Item Details

Security Engineering: A Guide to Building Dependable Distributed Systems

Ross J. Anderson
Format
Book
Published
New York : John Wiley, c2001.
Language
English
Variant Title
Guide to building dependable distributed systems
ISBN
0471389226 (pbk. : alk. paper)
Contents
  • 1 What Is Security Engineering? 3
  • 1.1 Example 1: A Bank 4
  • 1.2 Example 2: An Air Force Base 5
  • 1.3 Example 3: A Hospital 6
  • 1.4 Example 4: The Home 7
  • 2 Protocols 13
  • 2.1 Password Eavesdropping Risks 14
  • 2.2 Who Goes There? Simple Authentication 15
  • 2.3 Manipulating the Message 22
  • 2.4 Changing the Environment 23
  • 2.5 Chosen Protocol Attacks 24
  • 2.6 Managing Encryption Keys 25
  • 2.7 Getting Formal 28
  • 3 Passwords 35
  • 3.2 Applied Psychology Issues 36
  • 3.3 System Issues 41
  • 3.4 Technical Protection of Passwords 45
  • 4 Access Control 51
  • 4.2 Operating System Access Controls 53
  • 4.3 Hardware Protection 62
  • 4.4 What Goes Wrong 65
  • 5 Cryptography 73
  • 5.2 Historical Background 74
  • 5.3 Random Oracle Model 80
  • 5.4 Symmetric Crypto Primitives 89
  • 5.5 Modes of Operation 98
  • 5.6 Hash Functions 101
  • 5.7 Asymmetric Crypto Primitives 104
  • 6 Distributed Systems 115
  • 6.1 Concurrency 115
  • 6.2 Fault Tolerance and Failure Recovery 120
  • 6.3 Naming 124
  • 7 Multilevel Security 137
  • 7.2 What Is a Security Policy Model? 138
  • 7.3 Bell-LaPadula Security Policy Model 139
  • 7.4 Examples of Multilevel Secure Systems 146
  • 7.5 What Goes Wrong 151
  • 7.6 Broader Implications of MLS 157
  • 8 Multilateral Security 161
  • 8.2 Compartmentation, the Chinese Wall, and the BMA Model 162
  • 8.3 Inference Control 172
  • 8.4 Residual Problem 181
  • 9 Banking and Bookkeeping 185
  • 9.2 How Bank Computer Systems Work 187
  • 9.3 Wholesale Payment Systems 194
  • 9.4 Automatic Teller Machines 197
  • 10 Monitoring Systems 207
  • 10.2 Alarms 208
  • 10.3 Prepayment Meters 217
  • 10.4 Taximeters, Tachographs, and Truck Speed Limiters 222
  • 11 Nuclear Command and Control 231
  • 11.2 Kennedy Memorandum 232
  • 11.3 Unconditionally Secure Authentication Codes 233
  • 11.4 Shared Control Schemes 234
  • 11.5 Tamper Resistance and PALs 236
  • 11.6 Treaty Verification 237
  • 11.7 What Goes Wrong 238
  • 11.8 Secrecy or Openness? 240
  • 12 Security Printing and Seals 243
  • 12.2 History 244
  • 12.3 Security Printing 245
  • 12.4 Packaging and Seals 251
  • 12.5 Systemic Vulnerabilities 252
  • 12.6 Evaluation Methodology 257
  • 13 Biometrics 261
  • 13.2 Handwritten Signatures 262
  • 13.3 Face Recognition 264
  • 13.4 Fingerprints 265
  • 13.5 Iris Codes 270
  • 13.6 Voice Recognition 271
  • 13.7 Other Systems 272
  • 13.8 What Goes Wrong 273
  • 14 Physical Tamper Resistance 277
  • 14.2 History 278
  • 14.3 High-End Physically Secure Processors 279
  • 14.4 Evaluation 284
  • 14.5 Medium-Security Processors 285
  • 14.6 Smartcards and Microcontrollers 288
  • 14.7 What Goes Wrong 298
  • 14.8 What Should Be Protected? 302
  • 15 Emission Security 305
  • 15.2 History 306
  • 15.3 Technical Surveillance and Countermeasures 307
  • 15.4 Passive Attacks 310
  • 15.5 Active Attacks 315
  • 15.6 How Serious Are Emsec Attacks? 318
  • 16 Electronic and Information Warfare 321
  • 16.3 Communications Systems 323
  • 16.4 Surveillance and Target Acquisition 332
  • 16.5 IFF Systems 337
  • 16.6 Directed Energy Weapons 338
  • 16.7 Information Warfare 339
  • 17 Telecom System Security 345
  • 17.2 Phone Phreaking 345
  • 17.3 Mobile Phones 352
  • 17.4 Corporate Fraud 363
  • 18 Network Attack and Defense 367
  • 18.2 Vulnerabilities in Network Protocols 370
  • 18.3 Defense against Network Attack 374
  • 18.4 Trojans, Viruses, and Worms 379
  • 18.5 Intrusion Detection 384
  • 19 Protecting E-Commerce Systems 391
  • 19.2 A Telegraphic History of E-Commerce 392
  • 19.3 An Introduction to Credit Cards 393
  • 19.4 Online Credit Card Fraud: The Hype and the Reality 396
  • 19.5 Cryptographic Protection Mechanisms 398
  • 19.6 Network Economics 405
  • 19.7 Competitive Applications and Corporate Warfare 408
  • 19.8 What Else Goes Wrong 409
  • 19.9 What Can a Merchant Do? 410
  • 20 Copyright and Privacy Protection 413
  • 20.2 Copyright 415
  • 20.3 Information Hiding 432
  • 20.4 Privacy Mechanisms 439
  • 21 E-Policy 455
  • 21.2 Cryptography Policy 456
  • 21.3 Copyright 472
  • 21.4 Data Protection 475
  • 21.5 Evidential Issues 480
  • 21.6 Other Public Sector Issues 484
  • 22 Management Issues 489
  • 22.2 Managing a Security Project 490
  • 22.3 Methodology 496
  • 22.4 Security Requirements Engineering 503
  • 22.5 Risk Management 511
  • 22.6 Economic Issues 512
  • 23 System Evaluation and Assurance 517
  • 23.2 Assurance 518
  • 23.3 Evaluation 526
  • 23.4 Ways Forward 534.
Description
xxviii, 612 p. : ill. ; 24 cm.
Notes
  • "Wiley Computer Publishing."
  • Includes bibliographical references (p. 545-593) and index.
Technical Details
  • Access in Virgo Classic

  • LEADER 05898cam a22003374a 4500
    001 u3705239
    003 SIRSI
    005 20010402110822.0
    008 001115s2001 nyua b 001 0 eng
    010
      
      
    a| 00068486
    020
      
      
    a| 0471389226 (pbk. : alk. paper)
    035
      
      
    a| (Sirsi) i0471389226
    035
      
      
    a| (OCoLC)45393984
    040
      
      
    a| DLC c| DLC d| C#P d| MvI
    042
      
      
    a| pcc
    050
    0
    0
    a| QA76.9.A25 b| A54 2001
    082
    0
    0
    a| 005.8 2| 21
    100
    1
      
    a| Anderson, Ross, d| 1956-
    245
    1
    0
    a| Security engineering : b| a guide to building dependable distributed systems / c| Ross J. Anderson.
    246
    3
    0
    a| Guide to building dependable distributed systems
    260
      
      
    a| New York : b| John Wiley, c| c2001.
    300
      
      
    a| xxviii, 612 p. : b| ill. ; c| 24 cm.
    500
      
      
    a| "Wiley Computer Publishing."
    504
      
      
    a| Includes bibliographical references (p. 545-593) and index.
    505
    0
    0
    g| 1 t| What Is Security Engineering? g| 3 -- g| 1.1 t| Example 1: A Bank g| 4 -- g| 1.2 t| Example 2: An Air Force Base g| 5 -- g| 1.3 t| Example 3: A Hospital g| 6 -- g| 1.4 t| Example 4: The Home g| 7 -- g| 2 t| Protocols g| 13 -- g| 2.1 t| Password Eavesdropping Risks g| 14 -- g| 2.2 t| Who Goes There? Simple Authentication g| 15 -- g| 2.3 t| Manipulating the Message g| 22 -- g| 2.4 t| Changing the Environment g| 23 -- g| 2.5 t| Chosen Protocol Attacks g| 24 -- g| 2.6 t| Managing Encryption Keys g| 25 -- g| 2.7 t| Getting Formal g| 28 -- g| 3 t| Passwords g| 35 -- g| 3.2 t| Applied Psychology Issues g| 36 -- g| 3.3 t| System Issues g| 41 -- g| 3.4 t| Technical Protection of Passwords g| 45 -- g| 4 t| Access Control g| 51 -- g| 4.2 t| Operating System Access Controls g| 53 -- g| 4.3 t| Hardware Protection g| 62 -- g| 4.4 t| What Goes Wrong g| 65 -- g| 5 t| Cryptography g| 73 -- g| 5.2 t| Historical Background g| 74 -- g| 5.3 t| Random Oracle Model g| 80 -- g| 5.4 t| Symmetric Crypto Primitives g| 89 -- g| 5.5 t| Modes of Operation g| 98 -- g| 5.6 t| Hash Functions g| 101 -- g| 5.7 t| Asymmetric Crypto Primitives g| 104 -- g| 6 t| Distributed Systems g| 115 -- g| 6.1 t| Concurrency g| 115 -- g| 6.2 t| Fault Tolerance and Failure Recovery g| 120 -- g| 6.3 t| Naming g| 124 -- g| 7 t| Multilevel Security g| 137 -- g| 7.2 t| What Is a Security Policy Model? g| 138 -- g| 7.3 t| Bell-LaPadula Security Policy Model g| 139 -- g| 7.4 t| Examples of Multilevel Secure Systems g| 146 -- g| 7.5 t| What Goes Wrong g| 151 -- g| 7.6 t| Broader Implications of MLS g| 157 -- g| 8 t| Multilateral Security g| 161 -- g| 8.2 t| Compartmentation, the Chinese Wall, and the BMA Model g| 162 -- g| 8.3 t| Inference Control g| 172 -- g| 8.4 t| Residual Problem g| 181 -- g| 9 t| Banking and Bookkeeping g| 185 -- g| 9.2 t| How Bank Computer Systems Work g| 187 -- g| 9.3 t| Wholesale Payment Systems g| 194 -- g| 9.4 t| Automatic Teller Machines g| 197 -- g| 10 t| Monitoring Systems g| 207 -- g| 10.2 t| Alarms g| 208 -- g| 10.3 t| Prepayment Meters g| 217 -- g| 10.4 t| Taximeters, Tachographs, and Truck Speed Limiters g| 222 -- g| 11 t| Nuclear Command and Control g| 231 -- g| 11.2 t| Kennedy Memorandum g| 232 -- g| 11.3 t| Unconditionally Secure Authentication Codes g| 233 -- g| 11.4 t| Shared Control Schemes g| 234 -- g| 11.5 t| Tamper Resistance and PALs g| 236 -- g| 11.6 t| Treaty Verification g| 237 -- g| 11.7 t| What Goes Wrong g| 238 -- g| 11.8 t| Secrecy or Openness? g| 240 -- g| 12 t| Security Printing and Seals g| 243 -- g| 12.2 t| History g| 244 -- g| 12.3 t| Security Printing g| 245 -- g| 12.4 t| Packaging and Seals g| 251 -- g| 12.5 t| Systemic Vulnerabilities g| 252 -- g| 12.6 t| Evaluation Methodology g| 257 -- g| 13 t| Biometrics g| 261 -- g| 13.2 t| Handwritten Signatures g| 262 -- g| 13.3 t| Face Recognition g| 264 -- g| 13.4 t| Fingerprints g| 265 -- g| 13.5 t| Iris Codes g| 270 -- g| 13.6 t| Voice Recognition g| 271 -- g| 13.7 t| Other Systems g| 272 -- g| 13.8 t| What Goes Wrong g| 273 -- g| 14 t| Physical Tamper Resistance g| 277 -- g| 14.2 t| History g| 278 -- g| 14.3 t| High-End Physically Secure Processors g| 279 -- g| 14.4 t| Evaluation g| 284 -- g| 14.5 t| Medium-Security Processors g| 285 -- g| 14.6 t| Smartcards and Microcontrollers g| 288 -- g| 14.7 t| What Goes Wrong g| 298 -- g| 14.8 t| What Should Be Protected? g| 302 -- g| 15 t| Emission Security g| 305 -- g| 15.2 t| History g| 306 -- g| 15.3 t| Technical Surveillance and Countermeasures g| 307 -- g| 15.4 t| Passive Attacks g| 310 -- g| 15.5 t| Active Attacks g| 315 -- g| 15.6 t| How Serious Are Emsec Attacks? g| 318 -- g| 16 t| Electronic and Information Warfare g| 321 -- g| 16.3 t| Communications Systems g| 323 -- g| 16.4 t| Surveillance and Target Acquisition g| 332 -- g| 16.5 t| IFF Systems g| 337 -- g| 16.6 t| Directed Energy Weapons g| 338 -- g| 16.7 t| Information Warfare g| 339 -- g| 17 t| Telecom System Security g| 345 -- g| 17.2 t| Phone Phreaking g| 345 -- g| 17.3 t| Mobile Phones g| 352 -- g| 17.4 t| Corporate Fraud g| 363 -- g| 18 t| Network Attack and Defense g| 367 -- g| 18.2 t| Vulnerabilities in Network Protocols g| 370 -- g| 18.3 t| Defense against Network Attack g| 374 -- g| 18.4 t| Trojans, Viruses, and Worms g| 379 -- g| 18.5 t| Intrusion Detection g| 384 -- g| 19 t| Protecting E-Commerce Systems g| 391 -- g| 19.2 t| A Telegraphic History of E-Commerce g| 392 -- g| 19.3 t| An Introduction to Credit Cards g| 393 -- g| 19.4 t| Online Credit Card Fraud: The Hype and the Reality g| 396 -- g| 19.5 t| Cryptographic Protection Mechanisms g| 398 -- g| 19.6 t| Network Economics g| 405 -- g| 19.7 t| Competitive Applications and Corporate Warfare g| 408 -- g| 19.8 t| What Else Goes Wrong g| 409 -- g| 19.9 t| What Can a Merchant Do? g| 410 -- g| 20 t| Copyright and Privacy Protection g| 413 -- g| 20.2 t| Copyright g| 415 -- g| 20.3 t| Information Hiding g| 432 -- g| 20.4 t| Privacy Mechanisms g| 439 -- g| 21 t| E-Policy g| 455 -- g| 21.2 t| Cryptography Policy g| 456 -- g| 21.3 t| Copyright g| 472 -- g| 21.4 t| Data Protection g| 475 -- g| 21.5 t| Evidential Issues g| 480 -- g| 21.6 t| Other Public Sector Issues g| 484 -- g| 22 t| Management Issues g| 489 -- g| 22.2 t| Managing a Security Project g| 490 -- g| 22.3 t| Methodology g| 496 -- g| 22.4 t| Security Requirements Engineering g| 503 -- g| 22.5 t| Risk Management g| 511 -- g| 22.6 t| Economic Issues g| 512 -- g| 23 t| System Evaluation and Assurance g| 517 -- g| 23.2 t| Assurance g| 518 -- g| 23.3 t| Evaluation g| 526 -- g| 23.4 t| Ways Forward g| 534.
    596
      
      
    a| 5
    650
      
    0
    a| Computer security.
    650
      
    0
    a| Electronic data processing x| Distributed processing.
    994
      
      
    a| Z0 b| VA@
    999
      
      
    a| QA76.9 .A25 A54 2001 w| LC i| X004414203 l| STACKS m| SCI-ENG t| BOOK

Availability

Google Preview

Library Location Map Availability Call Number
Brown Science and Engineering Stacks N/A Available