没有合适的资源?快使用搜索试试~ 我知道了~
首页The Craft of System Security PDF英文版本
The Craft of System Security PDF by Sean Smith; John Marchesini Publisher: Addison Wesley Professional Pub Date: November 21, 2007 Print ISBN-10: 0-321-43483-8 Print ISBN-13: 978-0-321-43483-8 Pages: 592 This is PDF version with 978 pages PDF file. UK Government GCHQ certify course's Textbook.
资源详情
资源评论
资源推荐
The Craft of System Security
by Sean Smith; John Marchesini
Publisher: Addison Wesley Professional
Pub Date: November 21, 2007
Print ISBN-10: 0-321-43483-8
Print ISBN-13: 978-0-321-43483-8
Pages: 592
Table of Contents | Index
Overview
"I believe The Craft of System Security is one of the best software security
books on the market today. It has not only breadth, but depth, covering topics
ranging from cryptography, networking, and operating systems--to the Web,
computer-human interaction, and how to improve the security of software
systems by improving hardware. Bottom line, this book should be required
reading for all who plan to call themselves security practitioners, and an
invaluable part of every university's computer science curriculum."
--Edward Bonver, CISSP, Senior Software QA Engineer, Product Security,
Symantec Corporation
"Here's to a fun, exciting read: a unique book chock-full of practical examples
of the uses and the misuses of computer security. I expect that it will motivate
a good number of college students to want to learn more about the field, at the
same time that it will satisfy the more experienced professional."
--L. Felipe Perrone, Department of Computer Science, Bucknell University
Whether you're a security practitioner, developer, manager, or administrator,
this book will give you the deep understanding necessary to meet today's
security challenges--and anticipate tomorrow's. Unlike most books, The Craft
of System Security doesn't just review the modern security practitioner's
toolkit: It explains why each tool exists, and discusses how to use it to solve
real problems.
After quickly reviewing the history of computer security, the authors move on
to discuss the modern landscape, showing how security challenges and
responses have evolved, and offering a coherent framework for understanding
today's systems and vulnerabilities. Next, they systematically introduce the
basic building blocks for securing contemporary systems, apply those building
blocks to today's applications, and consider important emerging trends such as
hardware-based security.
After reading this book, you will be able to
Understand the classic Orange Book approach to security, and its
limitations
Use operating system security tools and structures--with examples from
Windows, Linux, BSD, and Solaris
Learn how networking, the Web, and wireless technologies affect security
Identify software security defects, from buffer overflows to development
process flaws
Understand cryptographic primitives and their use in secure systems
Use best practice techniques for authenticating people and computer
systems in diverse settings
Use validation, standards, and testing to enhance confidence in a system's
security
Discover the security, privacy, and trust issues arising from desktop
productivity tools
Understand digital rights management, watermarking, information hiding,
and policy expression
Learn principles of human-computer interaction (HCI) design for improved
security
Understand the potential of emerging work in hardware-based security and
trusted computing
The Craft of System Security
by Sean Smith; John Marchesini
Publisher: Addison Wesley Professional
Pub Date: November 21, 2007
Print ISBN-10: 0-321-43483-8
Print ISBN-13: 978-0-321-43483-8
Pages: 592
Table of Contents | Index
Copyright
List of Figures
Preface
Acknowledgments
About the Authors
Part I: History
Chapter 1. Introduction
Section 1.1. The Standard Rubric
Section 1.2. The Matrix
Section 1.3. Other Views
Section 1.4. Safe States and the Access Control Matrix
Section 1.5. Other Hard Questions
Section 1.6. The Take-Home Message
Section 1.7. Project Ideas
Chapter 2. The Old Testament
Section 2.1. The Basic Framework
Section 2.2. Security Models
Section 2.3. The Orange Book
Section 2.4. INFOSEC, OPSEC, JOBSEC
Section 2.5. The Take-Home Message
Section 2.6. Project Ideas
Chapter 3. Old Principles, New World
Section 3.1. Solving the Wrong Problem?
Section 3.2. Lack of Follow-Through?
Section 3.3. Too Unwieldy?
Section 3.4. Saltzer and Schroeder
Section 3.5. Modern Relevance
Section 3.6. The Take-Home Message
Section 3.7. Project Ideas
Part II: Security and the Modern Computing Landscape
Chapter 4. OS Security
Section 4.1. OS Background
Section 4.2. OS Security Primitives and Principles
Section 4.3. Real OSes: Everything but the Kitchen Sink
Section 4.4. When the Foundation Cracks
Section 4.5. Where Are We?
Section 4.6. The Take-Home Message
Section 4.7. Project Ideas
Chapter 5. Network Security
Section 5.1. Basic Framework
Section 5.2. Protocols
Section 5.3. The Network as a Battlefield
Section 5.4. The Brave New World
Section 5.5. The Take-Home Message
Section 5.6. Project Ideas
Chapter 6. Implementation Security
Section 6.1. Buffer Overflow
Section 6.2. Argument Validation and Other Mishaps
Section 6.3. TOCTOU
Section 6.4. Malware
Section 6.5. Programming Language Security
Section 6.6. Security in the Development Lifecycle
Section 6.7. The Take-Home Message
Section 6.8. Project Ideas
Part III: Building Blocks for Secure Systems
Chapter 7. Using Cryptography
Section 7.1. Framework and Terminology
Section 7.2. Randomness
Section 7.3. Symmetric Cryptography
Section 7.4. Applications of Symmetric Cryptography
Section 7.5. Public-Key Cryptography
Section 7.6. Hash Functions
Section 7.7. Practical Issues: Public Key
Section 7.8. Past and Future
Section 7.9. The Take-Home Message
Section 7.10. Project Ideas
Chapter 8. Subverting Cryptography
Section 8.1. Breaking Symmetric Key without Brute Force
Section 8.2. Breaking Symmetric Key with Brute Force
Section 8.3. Breaking Public Key without Factoring
Section 8.4. Breaking Cryptography via the Real World
Section 8.5. The Potential of Efficiently Factoring Moduli
Section 8.6. The Take-Home Message
Section 8.7. Project Ideas
Chapter 9. Authentication
Section 9.1. Basic Framework
Section 9.2. Authenticating Humans
Section 9.3. Human Factors
Section 9.4. From the Machine's Point of View
Section 9.5. Advanced Approaches
Section 9.6. Case Studies
Section 9.7. Broader Issues
Section 9.8. The Take-Home Message
Section 9.9. Project Ideas
Chapter 10. Public Key Infrastructure
Section 10.1. Basic Definitions
Section 10.2. Basic Structure
Section 10.3. Complexity Arrives
Section 10.4. Multiple CAs
Section 10.5. Revocation
Section 10.6. The X.509 World
Section 10.7. Dissent
Section 10.8. Ongoing Trouble
Section 10.9. The Take-Home Message
Section 10.10. Project Ideas
Chapter 11. Standards, Compliance, and Testing
Section 11.1. Standards
剩余977页未读,继续阅读
hh216
- 粉丝: 0
- 资源: 2
上传资源 快速赚钱
- 我的内容管理 收起
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
会员权益专享
最新资源
- c++校园超市商品信息管理系统课程设计说明书(含源代码) (2).pdf
- 建筑供配电系统相关课件.pptx
- 企业管理规章制度及管理模式.doc
- vb打开摄像头.doc
- 云计算-可信计算中认证协议改进方案.pdf
- [详细完整版]单片机编程4.ppt
- c语言常用算法.pdf
- c++经典程序代码大全.pdf
- 单片机数字时钟资料.doc
- 11项目管理前沿1.0.pptx
- 基于ssm的“魅力”繁峙宣传网站的设计与实现论文.doc
- 智慧交通综合解决方案.pptx
- 建筑防潮设计-PowerPointPresentati.pptx
- SPC统计过程控制程序.pptx
- SPC统计方法基础知识.pptx
- MW全能培训汽轮机调节保安系统PPT教学课件.pptx
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0