Muutke küpsiste eelistusi

E-raamat: Access Control, Security, and Trust: A Logical Approach

4.00/5 (10 hinnangut Goodreads-ist)
(Syracuse University, New York, USA), (Syracuse University, New York, USA)
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 74,09 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Access Control, Security, and Trust: A Logical ApproachSuurem pilt
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Developed from the authors' courses at Syracuse University and the U.S. Air Force Research Laboratory, Access Control, Security, and Trust: A Logical Approach equips readers with and access-control logic they can use to specify and verify their security designs. Throughout the text, the authors use a single access-control logic based on a simple propositional modal logic.

The first part of the book presents the syntax and semantics of access-control logic, basic access-control concepts, and an introduction to confidentiality and integrity policies. The second section covers access-control in networks, delegation, protocols, and the use of cryptography. In the third section, the authors focus on hardware and virtual machines. The final part discusses confidentiality, integrity, and role-based access-control.

Taking a logical, rigorous approach to access control, this book shows how logic is a useful tool for analyzing security designs and spelling out the conditions upon which access-control decisions depend. It is designed for computer engineers and computer scientists who are responsible for designing, implementing, and verifying secure computer and information systems.

Arvustused

Focusing on the logic of access control, more than on actual computer programming, this volume is designed as a textbook for undergraduates. Each chapter ends with exercises and a concise description of expected learning outcomes. The authors, both in electrical engineering and computer science at Syracuse University, also teach an intensive summer course on access control for hundreds of ROTC cadets. It contains a useful selection of tables and figures, a notation index and a brief bibliography. SciTech Book News, February 2011

List of Tables
xiii
List of Figures
xv
Preface xix
1 Access Control, Security, Trust, and Logic
1(8)
1.1 Deconstructing Access-Control Decisions
3(3)
1.2 A Logical Approach to Access Control
6(3)
I Preliminaries
9(98)
2 A Language for Access Control
11(28)
2.1 Sets and Relations
11(4)
2.1.1 Notation
12(1)
2.1.2 Approaches for Mathematical Proofs
13(2)
2.2 Syntax
15(7)
2.2.1 Principal Expressions
17(1)
2.2.2 Access-Control Statements
18(2)
2.2.3 Well-Formed Formulas
20(2)
2.3 Semantics
22(15)
2.3.1 Kripke Structures
23(5)
2.3.2 Semantics of the Logic
28(9)
2.4 Summary
37(1)
2.5 Further Reading
37(2)
3 Reasoning about Access Control
39(18)
3.1 Logical Rules
39(8)
3.1.1 The Taut Rule
41(1)
3.1.2 The Modus Ponens Rule
42(1)
3.1.3 The Says Rule
42(1)
3.1.4 The MP Says Rule
42(1)
3.1.5 The Speaks For Rule
43(1)
3.1.6 The & Says and Quoting Rules
43(1)
3.1.7 Properties of ⇒
43(2)
3.1.8 The Equivalence Rule
45(1)
3.1.9 The Controls Definition
46(1)
3.2 Formal Proofs and Theorems
47(3)
3.3 Soundness of Logical Rules
50(4)
3.4 Summary
54(1)
3.5 Further Reading
54(3)
4 Basic Concepts
57(20)
4.1 Reference Monitors
57(3)
4.2 Access-Control Mechanisms: Tickets and Lists
60(8)
4.2.1 Tickets
61(2)
4.2.2 Lists
63(3)
4.2.3 Logical and Pragmatic Implications
66(2)
4.3 Authentication
68(7)
4.3.1 Two-Factor Authentication
68(2)
4.3.2 Using Credentials from Other Authorities
70(4)
4.3.3 Groups
74(1)
4.4 Summary
75(1)
4.5 Further Reading
76(1)
5 Security Policies
77(30)
5.1 Confidentiality, Integrity, and Availability
77(2)
5.2 Discretionary Security Policies
79(2)
5.3 Mandatory Security Policies
81(4)
5.4 Military Security Policies
85(9)
5.4.1 Extending the Logic with Security Levels
85(2)
5.4.2 Expressing Military Security Policies
87(3)
5.4.3 Military Security Policies: An Extended Example
90(4)
5.5 Commercial Policies
94(11)
5.5.1 Extending the Logic with Integrity Levels
95(2)
5.5.2 Protecting Integrity
97(1)
5.5.3 Strict Integrity
98(2)
5.5.4 An Extended Example of a Strict Integrity Policy
100(5)
5.6 Summary
105(1)
5.7 Further Reading
105(2)
II Distributed Access Control
107(68)
6 Digital Authentication
109(24)
6.1 Public-Key Cryptography
109(3)
6.2 Efficiency Mechanisms
112(2)
6.2.1 Cryptographic Hash Functions
112(1)
6.2.2 Data-Encryption Keys
113(1)
6.2.3 Digital Signatures
113(1)
6.3 Reasoning about Cryptographic Communications
114(2)
6.4 Certificates, Certificate Authorities, and Trust
116(9)
6.5 Symmetric-Key Cryptography
125(6)
6.6 Summary
131(1)
6.7 Further Reading
131(2)
7 Delegation
133(16)
7.1 Simple Delegations
133(2)
7.2 Delegation and Its Properties
135(6)
7.3 A Delegation Example: Simple Checking
141(6)
7.3.1 Formal Definitions of Checks
142(1)
7.3.2 Bank Policies on Checks
143(1)
7.3.3 Operating Rules for Checks
144(3)
7.4 Summary
147(1)
7.5 Further Reading
147(2)
8 Networks: Case Studies
149(26)
8.1 SSL and TLS: Authentication across the Web
149(8)
8.1.1 Handshake Protocol
150(5)
8.1.2 Record Protocol
155(2)
8.2 Kerberos: Authentication for Distributed Systems
157(9)
8.2.1 Initial Authentication Requests
157(2)
8.2.2 Requests for Service-Specific Tickets
159(2)
8.2.3 Requests for Services
161(1)
8.2.4 Proxiable Tickets
162(4)
8.3 Financial Networks
166(6)
8.3.1 Electronic Clearinghouses
166(3)
8.3.2 Bank Authorities, Jurisdiction, and Policies
169(1)
8.3.3 Bank Operating Rules
170(2)
8.4 Summary
172(1)
8.5 Further Reading
173(2)
III Isolation and Sharing
175(86)
9 A Primer on Computer Hardware
177(20)
9.1 Ones and Zeros
177(1)
9.2 Synchronous Design
178(12)
9.2.1 Synchronous Registers
178(1)
9.2.2 Registers with Load Control
179(1)
9.2.3 Registers with Tri-State Outputs
179(3)
9.2.4 Combinational Logic and Functions
182(2)
9.2.5 Arithmetic Logic Units
184(6)
9.3 Microcode
190(3)
9.3.1 Data Paths and Control Paths
190(2)
9.3.2 Microprogramming
192(1)
9.4 Summary
193(2)
9.5 Further Reading
195(2)
10 Virtual Machines and Memory Protection
197(30)
10.1 A Simple Processor
198(6)
10.1.1 Processor Components
199(2)
10.1.2 Machine Instructions
201(3)
10.2 Processors with Memory Segmentation
204(5)
10.2.1 Segmentation Using a Relocation Register
204(3)
10.2.2 Processor State and Instructions
207(1)
10.2.3 Program Status Word
207(1)
10.2.4 Traps
208(1)
10.3 Controlling Access to Memory and Segmentation Registers
209(8)
10.3.1 Access to Program Memory
210(2)
10.3.2 Implementation Details
212(1)
10.3.3 Access to the Relocation Register
213(2)
10.3.4 Setting the Mode Bit
215(2)
10.4 Design of the Virtual Machine Monitor
217(7)
10.4.1 Privileged Instructions
220(1)
10.4.2 Sensitive Instructions
221(2)
10.4.3 Virtualizable Processor Architectures
223(1)
10.5 Summary
224(1)
10.6 Further Reading
225(2)
11 Access Control Using Descriptors and Capabilities
227(18)
11.1 Address Descriptors and Capabilities
227(4)
11.2 Tagged Architectures
231(2)
11.3 Capability Systems
233(8)
11.3.1 Catalogs
233(2)
11.3.2 Creating New Segments
235(2)
11.3.3 Dynamic Sharing
237(2)
11.3.4 Revocation of Capabilities
239(2)
11.4 Summary
241(1)
11.5 Further Reading
242(3)
12 Access Control Using Lists and Rings
245(16)
12.1 Generalized Addresses
245(2)
12.2 Segment Access Controllers
247(2)
12.3 ACL-Based Access Policy for Memory Accesses
249(4)
12.4 Ring-Based Access Control
253(5)
12.4.1 Access Brackets
254(1)
12.4.2 Call Brackets
255(3)
12.5 Summary
258(1)
12.6 Further Reading
259(2)
IV Access Policies
261(52)
13 Confidentiality and Integrity Policies
263(26)
13.1 Classifications and Categories
263(3)
13.2 Bell-La Padula Model, Revisited
266(3)
13.3 Confidentiality Levels: Some Practical Considerations
269(3)
13.4 Biba's Strict Integrity, Revisited
272(4)
13.5 Lipner's Integrity Model
276(9)
13.5.1 Commercial Integrity Requirements
277(1)
13.5.2 Commercial Integrity via Bell-La Padula
277(4)
13.5.3 Commercial Integrity via Bell-La Padula and Strict Integrity
281(4)
13.6 Summary
285(1)
13.7 Further Reading
285(4)
14 Role-Based Access Control
289(24)
14.1 RBAC Fundamentals
289(8)
14.1.1 Role Inheritance
290(5)
14.1.2 Sessions
295(2)
14.2 Separation of Duty
297(7)
14.2.1 Static Separation of Duty
297(2)
14.2.2 Dynamic Separation of Duty
299(5)
14.3 Representing RBAC Systems in the Logic
304(6)
14.3.1 RBAC Extensions to the Logic
304(1)
14.3.2 Translating RBAC into the Logic
305(5)
14.4 Summary
310(2)
14.5 Further Reading
312(1)
A Summary of the Access-Control Logic
313(8)
A.1 Syntax
313(2)
A.2 Core Rules, Derived Rules, and Extensions
315(6)
Bibliography 321(3)
Notation Index 324(1)
General Index 325
Shiu-Kai Chin is a Meredith Professor in the Department of Electrical Engineering and Computer Science at Syracuse University. He is also director of the Center for Information and Systems Assurance and Trust. While at Syracuse, Dr. Chin has received the Outstanding Teacher Award, the Chancellors Citation for Outstanding Contributions to the Universitys Academic Programs, and the Crouse Hinds Award for Excellence in Education.

Susan Older is an associate professor in the Department of Electrical Engineering and Computer Science at Syracuse University. She is also the program director for the Certificate of Advanced Study in Systems Assurance. Dr. Olders research interests include programming-language semantics, logics of programs, formal methods, and information-assurance and computer science education.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97814398915516e.html