Description

Book Synopsis
A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security.

Table of Contents
Preface xvii

CHAPTER 1 – History of Computer Security 1

1.1 The Dawn of Computer Security 2

1.2 1970s – Mainframes 3

1.3 1980s – Personal Computers 4

1.4 1990s – Internet 6

1.5 2000s – The Web 8

1.6 Conclusions – The Benefits of Hindsight 10

1.7 Exercises 11

CHAPTER 2 – Managing Security 13

2.1 Attacks and Attackers 14

2.2 Security Management 15

2.3 Risk and Threat Analysis 21

2.4 Further Reading 29

2.5 Exercises 29

CHAPTER 3 – Foundations of Computer Security 31

3.1 Definitions 32

3.2 The Fundamental Dilemma of Computer Security 40

3.3 Data vs Information 40

3.4 Principles of Computer Security 41

3.5 The Layer Below 45

3.6 The Layer Above 47

3.7 Further Reading 47

3.8 Exercises 48

CHAPTER 4 – Identification and Authentication 49

4.1 Username and Password 50

4.2 Bootstrapping Password Protection 51

4.3 Guessing Passwords 52

4.4 Phishing, Spoofing, and Social Engineering 54

4.5 Protecting the Password File 56

4.6 Single Sign-on 58

4.7 Alternative Approaches 59

4.8 Further Reading 63

4.9 Exercises 63

CHAPTER 5 – Access Control 65

5.1 Background 66

5.2 Authentication and Authorization 66

5.3 Access Operations 68

5.4 Access Control Structures 71

5.5 Ownership 73

5.6 Intermediate Controls 74

5.7 Policy Instantiation 79

5.8 Comparing Security Attributes 79

5.9 Further Reading 84

5.10 Exercises 84

CHAPTER 6 – Reference Monitors 87

6.1 Introduction 88

6.2 Operating System Integrity 90

6.3 Hardware Security Features 91

6.4 Protecting Memory 99

6.5 Further Reading 103

6.6 Exercises 104

CHAPTER 7 – Unix Security 107

7.1 Introduction 108

7.2 Principals 109

7.3 Subjects 111

7.4 Objects 113

7.5 Access Control 116

7.6 Instances of General Security Principles 119

7.7 Management Issues 125

7.8 Further Reading 128

7.9 Exercises 128

CHAPTER 8 – Windows Security 131

8.1 Introduction 132

8.2 Components of Access Control 135

8.3 Access Decisions 142

8.4 Managing Policies 145

8.5 Task-Dependent Access Rights 147

8.6 Administration 150

8.7 Further Reading 153

8.8 Exercises 153

CHAPTER 9 – Database Security 155

9.1 Introduction 156

9.2 Relational Databases 158

9.3 Access Control 162

9.4 Statistical Database Security 167

9.5 Integration with the Operating System 172

9.6 Privacy 173

9.7 Further Reading 175

9.8 Exercises 175

CHAPTER 10 – Software Security 177

10.1 Introduction 178

10.2 Characters and Numbers 179

10.3 Canonical Representations 183

10.4 Memory Management 184

10.5 Data and Code 191

10.6 Race Conditions 193

10.7 Defences 194

10.8 Further Reading 201

10.9 Exercises 202

CHAPTER 11 – Bell–LaPadula Model 205

11.1 State Machine Models 206

11.2 The Bell–LaPadula Model 206

11.3 The Multics Interpretation of BLP 212

11.4 Further Reading 216

11.5 Exercises 216

CHAPTER 12 – Security Models 219

12.1 The Biba Model 220

12.2 Chinese Wall Model 221

12.3 The Clark–Wilson Model 223

12.4 The Harrison–Ruzzo–Ullman Model 225

12.5 Information-Flow Models 228

12.6 Execution Monitors 230

12.7 Further Reading 232

12.8 Exercises 233

CHAPTER 13 – Security Evaluation 235

13.1 Introduction 236

13.2 The Orange Book 239

13.3 The Rainbow Series 241

13.4 Information Technology Security Evaluation Criteria 242

13.5 The Federal Criteria 243

13.6 The Common Criteria 243

13.7 Quality Standards 246

13.8 An Effort Well Spent? 247

13.9 Summary 248

13.10 Further Reading 248

13.11 Exercises 249

CHAPTER 14 – Cryptography 251

14.1 Introduction 252

14.2 Modular Arithmetic 256

14.3 Integrity Check Functions 257

14.4 Digital Signatures 260

14.5 Encryption 264

14.6 Strength of Mechanisms 270

14.7 Performance 271

14.8 Further Reading 272

14.9 Exercises 273

CHAPTER 15 – Key Establishment 275

15.1 Introduction 276

15.2 Key Establishment and Authentication 276

15.3 Key Establishment Protocols 279

15.4 Kerberos 283

15.5 Public-Key Infrastructures 288

15.6 Trusted Computing – Attestation 293

15.7 Further Reading 295

15.8 Exercises 295

CHAPTER 16 – Communications Security 297

16.1 Introduction 298

16.2 Protocol Design Principles 299

16.3 IP Security 301

16.4 IPsec and Network Address Translation 308

16.5 SSL/TLS 310

16.6 Extensible Authentication Protocol 314

16.7 Further Reading 316

16.8 Exercises 316

CHAPTER 17 – Network Security 319

17.1 Introduction 320

17.2 Domain Name System 322

17.3 Firewalls 328

17.4 Intrusion Detection 332

17.5 Further Reading 335

17.6 Exercises 336

CHAPTER 18 – Web Security 339

18.1 Introduction 340

18.2 Authenticated Sessions 342

18.3 Code Origin Policies 346

18.4 Cross-Site Scripting 347

18.5 Cross-Site Request Forgery 350

18.6 JavaScript Hijacking 352

18.7 Web Services Security 354

18.8 Further Reading 360

18.9 Exercises 361

CHAPTER 19 – Mobility 363

19.1 Introduction 364

19.2 GSM 364

19.3 UMTS 369

19.4 Mobile IPv6 Security 372

19.5 WLAN 377

19.6 Bluetooth 381

19.7 Further Reading 383

19.8 Exercises 383

CHAPTER 20 – New Access Control Paradigms 385

20.1 Introduction 386

20.2 SPKI 388

20.3 Trust Management 390

20.4 Code-Based Access Control 391

20.5 Java Security 395

20.6 .NET Security Framework 400

20.7 Digital Rights Management 405

20.8 Further Reading 406

20.9 Exercises 406

Bibliography 409

Index 423

Computer Security

    Product form

    £51.25

    Includes FREE delivery

    RRP £53.95 – you save £2.70 (5%)

    Order before 4pm today for delivery by Mon 22 Jun 2026.

    A Paperback / softback by Dieter Gollmann

    1 in stock

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of Computer Security by Dieter Gollmann

      Publisher: John Wiley & Sons Inc
      Publication Date: 20/12/2010
      ISBN13: 9780470741153, 978-0470741153
      ISBN10: 0470741155
      Also in:
      Computing Computer security

      Description

      Book Synopsis
      A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security.

      Table of Contents
      Preface xvii

      CHAPTER 1 – History of Computer Security 1

      1.1 The Dawn of Computer Security 2

      1.2 1970s – Mainframes 3

      1.3 1980s – Personal Computers 4

      1.4 1990s – Internet 6

      1.5 2000s – The Web 8

      1.6 Conclusions – The Benefits of Hindsight 10

      1.7 Exercises 11

      CHAPTER 2 – Managing Security 13

      2.1 Attacks and Attackers 14

      2.2 Security Management 15

      2.3 Risk and Threat Analysis 21

      2.4 Further Reading 29

      2.5 Exercises 29

      CHAPTER 3 – Foundations of Computer Security 31

      3.1 Definitions 32

      3.2 The Fundamental Dilemma of Computer Security 40

      3.3 Data vs Information 40

      3.4 Principles of Computer Security 41

      3.5 The Layer Below 45

      3.6 The Layer Above 47

      3.7 Further Reading 47

      3.8 Exercises 48

      CHAPTER 4 – Identification and Authentication 49

      4.1 Username and Password 50

      4.2 Bootstrapping Password Protection 51

      4.3 Guessing Passwords 52

      4.4 Phishing, Spoofing, and Social Engineering 54

      4.5 Protecting the Password File 56

      4.6 Single Sign-on 58

      4.7 Alternative Approaches 59

      4.8 Further Reading 63

      4.9 Exercises 63

      CHAPTER 5 – Access Control 65

      5.1 Background 66

      5.2 Authentication and Authorization 66

      5.3 Access Operations 68

      5.4 Access Control Structures 71

      5.5 Ownership 73

      5.6 Intermediate Controls 74

      5.7 Policy Instantiation 79

      5.8 Comparing Security Attributes 79

      5.9 Further Reading 84

      5.10 Exercises 84

      CHAPTER 6 – Reference Monitors 87

      6.1 Introduction 88

      6.2 Operating System Integrity 90

      6.3 Hardware Security Features 91

      6.4 Protecting Memory 99

      6.5 Further Reading 103

      6.6 Exercises 104

      CHAPTER 7 – Unix Security 107

      7.1 Introduction 108

      7.2 Principals 109

      7.3 Subjects 111

      7.4 Objects 113

      7.5 Access Control 116

      7.6 Instances of General Security Principles 119

      7.7 Management Issues 125

      7.8 Further Reading 128

      7.9 Exercises 128

      CHAPTER 8 – Windows Security 131

      8.1 Introduction 132

      8.2 Components of Access Control 135

      8.3 Access Decisions 142

      8.4 Managing Policies 145

      8.5 Task-Dependent Access Rights 147

      8.6 Administration 150

      8.7 Further Reading 153

      8.8 Exercises 153

      CHAPTER 9 – Database Security 155

      9.1 Introduction 156

      9.2 Relational Databases 158

      9.3 Access Control 162

      9.4 Statistical Database Security 167

      9.5 Integration with the Operating System 172

      9.6 Privacy 173

      9.7 Further Reading 175

      9.8 Exercises 175

      CHAPTER 10 – Software Security 177

      10.1 Introduction 178

      10.2 Characters and Numbers 179

      10.3 Canonical Representations 183

      10.4 Memory Management 184

      10.5 Data and Code 191

      10.6 Race Conditions 193

      10.7 Defences 194

      10.8 Further Reading 201

      10.9 Exercises 202

      CHAPTER 11 – Bell–LaPadula Model 205

      11.1 State Machine Models 206

      11.2 The Bell–LaPadula Model 206

      11.3 The Multics Interpretation of BLP 212

      11.4 Further Reading 216

      11.5 Exercises 216

      CHAPTER 12 – Security Models 219

      12.1 The Biba Model 220

      12.2 Chinese Wall Model 221

      12.3 The Clark–Wilson Model 223

      12.4 The Harrison–Ruzzo–Ullman Model 225

      12.5 Information-Flow Models 228

      12.6 Execution Monitors 230

      12.7 Further Reading 232

      12.8 Exercises 233

      CHAPTER 13 – Security Evaluation 235

      13.1 Introduction 236

      13.2 The Orange Book 239

      13.3 The Rainbow Series 241

      13.4 Information Technology Security Evaluation Criteria 242

      13.5 The Federal Criteria 243

      13.6 The Common Criteria 243

      13.7 Quality Standards 246

      13.8 An Effort Well Spent? 247

      13.9 Summary 248

      13.10 Further Reading 248

      13.11 Exercises 249

      CHAPTER 14 – Cryptography 251

      14.1 Introduction 252

      14.2 Modular Arithmetic 256

      14.3 Integrity Check Functions 257

      14.4 Digital Signatures 260

      14.5 Encryption 264

      14.6 Strength of Mechanisms 270

      14.7 Performance 271

      14.8 Further Reading 272

      14.9 Exercises 273

      CHAPTER 15 – Key Establishment 275

      15.1 Introduction 276

      15.2 Key Establishment and Authentication 276

      15.3 Key Establishment Protocols 279

      15.4 Kerberos 283

      15.5 Public-Key Infrastructures 288

      15.6 Trusted Computing – Attestation 293

      15.7 Further Reading 295

      15.8 Exercises 295

      CHAPTER 16 – Communications Security 297

      16.1 Introduction 298

      16.2 Protocol Design Principles 299

      16.3 IP Security 301

      16.4 IPsec and Network Address Translation 308

      16.5 SSL/TLS 310

      16.6 Extensible Authentication Protocol 314

      16.7 Further Reading 316

      16.8 Exercises 316

      CHAPTER 17 – Network Security 319

      17.1 Introduction 320

      17.2 Domain Name System 322

      17.3 Firewalls 328

      17.4 Intrusion Detection 332

      17.5 Further Reading 335

      17.6 Exercises 336

      CHAPTER 18 – Web Security 339

      18.1 Introduction 340

      18.2 Authenticated Sessions 342

      18.3 Code Origin Policies 346

      18.4 Cross-Site Scripting 347

      18.5 Cross-Site Request Forgery 350

      18.6 JavaScript Hijacking 352

      18.7 Web Services Security 354

      18.8 Further Reading 360

      18.9 Exercises 361

      CHAPTER 19 – Mobility 363

      19.1 Introduction 364

      19.2 GSM 364

      19.3 UMTS 369

      19.4 Mobile IPv6 Security 372

      19.5 WLAN 377

      19.6 Bluetooth 381

      19.7 Further Reading 383

      19.8 Exercises 383

      CHAPTER 20 – New Access Control Paradigms 385

      20.1 Introduction 386

      20.2 SPKI 388

      20.3 Trust Management 390

      20.4 Code-Based Access Control 391

      20.5 Java Security 395

      20.6 .NET Security Framework 400

      20.7 Digital Rights Management 405

      20.8 Further Reading 406

      20.9 Exercises 406

      Bibliography 409

      Index 423

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account