Muutke küpsiste eelistusi

Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin 2nd ed. 2021 [Kõva köide]

  • Formaat: Hardback, 446 pages, kõrgus x laius: 254x178 mm, kaal: 1085 g, 133 Illustrations, color; 4 Illustrations, black and white; XXIX, 446 p. 137 illus., 133 illus. in color., 1 Hardback
  • Sari: Information Security and Cryptography
  • Ilmumisaeg: 14-Oct-2021
  • Kirjastus: Springer Nature Switzerland AG
  • ISBN-10: 3030834107
  • ISBN-13: 9783030834104
Teised raamatud teemal:
  • Kõva köide
  • Hind: 62,59 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Tavahind: 73,64 €
  • Säästad 15%
  • Raamatu kohalejõudmiseks kirjastusest kulub orienteeruvalt 2-4 nädalat
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Tellimisaeg 2-4 nädalat
  • Lisa soovinimekirja
Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin 2nd ed. 2021Suurem pilt
  • Formaat: Hardback, 446 pages, kõrgus x laius: 254x178 mm, kaal: 1085 g, 133 Illustrations, color; 4 Illustrations, black and white; XXIX, 446 p. 137 illus., 133 illus. in color., 1 Hardback
  • Sari: Information Security and Cryptography
  • Ilmumisaeg: 14-Oct-2021
  • Kirjastus: Springer Nature Switzerland AG
  • ISBN-10: 3030834107
  • ISBN-13: 9783030834104
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9783030834104.html
This book provides a concise yet comprehensive overview of computer and Internet security, suitable for a one-term introductory course for junior/senior undergrad or first-year graduate students. It is also suitable for self-study by anyone seeking a solid footing in security including software developers and computing professionals, technical managers and government staff. An overriding focus is on brevity, without sacrificing breadth of core topics or technical detail within them. The aim is to enable a broad understanding in roughly 350 pages. Further prioritization is supported by designating as optional selected content within this. Fundamental academic concepts are reinforced by specifics and examples, and related to applied problems and real-world incidents.





The first chapter provides a gentle overview and 20 design principles for security. The ten chapters that follow provide a framework for understanding computer and Internet security. They regularly refer back to the principles, with supporting examples. These principles are the conceptual counterparts of security-related error patterns that have been recurring in software and system designs for over 50 years.







The book is elementary in that it assumes no background in security, but unlike soft high-level texts it does not avoid low-level details, instead it selectively dives into fine points for exemplary topics to concretely illustrate concepts and principles. The book is rigorous in the sense of being technically sound, but avoids both mathematical proofs and lengthy source-code examples that typically make books inaccessible to general audiences. Knowledge of elementary operating system and networking concepts is helpful, but review sections summarize the essential background. For graduate students, inline exercises and supplemental references provided in per-chapter endnotes provide a bridge to further topics and a springboard to the research literature; for those in industry and government, pointers are provided to helpful surveys and relevant standards, e.g., documents from the Internet Engineering Task Force (IETF), and the U.S. National Institute of Standards and Technology.

Arvustused

I can vouch to the accuracy and clarity found in Van Oorschot's latest book, and can recommend it to those serious about getting introduced to security. The topic is very broad, as evidenced by the number of important security conferences and the hundreds of papers published every year, not to mention the billions made selling security products and services. (Rik Farrow, usenix.org, April 8, 2022) The book is a technical tour de force and is a helpful reference. the book has its primary audience in students in a one-term or two-term, third- or fourth-year undergraduate course in computer science, those in the corporate world looking for a highly technical reference will find the book to be quite valuable. As a first-rate computer scientist and writer, van Oorschot has written a book that will make you a much smarter and better information security professional. (Ben Rothke, rsaconference.com, April 7, 2022)

Preface to Second Edition xv
Foreword xix
Preface to First Edition xxiii
Typesetting Conventions xxix
Chapter 1 Security Concepts and Principles
1(28)
1.1 Fundamental goals of computer security
2(2)
1.2 Computer security policies and attacks
4(2)
1.3 Risk, risk assessment, and modeling expected losses
6(3)
1.4 Adversary modeling and security analysis
9(2)
1.5 Threat modeling: diagrams, trees, lists and STRIDE
11(5)
1.6 Model-reality gaps and real-world outcomes
16(4)
1.7 ‡Design principles for computer security
20(5)
1.8 ‡Why computer security is hard
25(2)
1.9 ‡End notes and further reading
27(2)
References
28(1)
Chapter 2 Cryptographic Building Blocks
29(26)
2.1 Encryption and decryption (generic concepts)
30(2)
2.2 Symmetric-key encryption and decryption
32(5)
2.3 Public-key encryption and decryption
37(2)
2.4 Digital signatures and verification using public keys
39(2)
2.5 Cryptographic hash functions
41(4)
2.6 Message authentication (data origin authentication)
45(2)
2.7 ‡Authenticated encryption and further modes of operation
47(2)
2.8 ‡Certificates, elliptic curves, and equivalent keylengths
49(2)
2.9 ‡End notes and further reading
51(4)
References
52(3)
Chapter 3 User Authentication---Passwords, Biometrics and Alternatives
55(36)
3.1 Password authentication
56(3)
3.2 Password-guessing strategies and defenses
59(6)
3.3 Account recovery and secret questions
65(2)
3.4 One-time password generators and hardware tokens
67(4)
3.5 Biometric authentication
71(5)
3.6 ‡Password managers and graphical passwords
76(3)
3.7 ‡CAPTCHAs (humans-in-the-loop) vs. automated attacks
79(2)
3.8 ‡Entropy, passwords, and partial-guessing metrics
81(5)
3.9 ‡End notes and further reading
86(5)
References
88(3)
Chapter 4 Authentication Protocols and Key Establishment
91(34)
4.1 Entity authentication and key establishment (context)
92(5)
4.2 Authentication protocols: concepts and mistakes
97(3)
4.3 Establishing shared keys by public agreement (DH)
100(4)
4.4 Key authentication properties and goals
104(1)
4.5 Password-authenticated key exchange: EKE and SPEKE
105(6)
4.6 ‡Weak secrets and forward search in authentication
111(2)
4.7 ‡Single sign-on (SSO) and federated identity systems
113(2)
4.8 ‡Cyclic groups and subgroup attacks on Diffie-Hellman
115(5)
4.9 ‡End notes and further reading
120(5)
References
122(3)
Chapter 5 Operating System Security and Access Control
125(30)
5.1 Memory protection, supervisor mode, and accountability
127(3)
5.2 The reference monitor, access matrix, and security kernel
130(3)
5.3 Object permissions and file-based access control
133(4)
5.4 Setuid bit and effective userid (eUID)
137(1)
5.5 Directory permissions and inode-based example
138(4)
5.6 Symbolic links, hard links and deleting files
142(2)
5.7 Role-based (RBAC) and mandatory access control
144(2)
5.8 ‡Protection rings: isolation meets finer-grained sharing
146(3)
5.9 ‡Relating subjects, processes, and protection domains
149(2)
5.10 ‡End notes and further reading
151(4)
References
153(2)
Chapter 6 Software Security---Exploits and Privilege Escalation
155(28)
6.1 Race conditions and resolving filenames to resources
157(2)
6.2 Integer-based vulnerabilities and C-language issues
159(7)
6.3 Stack-based buffer overflows
166(2)
6.4 Heap-based buffer overflows and heap spraying
168(3)
6.5 ‡Return-to-libc exploits
171(1)
6.6 Buffer overflow exploit defenses and adoption barriers
172(2)
6.7 Privilege escalation and the bigger picture
174(2)
6.8 ‡Background: process creation, syscalls, shells, shellcode
176(2)
6.9 ‡End notes and further reading
178(5)
References
180(3)
Chapter 7 Malicious Software
183(30)
7.1 Defining malware
184(2)
7.2 Viruses and worms
186(5)
7.3 Virus anti-detection and worm-spreading techniques
191(3)
7.4 Stealth: Trojan horses, backdoors, keyloggers, rootkits
194(3)
7.5 Rootkit detail: installation, object modification, hijacking
197(3)
7.6 ‡Drive-by downloads and droppers
200(2)
7.7 Ransomware, botnets and other beasts
202(3)
7.8 Social engineering and categorizing malware
205(2)
7.9 ‡End notes and further reading
207(6)
References
209(4)
Chapter 8 Public-Key Certificate Management and Use Cases
213(32)
8.1 Certificates, certification authorities and PKI
214(3)
8.2 Certificate chain validation and certificate extensions
217(4)
8.3 ‡Certificate revocation
221(3)
8.4 CA/PKJ architectures and certificate trust models
224(5)
8.5 TLS web site certificates and CA/browser trust model
229(6)
8.6 Secure email overview and public-key distribution
235(3)
8.7 ‡Secure email: specific technologies
238(3)
8.8 ‡End notes and further reading
241(4)
References
242(3)
Chapter 9 Web and Browser Security
245(36)
9.1 Web review: domains, URLs, HTML, HTTP, scripts
246(6)
9.2 TLS and HTTPS (HTTP over TLS)
252(3)
9.3 HTTP cookies and DOM objects
255(2)
9.4 Same-origin policy (DOM SOP)
257(3)
9.5 Authentication cookies, malicious scripts and CSRF
260(2)
9.6 More malicious scripts: cross-site scripting (XSS)
262(4)
9.7 SQL injection
266(3)
9.8 ‡Usable security, phishing and web security indicators
269(5)
9.9 ‡End notes and further reading
274(7)
References
276(5)
Chapter 10 Firewalls and Tunnels
281(28)
10.1 Packet-filter firewalls
282(6)
10.2 Proxy firewalls and firewall architectures
288(4)
10.3 SSH: Secure Shell
292(5)
10.4 VPNs and encrypted tunnels (general concepts)
297(3)
10.5 ‡IPsec: IP security suite (details)
300(3)
10.6 ‡Background: networking and TCP/IP
303(3)
10.7 ‡End notes and further reading
306(3)
References
307(2)
Chapter 11 Intrusion Detection and Network-Based Attacks
309(30)
11.1 Intrusion detection: introduction
310(3)
11.2 Intrusion detection: methodological approaches
313(3)
11.3 Sniffers, reconnaissance scanners, vulnerability scanners
316(4)
11.4 Denial of service attacks
320(5)
11.5 Address resolution attacks (DNS, ARP)
325(4)
11.6 ‡TCP session hijacking
329(3)
11.7 ‡End notes and further reading
332(7)
References
335(4)
Chapter 12 Wireless LAN Security: 802.11 and Wi-Fi
339(36)
12.1 Background: 802.11 WLAN architecture and overview
340(3)
12.2 WLAN threats and mitigations
343(4)
12.3 Security architecture: access control, EAP and RADIUS
347(4)
12.4 RC4 stream cipher and its use in WEP
351(2)
12.5 WEP attacks: authentication, integrity, keystream reuse
353(4)
12.6 WEP security summary and full key recovery
357(4)
12.7 ‡AES-CCMP frame encryption and key hierarchy
361(3)
12.8 Robust authentication, key establishment and WPA3
364(5)
12.9 ‡End notes and further reading
369(6)
References
371(4)
Chapter 13 Bitcoin, Blockchains and Ethereum
375(36)
13.1 Bitcoin overview
376(3)
13.2 Transaction types and fields
379(3)
13.3 ‡Bitcoin script execution (signature validation)
382(2)
13.4 Block structure, Merkle trees and the blockchain
384(2)
13.5 Mining of blocks, block preparation and hashing targets
386(5)
13.6 Building the blockchain, validation, and full nodes
391(4)
13.7 ‡Simple payment verification, user wallets, private keys
395(4)
13.8 ‡Ethereum and smart contracts
399(6)
13.9 ‡End notes and further reading
405(6)
References
407(4)
Epilogue 411(6)
Index 417
Paul C. van Oorschot is a Professor of Computer Science at Carleton University (Ottawa), where he is Canada Research Chair in Authentication and Computer Security. He is an ACM Fellow, an IEEE Fellow, and a Fellow of the Royal Society of Canada. He was Program Chair of NSPW 2014-2015, USENIX Security 2008, NDSS 2001-2002, and co-author of the Handbook of Applied Cryptography (1996). He has served on the editorial boards of IEEE TDSC, IEEE TIFS, and ACM TISSEC/TOPS. His research interests include authentication and identity management, computer security, Internet security, security and usability, software security, and applied cryptography. His academic career was preceded by 14 years of industrial research and development in telecommunications and software security.