/123/biblio01.htm (1 of 67)22/03/2007 12.39.19 PM Computer Security: Art and Science 16. P. Allen, "A Comparison of Non-Interference and Non-Deducibility Using CSP," Proceedings of the Computer Security Foundations Workshop IV, pp. 43–54 (June 1991). 17. J. Alves-Foss, D. Frincke, and G. Saghi, "Applying the TCSEC Guidelines to a Real-Time Embedded System Environment," Proceedings of the 19th National Information Systems Security Conference, pp. 89– 97 (Oct. 1996). 18. P. Ammann and P. Black, "A Specification-Based Coverage Metric to Evaluate Test Sets," Proceedings of the 4th IEEE International Symposium on High-Assurance Systems Engineering, pp. 239–248 (Nov. 1999). 19. P. Ammann and R. Sandhu, "Expressive Power of the Schematic Protection Model (Extended Abstract)," Proceedings of the Computer Security Foundations Workshop, MITRE Technical Report M88-37 MITRE Corporation, Bedford, MA, pp. 188–193 (June 1988). 20. P. Ammann and R. Sandhu, "The Extended Schematic Protection Model," Journal of Computer Security 1 (3, 4), pp. 335–385 (1992). 21. P. Ammann, R. Sandhu, and R. Lipton, "The Expressive Power of Multi-Parent Creation in Monotonic Access Control Models," Journal of Computer Security 4 (2, 3), pp. 149–166 (Dec. 1996). 22. E. Amoroso, Intrusion Detection, Intrusion.net Books, Sparta, NJ (1999). 23. E. Amoroso, T. Nguyen, J. Weiss, J. Watson, P. Lapiska, and T. Starr, "Towards an Approach to Measuring Software Trust," Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, pp. 198–218 (May 1991). 24. R. Anand, N. Islam, T. Jaeger, and J. Rao, "A Flexible Security Model for Using Internet Content," Proceedings of the 16th Symposium on Reliable Distributed Systems, pp. 89–96 (Oct. 1997). 25. J. Anderson, "Information Security in a Multi-User Computer Environment," in Morris Rubinoff (ed.), Advances in Computers 12, Academic Press, New York, NY (1972). 26. J. Anderson, "Computer Security Technology Planning Study," Technical Report ESD-TR-73–51, Electronic Systems Division, Hanscom Air Force Base, Hanscom, MA (1974). 27. J. Anderson, "Computer Security Threat Monitoring and Surveillance," James P. Anderson Co., Fort Washington, PA (1980). 28. J. Anderson, "On the Feasibility of Connecting RECON to an External Network," James P. Anderson Co., Fort Washington, PA (1981). 29. R. Anderson, "UEPS—A Second Generation Electronic Wallet," Proceedings of the 2nd European Symposium on Research in Computer Security, pp. 411–418 (Nov. 1992). 30. R. Anderson, "A Security Policy Model for Clinical Information Systems," Proceedings of the 1996 IEEE Symposium on Security and Privacy, pp. 34–48 (May 1996). 31. R. Anderson and A. Johnston, UNIX® Unleashed, 4th Edition, SAMS Publishing, Indianapolis, IN (2002). file:///C|/Documenti/Scuola/Actual/Tecniche%20Sicurezza/Book/123/biblio01.htm (2 of 67)22/03/2007 12.39.19 PM