The Comprehensive Guide to Computer Security, Extensively Revised with Newer Technologies, Methods, Ideas, and Examples In this updated guide, University of California at Davis Computer Security Laboratory co-director Matt Bishop offers clear, rigorous, and thorough coverage of modern computer security. Reflecting dramatic growth in the quantity, complexity, and consequences of security incidents, Computer Security, Second Edition, links core principles with technologies, methodologies, and ideas that have emerged since the first edition’s publication. Writing for advanced undergraduates, graduate students, and IT professionals, Bishop covers foundational issues, policies, cryptography, systems design, assurance, and much more. He thoroughly addresses malware, vulnerability analysis, auditing, intrusion detection, and best-practice responses to attacks. In addition to new examples throughout, Bishop presents entirely new chapters on availability policy models and attack analysis. Understand computer security goals, problems, and challenges, and the deep links between theory and practice Learn how computer scientists seek to prove whether systems are secure Define security policies for confidentiality, integrity, availability, and more Analyze policies to reflect core questions of trust, and use them to constrain operations and change Implement cryptography as one component of a wider computer and network security strategy Use system-oriented techniques to establish effective security mechanisms, defining who can act and what they can do Set appropriate security goals for a system or product, and ascertain how well it meets them Recognize program flaws and malicious logic, and detect attackers seeking to exploit them This is both a comprehensive text, explaining the most fundamental and pervasive aspects of the field, and a detailed reference. It will help you align security concepts with realistic policies, successfully implement your policies, and thoughtfully manage the trade-offs that inevitably arise. Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details.

Table of Contents:
Preface xxix Acknowledgments xlv About the Author xlix Part I: Introduction 1 Chapter 1: An Overview of Computer Security 3 1.1 The Basic Components 3 1.2 Threats 6 1.3 Policy and Mechanism 9 1.4 Assumptions and Trust 11 1.5 Assurance 12 1.6 Operational Issues 16 1.7 Human Issues 20 1.8 Tying It All Together 22 1.9 Summary 24 1.10 Research Issues 24 1.11 Further Reading 25 1.12 Exercises 25 Part II: Foundations 29 Chapter 2: Access Control Matrix 31 2.1 Protection State 31 2.2 Access Control Matrix Model 32 2.3 Protection State Transitions 37 2.4 Copying, Owning, and the Attenuation of Privilege 42 2.5 Summary 44 2.6 Research Issues 44 2.7 Further Reading 44 2.8 Exercises 45 Chapter 3: Foundational Results 49 3.1 The General Question 49 3.2 Basic Results 51 3.3 The Take-Grant Protection Model 56 3.4 Closing the Gap: The Schematic Protection Model 68 3.5 Expressive Power and the Models 81 3.6 Comparing Security Properties of Models 94 3.7 Summary 101 3.8 Research Issues 102 3.9 Further Reading 102 3.10 Exercises 103 Part III: Policy 107 Chapter 4: Security Policies 109 4.1 The Nature of Security Policies 109 4.2 Types of Security Policies 113 4.3 The Role of Trust 115 4.4 Types of Access Control 117 4.5 Policy Languages 118 4.6 Example: Academic Computer Security Policy 126 4.7 Security and Precision 131 4.8 Summary 136 4.9 Research Issues 136 4.10 Further Reading 137 4.11 Exercises 138 Chapter 5: Confidentiality Policies 141 5.1 Goals of Confidentiality Policies 141 5.2 The Bell-LaPadula Model 142 5.3 Tranquility 161 5.4 The Controversy over the Bell-LaPadula Model 164 5.5 Summary 169 5.6 Research Issues 169 5.7 Further Reading 170 5.8 Exercises 171 Chapter 6: Integrity Policies 173 6.1 Goals 173 6.2 The Biba Model 175 6.3 Lipner’s Integrity Matrix Model 178 6.4 Clark-Wilson Integrity Model 183 6.5 Trust Models 189 6.6 Summary 196 6.7 Research Issues 196 6.8 Further Reading 197 6.9 Exercises 198 Chapter 7: Availability Policies 201 7.1 Goals of Availability Policies 201 7.2 Deadlock 202 7.3 Denial of Service Models 203 7.4 Example: Availability and Network Flooding 215 7.5 Summary 222 7.6 Research Issues 222 7.7 Further Reading 223 7.8 Exercises 224 Chapter 8: Hybrid Policies 227 8.1 Chinese Wall Model 227 8.2 Clinical Information Systems Security Policy 236 8.3 Originator Controlled Access Control 239 8.4 Role-Based Access Control 244 8.5 Break-the-Glass Policies 249 8.6 Summary 250 8.7 Research Issues 250 8.8 Further Reading 251 8.9 Exercises 252 Chapter 9: Noninterference and Policy Composition 255 9.1 The Problem 255 9.2 Deterministic Noninterference 259 9.3 Nondeducibility 271 9.4 Generalized Noninterference 274 9.5 Restrictiveness 277 9.6 Side Channels and Deducibility 280 9.7 Summary 282 9.8 Research Issues 283 9.9 Further Reading 283 9.10 Exercises 285 Part IV: Implementation I: Cryptography 287 Chapter 10: Basic Cryptography 289 10.1 Cryptography 289 10.2 Symmetric Cryptosystems 291 10.3 Public Key Cryptography 306 10.4 Cryptographic Checksums 315 10.5 Digital Signatures 318 10.6 Summary 323 10.7 Research Issues 324 10.8 Further Reading 325 10.9 Exercises 326 Chapter 11: Key Management 331 11.1 Session and Interchange Keys 332 11.2 Key Exchange 332 11.3 Key Generation 341 11.4 Cryptographic Key Infrastructures 343 11.5 Storing and Revoking Keys 353 11.6 Summary 359 11.7 Research Issues 360 11.8 Further Reading 361 11.9 Exercises 362 Chapter 12: Cipher Techniques 367 12.1 Problems 367 12.2 Stream and Block Ciphers 370 12.3 Authenticated Encryption 377 12.4 Networks and Cryptography 381 12.5 Example Protocols 384 12.6 Summary 410 12.7 Research Issues 411 12.8 Further Reading 411 12.9 Exercises 413 Chapter 13: Authentication 415 13.1 Authentication Basics 415 13.2 Passwords 416 13.3 Password Selection 418 13.4 Attacking Passwords 426 13.5 Password Aging 434 13.6 Challenge-Response 438 13.7 Biometrics 441 13.8 Location 445 13.9 Multifactor Authentication 446 13.10 Summary 448 13.11 Research Issues 449 13.12 Further Reading 450 13.13 Exercises 451 Part V: Implementation II: Systems 453 Chapter 14: Design Principles 455 14.1 Underlying Ideas 455 14.2 Principles of Secure Design 457 14.3 Summary 466 14.4 Research Issues 466 14.5 Further Reading 467 14.6 Exercises 468 Chapter 15: Representing Identity 471 15.1 What Is Identity? 471 15.2 Files and Objects 472 15.3 Users 473 15.4 Groups and Roles 475 15.5 Naming and Certificates 476 15.6 Identity on the Web 484 15.7 Anonymity on the Web 490 15.8 Summary 501 15.9 Research Issues 502 15.10 Further Reading 503 15.11 Exercises 504 Chapter 16: Access Control Mechanisms 507 16.1 Access Control Lists 507 16.2 Capabilities 518 16.3 Locks and Keys 526 16.4 Ring-Based Access Control 531 16.5 Propagated Access Control Lists 533 16.6 Summary 535 16.7 Research Issues 535 16.8 Further Reading 536 16.9 Exercises 536 Chapter 17: Information Flow 539 17.1 Basics and Background 539 17.2 Nonlattice Information Flow Policies 542 17.3 Static Mechanisms 548 17.4 Dynamic Mechanisms 562 17.5 Integrity Mechanisms 566 17.6 Example Information Flow Controls 567 17.7 Summary 574 17.8 Research Issues 574 17.9 Further Reading 575 17.10 Exercises 576 Chapter 18: Confinement Problem 579 18.1 The Confinement Problem 579 18.2 Isolation 582 18.3 Covert Channels 594 18.4 Summary 619 18.5 Research Issues 620 18.6 Further Reading 620 18.7 Exercises 622 Part VI: Assurance 625 Contributed by Elisabeth Sullivan and Michelle Ruppel Chapter 19: Introduction to Assurance 627 19.1 Assurance and Trust 627 19.2 Building Secure and Trusted Systems 634 19.3 Summary 645 19.4 Research Issues 645 19.5 Further Reading 646 19.6 Exercises 647 Chapter 20: Building Systems with Assurance 649 20.1 Assurance in Requirements Definition and Analysis 649 20.2 Assurance during System and Software Design 662 20.3 Assurance in Implementation and Integration 685 20.4 Assurance during Operation and Maintenance 695 20.5 Summary 696 20.6 Research Issues 696 20.7 Further Reading 697 20.8 Exercises 698 Chapter 21: Formal Methods 699 21.1 Formal Verification Techniques 699 21.2 Formal Specification 702 21.3 Early Formal Verification Techniques 705 21.4 Current Verification Systems 713 21.5 Functional Programming Languages 721 21.6 Formally Verified Products 722 21.7 Summary 723 21.8 Research Issues 724 21.9 Further Reading 725 21.10 Exercises 725 Chapter 22: Evaluating Systems 727 22.1 Goals of Formal Evaluation 727 22.2 TCSEC: 1983-1999 730 22.3 International Efforts and the ITSEC: 1991-2001 737 22.4 Commercial International Security Requirements: 1991 742 22.5 Other Commercial Efforts: Early 1990s 744 22.6 The Federal Criteria: 1992 744 22.7 FIPS 140: 1994-Present 746 22.8 The Common Criteria: 1998-Present 749 22.9 SSE-CMM: 1997-Present 765 22.10 Summary 768 22.11 Research Issues 769 22.12 Further Reading 769 22.13 Exercises 770 Part VII: Special Topics 773 Chapter 23: Malware 775 23.1 Introduction 775 23.2 Trojan Horses 776 23.3 Computer Viruses 780 23.4 Computer Worms 790 23.5 Bots and Botnets 793 23.6 Other Malware 796 23.7 Combinations 803 23.8 Theory of Computer Viruses 803 23.9 Defenses 808 23.10 Summary 820 23.11 Research Issues 820 23.12 Further Reading 821 23.13 Exercises 822 Chapter 24: Vulnerability Analysis 825 24.1 Introduction 825 24.2 Penetration Studies 827 24.3 Vulnerability Classification 845 24.4 Frameworks 849 24.5 Standards 864 24.6 Gupta and Gligor’s Theory of Penetration Analysis 868 24.7 Summary 873 24.8 Research Issues 874 24.9 Further Reading 875 24.10 Exercises 876 Chapter 25: Auditing 879 25.1 Definition 879 25.2 Anatomy of an Auditing System 880 25.3 Designing an Auditing System 884 25.4 A Posteriori Design 893 25.5 Auditing Mechanisms 897 25.6 Examples: Auditing File Systems 900 25.7 Summary 910 25.8 Research Issues 911 25.9 Further Reading 912 25.10 Exercises 913 Chapter 26: Intrusion Detection 917 26.1 Principles 917 26.2 Basic Intrusion Detection 918 26.3 Models 920 26.4 Architecture 942 26.5 Organization of Intrusion Detection Systems 948 26.6 Summary 954 26.7 Research Issues 954 26.8 Further Reading 955 26.9 Exercises 956 Chapter 27: Attacks and Responses 959 27.1 Attacks 959 27.2 Representing Attacks 960 27.3 Intrusion Response 971 27.4 Digital Forensics 987 27.5 Summary 996 27.6 Research Issues 997 27.7 Further Reading 998 27.8 Exercises 999 Part VIII: Practicum 1003 Chapter 28: Network Security 1005 28.1 Introduction 1005 28.2 Policy Development 1006 28.3 Network Organization 1011 28.4 Availability 1026 28.5 Anticipating Attacks 1027 28.6 Summary 1028 28.7 Research Issues 1028 28.8 Further Reading 1029 28.9 Exercises 1030 Chapter 29: System Security 1035 29.1 Introduction 1035 29.2 Policy 1036 29.3 Networks 1042 29.4 Users 1048 29.5 Authentication 1053 29.6 Processes 1055 29.7 Files 1061 29.8 Retrospective 1066 29.9 Summary 1068 29.10 Research Issues 1068 29.11 Further Reading 1069 29.12 Exercises 1070 Chapter 30: User Security 1073 30.1 Policy 1073 30.2 Access 1074 30.3 Files and Devices 1080 30.4 Processes 1087 30.5 Electronic Communications 1092 30.6 Summary 1094 30.7 Research Issues 1095 30.8 Further Reading 1095 30.9 Exercises 1096 Chapter 31: Program Security 1099 31.1 Problem 1099 31.2 Requirements and Policy 1100 31.3 Design 1104 31.4 Refinement and Implementation 1111 31.5 Common Security-Related Programming Problems 1117 31.6 Testing, Maintenance, and Operation 1141 31.7 Distribution 1146 31.8 Summary 1147 31.9 Research Issues 1147 31.10 Further Reading 1148 31.11 Exercises 1148 Part IX: Appendices 1151 Appendix A: Lattices 1153 A.1 Basics 1153 A.2 Lattices 1154 A.3 Exercises 1155 Appendix B: The Extended Euclidean Algorithm 1157 B.1 The Euclidean Algorithm 1157 B.2 The Extended Euclidean Algorithm 1158 B.3 Solving ax mod n = 1 1160 B.4 Solving ax mod n = b 1161 B.5 Exercises 1161 Appendix C: Entropy and Uncertainty 1163 C.1 Conditional and Joint Probability 1163 C.2 Entropy and Uncertainty 1165 C.3 Joint and Conditional Entropy 1166 C.4 Exercises 1169 Appendix D: Virtual Machines 1171 D.1 Virtual Machine Structure 1171 D.2 Virtual Machine Monitor 1171 D.3 Exercises 1176 Appendix E: Symbolic Logic 1179 E.1 Propositional Logic 1179 E.2 Predicate Logic 1184 E.3 Temporal Logic Systems 1186 E.4 Exercises 1188 Appendix F: The Encryption Standards 1191 F.1 Data Encryption Standard 1191 F.2 Advanced Encryption Standard 1196 F.3 Exercises 1205 Appendix G: Example Academic Security Policy 1207 G.1 Acceptable Use Policy 1207 G.2 University of California Electronic Communications Policy 1212 G.3 User Advisories 1234 G.4 Electronic Communications—Allowable Use 1241 Appendix H: Programming Rules 1247 H.1 Implementation Rules 1247 H.2 Management Rules 1249 References 1251 Index 1341