SecurityinComputing,FourthEdition
ByCharlesP.Pfleeger-PfleegerConsultingGroup,
ShariLawrencePfleeger-RANDCorporation
...............................................
Publisher:PrenticeHall
PubDate:October13,2006
PrintISBN-10:0-13-239077-9
PrintISBN-13:978-0-13-239077-4
Pages:880
TableofContents|Index
TheNewState-of-the-ArtinInformationSecurity:NowCoverstheEconomicsof
CyberSecurityandtheIntersectionofPrivacyandInformationSecurity
Foryears,ITandsecurityprofessionalsandstudentshaveturnedtoSecurityin
Computingasthedefinitiveguidetoinformationaboutcomputersecurityattacksand
countermeasures.Intheirnewfourthedition,CharlesP.PfleegerandShariLawrence
Pfleegerhavethoroughlyupdatedtheirclassicguidetoreflecttoday'snewest
technologies,standards,andtrends.
Theauthorsfirstintroducethecoreconceptsandvocabularyofcomputersecurity,
includingattacksandcontrols.Next,theauthorssystematicallyidentifyandassessthreats
nowfacingprograms,operatingsystems,databasesystems,andnetworks.Foreach
threat,theyofferbest-practiceresponses.
SecurityinComputing,FourthEdition,goesbeyondtechnology,coveringcrucial
managementissuesfacedinprotectinginfrastructureandinformation.Thisedition
containsanall-newchapterontheeconomicsofcybersecurity,explainingwaystomakea
businesscaseforsecurityinvestments.Anothernewchapteraddressesprivacy--fromdata
miningandidentitytheft,toRFIDande-voting.
Newcoveragealsoincludes
Programmingmistakesthatcompromisesecurity:man-in-the-middle,timing,and
privilegeescalationattacks
Webapplicationthreatsandvulnerabilities
Networksofcompromisedsystems:bots,botnets,anddrones
Rootkits--includingthenotoriousSonyXCP
Wi-Finetworksecuritychallenges,standards,andtechniques
Newmaliciouscodeattacks,includingfalseinterfacesandkeystrokeloggers
Improvingcodequality:softwareengineering,testing,andliabilityapproaches
Biometricauthentication:capabilitiesandlimitations
UsingtheAdvancedEncryptionSystem(AES)moreeffectively
Balancingdisseminationwithpiracycontrolinmusicandotherdigitalcontent
CounteringnewcryptanalyticattacksagainstRSA,DES,andSHA
Respondingtotheemergenceoforganizedattackergroupspursuingprofit
SecurityinComputing,FourthEdition
ByCharlesP.Pfleeger-PfleegerConsultingGroup,
ShariLawrencePfleeger-RANDCorporation
...............................................
Publisher:PrenticeHall
PubDate:October13,2006
PrintISBN-10:0-13-239077-9
PrintISBN-13:978-0-13-239077-4
Pages:880
TableofContents|Index
Copyright
Foreword
Preface
Chapter1.IsThereaSecurityProbleminComputing?
Section1.1.WhatDoes"Secure"Mean?
Section1.2.Attacks
Section1.3.TheMeaningofComputerSecurity
Section1.4.ComputerCriminals
Section1.5.MethodsofDefense
Section1.6.What'sNext
Section1.7.Summary
Section1.8.TermsandConcepts
Section1.9.WheretheFieldIsHeaded
Section1.10.ToLearnMore
Section1.11.Exercises
Chapter2.ElementaryCryptography
Section2.1.TerminologyandBackground
Section2.2.SubstitutionCiphers
Section2.3.Transpositions(Permutations)
Section2.4.Making"Good"EncryptionAlgorithms
Section2.5.TheDataEncryptionStandard
Section2.6.TheAESEncryptionAlgorithm
Section2.7.PublicKeyEncryption
Section2.8.TheUsesofEncryption
Section2.9.SummaryofEncryption
Section2.10.TermsandConcepts
Section2.11.WheretheFieldIsHeaded
Section2.12.ToLearnMore
Section2.13.Exercises
Chapter3.ProgramSecurity
Section3.1.SecurePrograms
Section3.2.NonmaliciousProgramErrors
Section3.3.VirusesandOtherMaliciousCode
Section3.4.TargetedMaliciousCode
Section3.5.ControlsAgainstProgramThreats
Section3.6.SummaryofProgramThreatsandControls
Section3.7.TermsandConcepts
Section3.8.WheretheFieldIsHeaded
Section3.9.ToLearnMore
Section3.10.Exercises
Chapter4.ProtectioninGeneral-PurposeOperatingSystems
Section4.1.ProtectedObjectsandMethodsofProtection
Section4.2.MemoryandAddressProtection
Section4.3.ControlofAccesstoGeneralObjects
Section4.4.FileProtectionMechanisms
Section4.5.UserAuthentication
Section4.6.SummaryofSecurityforUsers
Section4.7.TermsandConcepts
Section4.8.WheretheFieldIsHeaded
Section4.9.ToLearnMore
Section4.10.Exercises
Chapter5.DesigningTrustedOperatingSystems
Section5.1.WhatIsaTrustedSystem?
Section5.2.SecurityPolicies
Section5.3.ModelsofSecurity
Section5.4.TrustedOperatingSystemDesign
Section5.5.AssuranceinTrustedOperatingSystems
Section5.6.SummaryofSecurityinOperatingSystems
Section5.7.TermsandConcepts
Section5.8.WheretheFieldIsHeaded
Section5.9.ToLearnMore
Section5.10.Exercises
Chapter6.DatabaseandDataMiningSecurity
Section6.1.IntroductiontoDatabases
Section6.2.SecurityRequirements
Section6.3.ReliabilityandIntegrity
Section6.4.SensitiveData
Section6.5.Inference
Section6.6.MultilevelDatabases
Section6.7.ProposalsforMultilevelSecurity
Section6.8.DataMining
Section6.9.SummaryofDatabaseSecurity
Section6.10.TermsandConcepts
Section6.11.WheretheFieldIsHeaded
Section6.12.ToLearnMore
Section6.13.Exercises
Chapter7.SecurityinNetworks
Section7.1.NetworkConcepts
Section7.2.ThreatsinNetworks
Section7.3.NetworkSecurityControls
Section7.4.Firewalls
Section7.5.IntrusionDetectionSystems
Section7.6.SecureE-Mail
Section7.7.SummaryofNetworkSecurity
Section7.8.TermsandConcepts
Section7.9.WheretheFieldIsHeaded
Section7.10.ToLearnMore
Section7.11.Exercises
Chapter8.AdministeringSecurity
Section8.1.SecurityPlanning
Section8.2.RiskAnalysis
Section8.3.OrganizationalSecurityPolicies
Section8.4.PhysicalSecurity
Section8.5.Summary
Section8.6.TermsandConcepts
Section8.7.ToLearnMore
Section8.8.Exercises
Chapter9.TheEconomicsofCybersecurity
Section9.1.MakingaBusinessCase
Section9.2.QuantifyingSecurity
Section9.3.ModelingCybersecurity
Section9.4.CurrentResearchandFutureDirections
Section9.5.Summary
Section9.6.TermsandConcepts
Section9.7.ToLearnMore
Section9.8.Exercises
Chapter10.PrivacyinComputing
Section10.1.PrivacyConcepts
Section10.2.PrivacyPrinciplesandPolicies
Section10.3.AuthenticationandPrivacy
Section10.4.DataMining
Section10.5.PrivacyontheWeb
Section10.6.E-MailSecurity
Section10.7.ImpactsonEmergingTechnologies
Section10.8.Summary
Section10.9.TermsandConcepts
Section10.10.WheretheFieldIsHeaded
Section10.11.ToLearnMore
Section10.12.Exercises
Chapter11.LegalandEthicalIssuesinComputerSecurity
Section11.1.ProtectingProgramsandData
Section11.2.InformationandtheLaw
Section11.3.RightsofEmployeesandEmployers
Section11.4.RedressforSoftwareFailures
Section11.5.ComputerCrime
Section11.6.EthicalIssuesinComputerSecurity
Section11.7.CaseStudiesofEthics
Section11.8.TermsandConcepts
Section11.9.ToLearnMore
Section11.10.Exercises
Chapter12.CryptographyExplained
Section12.1.MathematicsforCryptography
Section12.2.SymmetricEncryption
Section12.3.PublicKeyEncryptionSystems
Section12.4.QuantumCryptography
Section12.5.SummaryofEncryption
Section12.6.TermsandConcepts
Section12.7.WheretheFieldIsHeaded
Section12.8.ToLearnMore
Section12.9.Exercises
Bibliography
Index
Copyright
Manyofthedesignationsusedbymanufacturersandsellersto
distinguishtheirproductsareclaimedastrademarks.Where
thosedesignationsappearinthisbook,andthepublisherwas
awareofatrademarkclaim,thedesignationshavebeenprinted
withinitialcapitallettersorinallcapitals.
Theauthorsandpublisherhavetakencareinthepreparationof
thisbook,butmakenoexpressedorimpliedwarrantyofany
kindandassumenoresponsibilityforerrorsoromissions.No
liabilityisassumedforincidentalorconsequentialdamagesin
connectionwithorarisingoutoftheuseoftheinformationor
programscontainedherein.
Thepublisheroffersexcellentdiscountsonthisbookwhen
orderedinquantityforbulkpurchasesorspecialsales,which
mayincludeelectronicversionsand/orcustomcoversand
contentparticulartoyourbusiness,traininggoals,marketing
focus,andbrandinginterests.Formoreinformation,please
contact:
U.S.CorporateandGovernmentSales
(800)382-3419
ForsalesoutsidetheUnitedStates,pleasecontact:
InternationalSales
VisitusontheWeb:www.prenhallprofessional.com
LibraryofCongressCataloging-in-PublicationData
Pfleeger,CharlesP.,1948Securityincomputing/CharlesP.Pfleeger,ShariLawrencePfleeger.4
p.cm.
Includesbibliographicalreferencesandindex.
ISBN0-13-239077-9(hardback:alk.paper)
1.Computersecurity.2.Dataprotection.3.Privacy,Rightof.I.Pfleege
Lawrence.II.Title.
QA76.9.A25P452006
005.8dc222006026798
Copyright©2007PearsonEducation,Inc.
Allrightsreserved.PrintedintheUnitedStatesofAmerica.This
publicationisprotectedbycopyright,andpermissionmustbe
obtainedfromthepublisherpriortoanyprohibited
reproduction,storageinaretrievalsystem,ortransmissionin
anyformorbyanymeans,electronic,mechanical,
photocopying,recording,orlikewise.Forinformationregarding
permissions,writeto:
PearsonEducation,Inc.
RightsandContractsDepartment
OneLakeStreet
UpperSaddleRiver,NJ07458
Fax:(201)236-3290
TextprintedintheUnitedStatesonrecycledpaperatCourierinWestford,
Firstprinting,October2006
Foreword
Inthe1950sand1960s,theprominentconferencegathering
placesforpractitionersandusersofcomputertechnologywere
thetwiceyearlyJointComputerConferences(JCCs)initially
calledtheEasternandWesternJCCs,butlaterrenamedthe
SpringandFallJCCsandevenlater,theannualNational(AFIPS)
ComputerConference.Fromthismilieu,thetopicofcomputer
securitylatertobecalledinformationsystemsecurityand
currentlyalsoreferredtoas"protectionofthenational
informationinfrastructure"movedfromtheworldofclassified
defenseinterestsintopublicview.
AfewpeopleRobertL.Patrick,JohnP.Haverty,andIamong
othersallthenattheRANDCorporationhadbeentalkingabout
thegrowingdependenceofthecountryanditsinstitutionson
computertechnology.Itconcernedusthattheinstalledsystems
mightnotbeabletoprotectthemselvesandtheirdataagainst
intrusiveanddestructiveattacks.Wedecidedthatitwastimeto
bringthesecurityaspectofcomputersystemstotheattention
ofthetechnologyandusercommunities.
TheenablingeventwasthedevelopmentwithintheNational
SecurityAgency(NSA)ofaremote-accesstime-sharingsystem
withafullsetofsecurityaccesscontrols,runningonaUnivac
494machine,andservingterminalsandusersnotonlywithin
theheadquartersbuildingatFortGeorgeG.Meade,Maryland,
butalsoworldwide.Fortuitously,Iknewdetailsofthesystem.
PersuadingtwoothersfromRANDtohelpDr.HaroldPeterson
andDr.ReinTurnplusBernardPetersofNSA,Iorganizeda
groupofpapersandpresentedittotheSJCCconference
managementasaready-madeadditionalpapersessiontobe
chairedbyme.[1]Theconferenceacceptedtheoffer,andthe
sessionwaspresentedattheAtlanticCity(NJ)ConventionHall
in1967.
Soonthereafteranddrivenbyarequestfromadefense
contractortoincludebothdefenseclassifiedandbusiness
applicationsconcurrentlyinasinglemainframemachine
functioninginaremote-accessmode,theDepartmentof
Defense,actingthroughtheAdvancedResearchProjects
Agency(ARPA)andlatertheDefenseScienceBoard(DSB),
organizedacommittee,whichIchaired,tostudytheissueof
securitycontrolsforcomputersystems.Theintentwasto
produceadocumentthatcouldbethebasisforformulatinga
DoDpolicypositiononthematter.
Thereportofthecommitteewasinitiallypublishedasa
classifieddocumentandwasformallypresentedtothesponsor
(theDSB)inJanuary1970.Itwaslaterdeclassifiedand
republished(bytheRANDCorporation)inOctober1979.[2]It
waswidelycirculatedandbecamenicknamed"theWare
report."Thereportandahistoricalintroductionareavailableon
theRANDwebsite.[3]
Subsequently,theUnitedStatesAirForce(USAF)sponsored
anothercommitteechairedbyJamesP.Anderson.[4]Its
report,publishedin1972,recommendeda6-yearR&Dsecurity
programtotalingsome$8M.[5]TheUSAFrespondedand
fundedseveralprojects,threeofwhichweretodesignand
implementanoperatingsystemwithsecuritycontrolsfora
specificcomputer.
Eventuallytheseactivitiesledtothe"CriteriaandEvaluation"
programsponsoredbytheNSA.Itculminatedinthe"Orange
Book"[6]in1983andsubsequentlyitssupportingarrayof
documents,whichwerenicknamed"therainbowseries."[7]
Later,inthe1980sandonintothe1990s,thesubjectbecame
aninternationaloneleadingtotheISOstandardknownasthe
"CommonCriteria."[8]
Itisimportanttounderstandthecontextinwhichsystem
securitywasstudiedintheearlydecades.Thedefense
establishmenthadalonghistoryofprotectingclassified
informationindocumentform.Ithadevolvedaveryelaborate
schemeforcompartmentingmaterialintogroups,sub-groups
andsuper-groups,eachrequiringaspecificpersonnelclearance
andneed-to-knowasthebasisforaccess.[9]Italsohada
centuries-longlegacyofencryptiontechnologyandexperience
forprotectingclassifiedinformationintransit.Finally,it
understoodthepersonnelproblemandtheneedtoestablishthe
trustworthinessofitspeople.Anditcertainlyunderstoodthe
physicalsecuritymatter.
Thus,"the"computersecurityissue,asitwasunderstoodinthe
1960sandevenlater,washowtocreateinacomputersystem
agroupofaccesscontrolsthatwouldimplementoremulatethe
processesofthepriorpaperworld,plustheassociatedissuesof
protectingsuchsoftwareagainstunauthorizedchange,
subversion,andillicituse,andofembeddingtheentiresystem
inasecurephysicalenvironmentwithappropriatemanagement
oversightsandoperationaldoctrineandprocedures.Thepoorly
understoodaspectofsecuritywasprimarilythesoftwareissue
with,however,acollateralhardwareaspect;namely,therisk
thatitmightmalfunctionorbepenetratedandsubvertthe
properbehaviorofsoftware.Fortherelatedaspectsof
communications,personnel,andphysicalsecurity,therewasa
plethoraofrules,regulations,doctrine,andexperiencetocover
them.Itwaslargelyamatterofmergingallofitwiththe
hardware/softwareaspectstoyieldanoverallsecuresystem
andoperatingenvironment.
However,theworldhasnowchangedinessentialways.The
desktopcomputerandworkstationhaveappearedand
proliferatedwidely.TheInternetisflourishingandtherealityof
aWorldWideWebisinplace.Networkinghasexplodedand
communicationamongcomputersystemsistherule,notthe
exception.Manycommercialtransactionsarenowweb-based;
manycommercialcommunitiesthefinancialonein
particularhavemovedintoawebposture.The"user"ofany
computersystemcanliterallybeanyoneintheworld.
Networkingamongcomputersystemsisubiquitous;
informationsystemoutreachisthegoal.
Theneteffectofallofthishasbeentoexposethecomputerbasedinformationsystemitshardware,itssoftware,itssoftware
processes,itsdatabases,itscommunicationstoanenvironment
overwhichnoonenotend-user,notnetworkadministratoror
systemowner,notevengovernmenthascontrol.Whatmustbe
doneistoprovideappropriatetechnical,procedural,
operational,andenvironmentalsafeguardsagainstthreatsas
theymightappearorbeimagined,embeddedinasocietally
acceptablelegalframework.
Andappearthreatsdidfromindividualsandorganizations,
nationalandinternational.Themotivationstopenetrate
systemsforevilpurposeortocreatemalicious
softwaregenerallywithanoffensiveordamaging
consequencevaryfrompersonalintellectualsatisfactionto
espionage,tofinancialreward,torevenge,tocivildisobedience,
andtootherreasons.Information-systemsecurityhasmoved
fromalargelyself-containedboundedenvironmentinteracting
withagenerallyknownanddisciplinedusercommunitytoone
ofworldwidescopewithabodyofusersthatmaynotbeknown
andarenotnecessarilytrusted.Importantly,securitycontrols
nowmustdealwithcircumstancesoverwhichthereislargely
nocontrolorexpectationofavoidingtheirimpact.Computer
security,asithasevolved,sharesasimilaritywithliability
insurance;theyeachfaceathreatenvironmentthatisknownin
averygeneralwayandcangenerateattacksoverabroad
spectrumofpossibilities;buttheexactdetailsoreventimeor
certaintyofanattackisunknownuntilaneventhasoccurred.
Ontheotherhand,themodernworldthrivesoninformation
anditsflows;thecontemporaryworld,society,andinstitutions
cannotfunctionwithouttheircomputer-communication-based
informationsystems.Hence,thesesystemsmustbeprotected
inalldimensionstechnical,procedural,operational,
environmental.Thesystemowneranditsstaffhavebecome
responsibleforprotectingtheorganization'sinformationassets.
Progresshasbeenslow,inlargepartbecausethethreathas
notbeenperceivedasrealorasdamagingenough;butalsoin
partbecausetheperceivedcostofcomprehensiveinformation
systemsecurityisseenastoohighcomparedtothe
risksespeciallythefinancialconsequencesofnotdoingit.
Managements,whosesupportwithappropriatefundingis
essential,havebeenslowtobeconvinced.
Thisbookaddressesthebroadsweepofissuesabove:the
natureofthethreatandsystemvulnerabilities(Chapter1);
cryptography(Chapters2and12);theCommonCriteria
(Chapter5);theWorldWideWebandInternet(Chapter7);
managingrisk(Chapter8);softwarevulnerabilities(Chapter3);
andlegal,ethical,andprivacyissues(Chapters10and11).The
bookalsodescribessecuritycontrolsthatarecurrentlyavailable
suchasencryptionprotocols,softwaredevelopmentpractices,
firewalls,andintrusion-detectionsystems.Overall,thisbook
providesabroadandsoundfoundationfortheinformationsystemspecialistwhoischargedwithplanningand/or
organizingand/ormanagingand/orimplementinga
comprehensiveinformation-systemsecurityprogram.
Yettobesolvedaremanytechnicalaspectsofinformation
securityR&Dforhardware,software,systems,andarchitecture;
andthecorrespondingproducts.Notwithstanding,technology
perseisnotthelongpoleinthetentofprogress.
Organizationalandmanagementmotivationandcommitmentto
getthesecurityjobdoneis.Today,thecollectiveinformation
infrastructureofthecountryandoftheworldisslowlymoving
upthelearningcurve;everymischievousormaliciousevent
helpstopushitalong.Theterrorism-basedeventsofrecent
timesarehelpingtodriveit.Isitfarenoughupthecurveto
havereachedanappropriatebalancebetweensystemsafety
andthreat?Almostcertainly,theansweris,"No,notyet;there
isalongwaytogo."[10]
WillisH.Ware
TheRANDCorporation
SantaMonica,California
Citations
1. "SecurityandPrivacyinComputerSystems,"WillisH.
Ware;RAND,SantaMonica,CA;P-3544,April1967.Also
publishedinProceedingsofthe1967SpringJointComputer
Conference(laterrenamedtoAFIPSConference
Proceedings),pp279seq,Vol.30,1967.
"SecurityConsiderationsinaMulti-ProgrammedComputer
System,"BernardPeters;Proceedingsofthe1967Spring
JointComputerConference(laterrenamedtoAFIPS
ConferenceProceedings),pp283seq,vol30,1967.
"PracticalSolutionstothePrivacyProblem,"WillisH.Ware;
RAND,SantaMonica,CA;P-3544,April1967.Also
publishedinProceedingsofthe1967SpringJointComputer
Conference(laterrenamedtoAFIPSConference
Proceedings),pp301seq,Vol.30,1967.
"SystemImplicationsofInformationPrivacy,"HaroldE.
PetersonandReinTurn;RAND,SantaMonica,CA;P-3504,
April1967.AlsopublishedinProceedingsofthe1967
SpringJointComputerConference(laterrenamedtoAFIPS
ConferenceProceedings),pp305seq,vol.30,1967.
2. "SecurityControlsforComputerSystems,"(Reportofthe
DefenseScienceBoardTaskForceonComputerSecurity),
RAND,R-609-1-PR.InitiallypublishedinJanuary1970asa
classifieddocument.Subsequently,declassifiedand
republishedOctober1979.
3. />
"SecurityControlsforComputerSystems";R-609.1,RAND,
1979
Historical
settingforR-609.1
4. "ComputerSecurityTechnologyPlanningStudy,"JamesP.
Anderson;ESD-TR-73-51,ESD/AFSC,HanscomAFB,
Bedford,MA;October1972.
5. Allofthesedocumentsarecitedinthebibliographyofthis
book.ForimagesofthesehistoricalpapersonaCDROM,
seethe"HistoryofComputerSecurityProject,EarlyPapers
Part1,"ProfessorMattBishop;DepartmentofComputer
Science,UniversityofCaliforniaatDavis.
/>6. "DoDTrustedComputerSystemEvaluationCriteria,"DoD
ComputerSecurityCenter,NationalSecurityAgency,Ft
GeorgeG.Meade,Maryland;CSC-STD-001-83;Aug15,
1983.
7. Sonamedbecausethecoverofeachdocumentintheseries
hadauniqueanddistinctivelycoloredcoverpage.For
example,the"RedBook"is"TrustedNetwork
Interpretation,"NationalComputerSecurityCenter,National
SecurityAgency,Ft.GeorgeG.Meade,Maryland;NCSC-TG005,July31,1987.USGPOStocknumber008-000-004862.
8. "ARetrospectiveontheCriteriaMovement,"WillisH.Ware;
RAND,SantaMonica,CA;P-7949,1995.
/>
Preface
Everyday,thenewsmediagivemoreandmorevisibilitytothe
effectsofcomputersecurityonourdailylives.Forexample,on
asingledayinJune2006,theWashingtonPostincludedthree
importantarticlesaboutsecurity.Onthefrontpage,onearticle
discussedthelossofalaptopcomputercontainingpersonal
dataon26.5millionveterans.Asecondarticle,onthefront
pageofthebusinesssection,describedMicrosoft'snewproduct
suitetocombatmaliciouscode,spying,andunsecured
vulnerabilitiesinitsoperatingsystem.Furtherback,athird
articlereportedonamajorconsumerelectronicsretailerthat
inadvertentlyinstalledsoftwareonitscustomers'computers,
makingthempartofawebofcompromisedslavecomputers.
Thesadfactisthatnewslikethisappearsalmosteveryday,
andhasdonesoforanumberofyears.Thereisnoendinsight.
Eventhoughthelanguageofcomputersecuritytermssuchas
virus,Trojanhorse,phishing,spywareiscommon,the
applicationofsolutionstocomputersecurityproblemsis
uncommon.Moreover,newattacksarecleverapplicationsofold
problems.Thepressuretogetanewproductornewreleaseto
marketstillinmanycasesoverridessecurityrequirementsfor
carefulstudyofpotentialvulnerabilitiesandcountermeasures.
Finally,manypeopleareindenial,blissfullyignoringtheserious
harmthatinsecurecomputingcancause.
WhyReadThisBook?
Admitit.Youknowcomputingentailsseriousriskstothe
privacyandintegrityofyourdata,ortheoperationofyour
computer.Riskisafactoflife:Crossingthestreetisrisky,
perhapsmoresoinsomeplacesthanothers,butyoustillcross
thestreet.Asachildyoulearnedtostopandlookbothways
beforecrossing.Asyoubecameolderyoulearnedtogaugethe
speedofoncomingtrafficanddeterminewhetheryouhadthe
timetocross.Atsomepointyoudevelopedasenseofwhether
anoncomingcarwouldslowdownoryield.Wehopeyounever
hadtopracticethis,butsometimesyouhavetodecidewhether
dartingintothestreetwithoutlookingisthebestmeansof
escapingdanger.Thepointisallthesemattersdependon
knowledgeandexperience.Wewanttohelpyoudevelopthe
sameknowledgeandexperiencewithrespecttotherisksof
securecomputing.
Howdoyoucontroltheriskofcomputersecurity?
Learnaboutthethreatstocomputersecurity.
Understandwhatcausesthesethreatsbystudyinghow
vulnerabilitiesariseinthedevelopmentanduseof
computersystems.
Surveythecontrolsthatcanreduceorblockthesethreats.
Developacomputingstyleasauser,developer,manager,
consumer,andvoterthatbalancessecurityandrisk.
Thefieldofcomputersecuritychangesrapidly,butthe
underlyingproblemsremainlargelyunchanged.Inthisbook
youwillfindaprogressionthatshowsyouhowcurrentcomplex
attacksareofteninstancesofmorefundamentalconcepts.
UsersandUsesofThisBook
Thisbookisintendedforthestudyofcomputersecurity.Many
ofyouwanttostudythistopic:collegeanduniversitystudents,
computingprofessionals,managers,andusersofallkindsof
computer-basedsystems.Allwanttoknowthesamething:
howtocontroltheriskofcomputersecurity.Butyoumaydiffer
inhowmuchinformationyouneedaboutparticulartopics:
Somewantabroadsurvey,whileotherswanttofocuson
particulartopics,suchasnetworksorprogramdevelopment.
Thisbookshouldprovidethebreadthanddepththatmost
readerswant.Thebookisorganizedbygeneralareaof
computing,sothatreaderswithparticularinterestscanfind
informationeasily.Thechaptersofthisbookprogressinan
orderlymanner,fromgeneralsecurityconcernstotheparticular
needsofspecializedapplications,andfinallytooverarching
managementandlegalissues.Thus,thebookcoversfivekey
areasofinterest:
introduction:threats,vulnerabilities,andcontrols
encryption:the"Swissarmyknife"ofsecuritycontrols
code:securityinprograms,includingapplications,operating
systems,databasemanagementsystems,andnetworks
management:buildingandadministeringacomputing
installation,fromonecomputertothousands,and
understandingtheeconomicsofcybersecurity
law,privacy,ethics:non-technicalapproachesbywhich
societycontrolscomputersecurityrisks
Theseareasarenotequalinsize;forexample,morethanhalf
thebookisdevotedtocodebecausesomuchoftheriskisat
leastpartlycausedbyprogramcodethatexecuteson
computers.
Thefirstchapterintroducestheconceptsandbasicvocabulary
ofcomputersecurity.Studyingthesecondchapterprovidesan
understandingofwhatencryptionisandhowitcanbeusedor
misused.Justasadriver'smanualdoesnotaddresshowto
designorbuildacar,Chapter2isnotfordesignersofnew
encryptionschemes,butratherforusersofencryption.
Chapters3through7coversuccessivelylargerpiecesof
software:individualprograms,operatingsystems,complex
applicationslikedatabasemanagementsystems,andfinally
networks,whicharedistributedcomplexsystems.Chapter8
discussesmanagingandadministeringsecurity,anddescribes
howtofindanacceptablebalancebetweenthreatsand
controls.Chapter9addressesanimportantmanagementissue
byexploringtheeconomicsofcybersecurity:understandingand
communicatingthecostsandbenefits.InChapter10weturnto
thepersonalsideofcomputersecurityasweconsiderhow
security,oritslack,affectspersonalprivacy.Chapter11covers
thewaysocietyatlargeaddressescomputersecurity,through
itslawsandethicalsystems.Finally,Chapter12returnsto
cryptography,thistimetolookatthedetailsoftheencryption
algorithmsthemselves.
Withinthatorganization,youcanmoveabout,pickingand
choosingtopicsofparticularinterest.Everyoneshouldread
Chapter1tobuildavocabularyandafoundation.Itiswiseto
readChapter2becausecryptographyappearsinsomany
differentcontroltechniques.Althoughthereisageneral
progressionfromsmallprogramstolargeandcomplex
networks,youcaninfactreadChapters3through7outof
sequenceorpicktopicsofgreatestinterest.Chapters8and9
maybejustrightfortheprofessionallookingfornon-technical
controlstocomplementthetechnicalonesoftheearlier
chapters.Thesechaptersmayalsobeimportantforthe
computersciencestudentwhowantstolookbeyondanarrow
viewofbytesandprotocols.WerecommendChapters10and
11foreveryone,becausethosechaptersdealwiththehuman
aspectsofsecurity:privacy,laws,andethics.Allcomputingis
ultimatelydonetobenefithumans,andsowepresentpersonal
risksandapproachestocomputing.Chapter12isforpeople
whowanttounderstandsomeoftheunderlyingmathematics
andlogicofcryptography.
Whatbackgroundshouldyouhavetoappreciatethisbook?The
onlyassumptionisanunderstandingofprogrammingand
computersystems.Someonewhoisanadvanced
undergraduateorgraduatestudentincomputerscience
certainlyhasthatbackground,asdoesaprofessionaldesigner
ordeveloperofcomputersystems.Auserwhowantsto
understandmoreabouthowprogramsworkcanlearnfromthis
book,too;weprovidethenecessarybackgroundonconceptsof
operatingsystemsornetworks,forexample,beforeweaddress
therelatedsecurityconcerns.
Thisbookcanbeusedasatextbookinaone-ortwo-semester
courseincomputersecurity.Thebookfunctionsequallywellas
areferenceforacomputerprofessionalorasasupplementto
anintensivetrainingcourse.Andtheindexandextensive
bibliographymakeitusefulasahandbooktoexplainsignificant
topicsandpointtokeyarticlesintheliterature.Thebookhas
beenusedinclassesthroughouttheworld;instructorsoften
designone-semestercoursesthatfocusontopicsofparticular
interesttothestudentsorthatrelatewelltotherestofa
curriculum.
WhatisNewinThisBook?
ThisisthefourtheditionofSecurityinComputing,first
publishedin1989.Sincethen,thespecificthreats,
vulnerabilities,andcontrolshavechanged,eventhoughmany
ofthebasicnotionshaveremainedthesame.
Thetwochangesmostobvioustopeoplefamiliarwiththe
previouseditionsaretheadditionsoftwonewchapters,onthe
economicsofcybersecurityandprivacy.Thesetwoareasare
receivingmoreattentionbothinthecomputersecurity
communityandintherestoftheuserpopulation.
Butthisrevisiontouchedeveryexistingchapteraswell.The
threatsandvulnerabilitiesofcomputingsystemshavenotstood
stillsincethepreviouseditionin2003,andsowepresentnew
informationonthreatsandcontrolsofmanytypes.Change
include:
theshiftfromindividualhackersworkingforpersonal
reasonstoorganizedattackergroupsworkingforfinancial
gain
programmingflawsleadingtosecurityfailures,highlighting
man-in-the-middle,timing,andprivilegeescalationerrors
recentmaliciouscodeattacks,suchasfalseinterfacesand
keystrokeloggers
approachestocodequality,includingsoftwareengineering,
testing,andliabilityapproaches
rootkits,includingonesfromunexpectedsources
webapplications'threatsandvulnerabilities
privacyissuesindatamining
WiFinetworksecurity
cryptanalyticattacksonpopularalgorithms,suchasRSA,
DES,andSHA,andrecommendationsformoresecureuse
ofthese
bots,botnets,anddrones,makingupnetworksof
compromisedsystems
updatetotheAdvancedEncryptionSystem(AES)with
experiencefromitsfirstseveralyearsofitsuse
thedividebetweensoundauthenticationapproachesand
users'actions
biometricauthenticationcapabilitiesandlimitations
theconflictbetweenefficientproductionanduseofdigital
content(e.g.,musicandvideos)andcontrolofpiracy
Inadditiontothesemajorchanges,therearenumeroussmall
correctiveandclarifyingones,rangingfromwordingand
notationalchangesforpedagogicreasonstoreplacement,
deletion,rearrangement,andexpansionofsections.
Acknowledgments
Itisincreasinglydifficulttoacknowledgeallthepeoplewho
haveinfluencedthisbook.Colleaguesandfriendshave
contributedtheirknowledgeandinsight,oftenwithoutknowing
theirimpact.Byarguingapointorsharingexplanationsof
concepts,ourassociateshaveforcedustoquestionorrethink
whatweknow.
Wethankourassociatesinatleasttwoways.First,wehave
triedtoincludereferencestotheirwrittenworksastheyhave
influencedthisbook.Referencesinthetextcitespecificpapers
relatingtoparticularthoughtsorconcepts,butthebibliography
alsoincludesbroaderworksthathaveplayedamoresubtlerole
inshapingourapproachtosecurity.So,toallthecitedauthors,
manyofwhomarefriendsandcolleagues,wehappily
acknowledgeyourpositiveinfluenceonthisbook.Inparticular,
wearegratefultotheRANDCorporationforpermissionto
presentmaterialaboutitsVulnerability,Assessmentand
Mitigationmethodandtouseitsgovernmente-mailanalysisas
acasestudyinChapter8.Second,ratherthanname
individuals,wethanktheorganizationsinwhichwehave
interactedwithcreative,stimulating,andchallengingpeople
fromwhomwelearnedalot.TheseplacesincludeTrusted
InformationSystems,theContelTechnologyCenter,theCentre
forSoftwareReliabilityoftheCityUniversityofLondon,Arca
Systems,ExodusCommunications,theRANDCorporation,and
Cable&Wireless.Ifyouworkedwithusatanyofthese
locations,chancesarehighthatyouhadsomeimpactonthis
book.Andforallthesideconversations,debates,arguments,
andlightmoments,wearegrateful.Forthisfourthedition,
RolandTropeandRichardGidagaveusparticularlyhelpful
suggestionsforChapters9and10.
Authorsaretheproductsoftheirenvironments.Wewriteto
educatebecausewehadgoodeducationsourselves,and
becausewethinkthebestresponsetoagoodeducationisto
passitalongtoothers.Ourparents,PaulandEmmaPfleeger
andEmanuelandBeatriceLawrence,werecriticalinsupporting
usandencouragingustogetthebesteducationswecould.
Alongtheway,certainteachersgaveusgiftsthroughtheir
teaching.RobertL.WilsontaughtChuckhowtolearnabout
computers,andLibuseL.Reedtaughthimhowtowriteabout
them.FlorenceRogart,NicholasSterlingandMildredNadler
taughtSharihowtoanalyzeandprobe.
Toallthesepeople,weexpressoursincerethanks.
CharlesP.Pfleeger
ShariLawrencePfleeger
Washington,D.C.
Chapter1.IsThereaSecurityProblemin
Computing?
Inthischapter
Therisksinvolvedincomputing
Thegoalsofsecurecomputing:confidentiality,integrity,availability
Thethreatstosecurityincomputing:interception,interruption,modification,
fabrication
Controlsavailabletoaddressthesethreats:encryption,programmingcontrols,
operatingsystems,networkcontrols,administrativecontrols,law,andethics