(NIS)Computer Security art and science


Published on

2. Matt Bishop ,“Computer Security art and science ”, Second Edition, Pearson Education,
2002,NIS,Reference Book 2

Published in: Engineering, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

(NIS)Computer Security art and science

  1. 1. • Table of Contents Computer Security: Art and Science By Matt Bishop Publisher: Addison Wesley Pub Date: November 29, 2002 ISBN: 0-201-44099-7
  2. 2. Pages: 1136 "This is an excellent text that should be read by every computer security professional and student." —Dick Kemmerer, University of California, Santa Barbara. "This is the most complete book on information security theory, technology, and practice that I have encountered anywhere!" —Marvin Schaefer, Former Chief Scientist, National Computer Security Center, NSA This highly anticipated book fully introduces the theory and practice of computer security. It is both a comprehensive text, explaining the most fundamental and pervasive aspects of the field, and a detailed reference filled with valuable information for even the most seasoned practitioner. In this one extraordinary volume the author incorporates concepts from computer systems, networks, human factors, and cryptography. In doing so, he effectively demonstrates that computer security is an art as well as a science. Computer Security: Art and Science includes detailed discussions on: The nature and challenges of computer security The relationship between policy and security The role and application of cryptography The mechanisms used to implement policies Methodologies and technologies for assurance Vulnerability analysis and intrusion detection Computer Security discusses different policy models, and presents mechanisms that can be used to enforce these policies. It concludes with examples that show how to apply the principles discussed in earlier sections, beginning with networks and moving on to systems, users, and programs. This important work is essential for anyone who needs to understand, implement, or maintain a secure network or computer system.
  3. 3. • Table of Contents Computer Security: Art and Science By Matt Bishop Publisher: Addison Wesley Pub Date: November 29, 2002 ISBN: 0-201-44099-7 Pages: 1136 Copyright Preface Goals Philosophy Organization Roadmap Special Acknowledgment Acknowledgments Part 1. Introduction Chapter 1. An Overview of Computer Security Section 1.1. The Basic Components Section 1.2. Threats Section 1.3. Policy and Mechanism Section 1.4. Assumptions and Trust Section 1.5. Assurance Section 1.6. Operational Issues Section 1.7. Human Issues Section 1.8. Tying It All Together Section 1.9. Summary Section 1.10. Research Issues Section 1.11. Further Reading Section 1.12. Exercises Part 2. Foundations Chapter 2. Access Control Matrix Section 2.1. Protection State Section 2.2. Access Control Matrix Model Section 2.3. Protection State Transitions Section 2.4. Copying, Owning, and the Attenuation of Privilege Section 2.5. Summary Section 2.6. Research Issues Section 2.7. Further Reading Section 2.8. Exercises Chapter 3. Foundational Results Section 3.1. The General Question
  4. 4. Section 3.2. Basic Results Section 3.3. The Take-Grant Protection Model Section 3.4. Closing the Gap Section 3.5. Expressive Power and the Models Section 3.6. Summary Section 3.7. Research Issues Section 3.8. Further Reading Section 3.9. Exercises Part 3. Policy Chapter 4. Security Policies Section 4.1. Security Policies Section 4.2. Types of Security Policies Section 4.3. The Role of Trust Section 4.4. Types of Access Control Section 4.5. Policy Languages Section 4.6. Example: Academic Computer Security Policy Section 4.7. Security and Precision Section 4.8. Summary Section 4.9. Research Issues Section 4.10. Further Reading Section 4.11. Exercises Chapter 5. Confidentiality Policies Section 5.1. Goals of Confidentiality Policies Section 5.2. The Bell-LaPadula Model Section 5.3. Tranquility Section 5.4. The Controversy over the Bell-LaPadula Model Section 5.5. Summary Section 5.6. Research Issues Section 5.7. Further Reading Section 5.8. Exercises Chapter 6. Integrity Policies Section 6.1. Goals Section 6.2. Biba Integrity Model Section 6.3. Lipner's Integrity Matrix Model Section 6.4. Clark-Wilson Integrity Model Section 6.5. Summary Section 6.6. Research Issues Section 6.7. Further Reading Section 6.8. Exercises Chapter 7. Hybrid Policies Section 7.1. Chinese Wall Model Section 7.2. Clinical Information Systems Security Policy Section 7.3. Originator Controlled Access Control Section 7.4. Role-Based Access Control
  5. 5. Section 7.5. Summary Section 7.6. Re