Security in Computing, 4/e (Hardcover)
暫譯: 計算機安全,第四版 (精裝本)

Charles P. Pfleeger, Shari Lawrence Pfleeger

Security in Computing, 4/e (Hardcover)
  • 出版商: Prentice Hall
  • 出版日期: 2006-10-23
  • 售價: $4,370
  • 貴賓價: 9.5$4,152
  • 語言: 英文
  • 頁數: 880
  • 裝訂: Hardcover
  • ISBN: 0132390779
  • ISBN-13: 9780132390774
  • 相關分類: 資訊安全

    • 已過版

買這商品的人也買了...

相關主題

商品描述

Description

The New State-of-the-Art in Information Security: Now Covers the Economics of Cyber Security and the Intersection of Privacy and Information Security

For years, IT and security professionals and students have turned to Security in Computing as the definitive guide to information about computer security attacks and countermeasures. In their new fourth edition, Charles P. Pfleeger and Shari Lawrence Pfleeger have thoroughly updated their classic guide to reflect today's newest technologies, standards, and trends.

The authors first introduce the core concepts and vocabulary of computer security, including attacks and controls. Next, the authors systematically identify and assess threats now facing programs, operating systems, database systems, and networks. For each threat, they offer best-practice responses.

Security in Computing, Fourth Edition, goes beyond technology, covering crucial management issues faced in protecting infrastructure and information. This edition contains an all-new chapter on the economics of cybersecurity, explaining ways to make a business case for security investments. Another new chapter addresses privacy--from data mining and identity theft, to RFID and e-voting.

New coverage also includes

  • Programming mistakes that compromise security: man-in-the-middle, timing, and privilege escalation attacks
  • Web application threats and vulnerabilities
  • Networks of compromised systems: bots, botnets, and drones
  • Rootkits--including the notorious Sony XCP
  • Wi-Fi network security challenges, standards, and techniques
  • New malicious code attacks, including false interfaces and keystroke loggers
  • Improving code quality: software engineering, testing, and liability approaches
  • Biometric authentication: capabilities and limitations
  • Using the Advanced Encryption System (AES) more effectively
  • Balancing dissemination with piracy control in music and other digital content
  • Countering new cryptanalytic attacks against RSA, DES, and SHA
  • Responding to the emergence of organized attacker groups pursuing profit

 

Table of Contents

Foreword     xix
Preface     xxv Chapter 1: Is There a Security Problem in Computing?     1

  1.1    What Does "Secure" Mean?     1
  1.2    Attacks     5
  1.3    The Meaning of Computer Security     9
  1.4    Computer Criminals     21
  1.5    Methods of Defense     23
  1.6    What's Next     30
  1.7    Summary     32
  1.8    Terms and Concepts     32
  1.9    Where the Field Is Headed     33
1.10    To Learn More     34
1.11     Exercises     34

Chapter 2: Elementary Cryptography     37

  2.1    Terminology and Background     38
  2.2    Substitution Ciphers     44
  2.3    Transpositions (Permutations)     55
  2.4    Making "Good" Encryption Algorithms     59
  2.5    The Data Encryption Standard     68
  2.6    The AES Encryption Algorithm     72
  2.7    Public Key Encryption     75
  2.8    The Uses of Encryption     79
  2.9    Summary of Encryption     91
2.10    Terms and Concepts     92
2.11    Where the Field Is Headed     93
2.12    To Learn More     94
2.13    Exercises     94

Chapter 3     Program Security     98

  3.1    Secure Programs     99
  3.2    Nonmalicious Program Errors     103
  3.3    Viruses and Other Malicious Code     111
  3.4    Targeted Malicious Code     141
  3.5    Controls Against Program Threats     160
  3.6    Summary of Program Threats and Controls     181
  3.7    Terms and Concepts     182
  3.8    Where the Field Is Headed     183
  3.9    To Learn More     185
3.10    Exercises     185

Chapter 4     Protection in General-Purpose Operating Systems     188

  4.1    Protected Objects and Methods of Protection     189
  4.2    Memory and Address Protection     193
  4.3    Control of Access to General Objects     204
  4.4    File Protection Mechanisms     215
  4.5    User Authentication     219
  4.6    Summary of Security for Users     236
  4.7    Terms and Concepts     237
  4.8    Where the Field Is Headed     238
  4.9    To Learn More     239
4.10    Exercises     239

Chapter 5     Designing Trusted Operating Systems     242

  5.1    What Is a Trusted System?     243
  5.2    Security Policies     245
  5.3    Models of Security     252
  5.4    Trusted Operating System Design     264
  5.5    Assurance in Trusted Operating Systems     287
  5.6    Summary of Security in Operating Systems     312
  5.7    Terms and Concepts     313
  5.8    Where the Field Is Headed     315
  5.9    To Learn More     315
5.10    Exercises     316

Chapter 6     Database and Data Mining Security     318

  6.1    Introduction to Databases     319
  6.2    Security Requirements     324
  6.3    Reliability and Integrity     329
  6.4    Sensitive Data     335
  6.5    Inference     341
  6.6    Multilevel Databases     351
  6.7    Proposals for Multilevel Security     356
  6.8    Data Mining     367
  6.9    Summary of Database Security     371
6.10    Terms and Concepts     371
6.11    Where the Field Is Headed     372
6.12    To Learn More     373
6.13    Exercises     373

Chapter 7     Security in Networks     376

  7.1    Network Concepts     377
  7.2    Threats in Networks     396
  7.3    Network Security Controls     440
  7.4    Firewalls     474
  7.5    Intrusion Detection Systems     484
  7.6    Secure E-mail     490
  7.7    Summary of Network Security     496
  7.8    Terms and Concepts     498
  7.9    Where the Field Is Headed     500
7.10    To Learn More     502
7.11    Exercises     502

Chapter 8     Administering Security     508

  8.1    Security Planning     509
  8.2    Risk Analysis     524
  8.3    Organizational Security Policies     547
  8.4    Physical Security     556
  8.5    Summary     566
  8.6    Terms and Concepts     567
  8.7    To Learn More     568
  8.8    Exercises     569

Chapter 9     The Economics of Cybersecurity     571

  9.1    Making a Business Case     572
  9.2    Quantifying Security     578
  9.3    Modeling Cybersecurity     589
  9.5    Summary     599
  9.6    Terms and Concepts     600
  9.7    To Learn More     601
  9.8    Exercises     601

Chapter 10     Privacy in Computing     603

10.1      Privacy Concepts     604
10.2      Privacy Principles and Policies     608
10.3      Authentication and Privacy     619
10.4      Data Mining     623
10.5      Privacy on the Web     626
10.6      E-mail Security     635
10.7      Impacts on Emerging Technologies     638
10.8      Summary     643
10.9      Terms and Concepts     643
10.10    Where the Field Is Headed     645
10.11    To Learn More     645
10.12    Exercises     646

Chapter 11     Legal and Ethical Issues in Computer Security     647

11.1     Protecting Programs and Data     649
11.2     Information and the Law     663
11.3     Rights of Employees and Employers     670
11.4     Redress for Software Failures     673
11.5     Computer Crime     679
11.6     Ethical Issues in Computer Security     692
11.7     Case Studies of Ethics     698
11.8     Terms and Concepts     714
11.9     To Learn More     714
11.10   Exercises     715

Chapter 12     Cryptography Explained     717

12.1    Mathematics for Cryptography  718
12.2    Symmetric Encryption     730
12.3    Public Key Encryption Systems     757
12.4     Quantum Cryptography     774
12.5    Summary of Encryption     778
12.6    Terms and Concepts     778
12.7    Where the Field Is Headed     779
12.8    To Learn More     779
12.9    Exercises     779

Bibliography     782
Index     815

商品描述(中文翻譯)

**描述**

**資訊安全的新最前沿:現在涵蓋網路安全的經濟學以及隱私與資訊安全的交集**

多年來,IT和安全專業人士及學生一直將《計算中的安全》視為有關計算機安全攻擊和對策的權威指南。在他們的新第四版中,Charles P. Pfleeger和Shari Lawrence Pfleeger徹底更新了這本經典指南,以反映當今最新的技術、標準和趨勢。

作者首先介紹計算機安全的核心概念和詞彙,包括攻擊和控制。接下來,作者系統地識別和評估當前面臨的威脅,包括程序、操作系統、數據庫系統和網絡。對於每一種威脅,他們提供最佳實踐的應對措施。

《計算中的安全,第四版》超越了技術,涵蓋了在保護基礎設施和資訊時面臨的關鍵管理問題。本版包含一章全新的網路安全經濟學,解釋如何為安全投資建立商業案例。另一章新內容則涉及隱私——從數據挖掘和身份盜竊,到RFID和電子投票。

新內容還包括:

- 影響安全的程式錯誤:中間人攻擊、時序攻擊和特權提升攻擊
- 網頁應用程式的威脅和漏洞
- 被攻陷系統的網絡:機器人、機器人網絡和無人機
- Rootkit——包括臭名昭著的Sony XCP
- Wi-Fi網絡安全挑戰、標準和技術
- 新的惡意代碼攻擊,包括虛假介面和鍵盤記錄器
- 改善代碼質量:軟體工程、測試和責任方法
- 生物識別認證:能力和限制
- 更有效地使用高級加密標準(AES)
- 在音樂和其他數位內容中平衡散佈與盜版控制
- 反制針對RSA、DES和SHA的新密碼分析攻擊
- 應對追求利潤的組織攻擊者集團的出現

**目錄**

**前言 xix
序言 xxv
第一章:計算中是否存在安全問題? 1**
1.1 什麼是「安全」? 1
1.2 攻擊 5
1.3 計算機安全的意義 9
1.4 計算機罪犯 21
1.5 防禦方法 23
1.6 接下來是什麼 30
1.7 總結 32
1.8 術語和概念 32
1.9 該領域的發展方向 33
1.10 進一步了解 34
1.11 練習 34

**第二章:基本密碼學 37**
2.1 術語和背景 38
2.2 置換密碼 44
2.3 置換(排列) 55
2.4 創建「良好」的加密算法 59
2.5 數據加密標準 68
2.6 AES加密算法 72
2.7 公鑰加密 75
2.8 加密的用途 79
2.9 加密總結 91
2.10 術語和概念 92
2.11 該領域的發展方向 93
2.12 進一步了解 94
2.13 練習 94

**第三章:程式安全 98**
3.1 安全程式 99
3.2 非惡意程式錯誤 103
3.3 病毒和其他惡意代碼 111
3.4 針對性惡意代碼 141
3.5 對抗程式威脅的控制 160
3.6 程式威脅和控制的總結 181
3.7 術語和概念 182
3.8 該領域的發展方向 183
3.9 進一步了解 185
3.10 練習 185

**第四章:通用操作系統的保護 188**
4.1 受保護的對象和保護方法 189
4.2 記憶體和地址保護 193
4.3 對通用對象的訪問控制 204
4.4 文件保護機制 215
4.5 用戶認證 219
4.6 用戶安全的總結 236
4.7 術語和概念 237
4.8 該領域的發展方向 238
4.9 進一步了解 239
4.10 練習 239

**第五章:設計可信的操作系統 242**
5.1 什麼是可信系統? 243
5.2 安全政策 245
5.3 安全模型 252
5.4 可信操作系統設計 264
5.5 可信操作系統的保證 287
5.6 操作系統安全的總結 312
5.7 術語和概念 313
5.8 該領域的發展方向 315
5.9 進一步了解 315
5.10 練習 316

**第六章:數據庫和數據挖掘安全 318**
6.1 數據庫介紹 319
6.2 安全需求 324
6.3 可靠性和完整性 329
6.4 敏感數據 335
6.5 推斷 341
6.6 多層次數據庫 351
6.7 多層次安全的提案 356
6.8 數據挖掘 367
6.9 數據庫安全的總結 371
6.10 術語和概念 371
6.11 該領域的發展方向 372
6.12 進一步了解 373
6.13 練習 373

**第七章:網絡安全 376**
7.1 網絡概念 377
7.2 網絡中的威脅 396
7.3 網絡安全控制

類似商品