| Description |
1 online resource (381 pages) |
| Series |
Information Security and Cryptography Ser |
|
Information security and cryptography.
|
| Contents |
Intro -- Contents in Brief -- Table of Contents -- Foreword -- Preface -- Why this book, approach and target audience -- Selection of topics -- Framework and systematization -- Length, prioritization and optional sections -- Order of chapters, and relationships between them -- Cryptography vs. security course -- Helpful background -- Trendy topics vs. foundational concepts -- Acknowledgements -- Typesetting Conventions -- Chapter 1: Basic Concepts and Principles -- 1.1 Fundamental goals of computer security -- 1.2 Computer security policies and attacks |
|
1.3 Risk, risk assessment, and modeling expected losses -- 1.4 Adversary modeling and security analysis -- 1.5 Threat modeling: diagrams, trees, lists and STRIDE -- 1.5.1 Diagram-driven threat modeling -- 1.5.2 Attack trees for threat modeling -- 1.5.3 Other threat modeling approaches: checklists and STRIDE -- 1.6 Model-reality gaps and real-world outcomes -- 1.6.1 Threat modeling and model-reality gaps -- 1.6.2 Tying security policy back to real outcomes and security analysis -- 1.7! esign principles for computer security -- 1.8! hy computer security is hard |
|
1.9! nd notes and further reading -- References -- Chapter 2: Cryptographic Building Blocks -- 2.1 Encryption and decryption (generic concepts) -- 2.2 Symmetric-key encryption and decryption -- 2.3 Public-key encryption and decryption -- 2.4 Digital signatures and verification using public keys -- 2.5 Cryptographic hash functions -- 2.6 Message authentication (data origin authentication) -- 2.7! uthenticated encryption and further modes of operation -- 2.8! ertificates, elliptic curves, and equivalent keylengths -- 2.9! nd notes and further reading -- References |
|
Chapter 3: User Authentication-Passwords, Biometrics and Alternatives -- 3.1 Password authentication -- 3.2 Password-guessing strategies and defenses -- 3.3 Account recovery and secret questions -- 3.4 One-time password generators and hardware tokens -- 3.5 Biometric authentication -- 3.6! assword managers and graphical passwords -- 3.7! APTCHAs (humans-in-the-loop) vs. automated attacks -- 3.8! ntropy, passwords, and partial-guessing metrics -- 3.9! nd notes and further reading -- References -- Chapter 4: Authentication Protocols and Key Establishment |
|
4.1 Entity authentication and key establishment (context) -- 4.2 Authentication protocols: concepts and mistakes -- 4.3 Establishing shared keys by public agreement (DH) -- 4.4 Key authentication properties and goals -- 4.5 Password-authenticated key exchange: EKE and SPEKE -- 4.6! eak secrets and forward search in authentication -- 4.7! ingle sign-on (SSO) and federated identity systems -- 4.8! yclic groups and subgroup attacks on Diffie-Hellman -- 4.9! nd notes and further reading -- References -- Chapter 5: Operating System Security and Access Control |
| Summary |
This book provides a concise yet comprehensive overview of computer and Internet security, suitable for a one-term introductory course for junior/senior undergrad or first-year graduate students. It is also suitable for self-study by anyone seeking a solid footing in security - including software developers and computing professionals, technical managers and government staff. An overriding focus is on brevity, without sacrificing breadth of core topics or technical detail within them. The aim is to enable a broad understanding in roughly 350 pages. Further prioritization is supported by designating as optional selected content within this. Fundamental academic concepts are reinforced by specifics and examples, and related to applied problems and real-world incidents. The first chapter provides a gentle overview and 20 design principles for security. The ten chapters that follow provide a framework for understanding computer and Internet security. They regularly refer back to the principles, with supporting examples. These principles are the conceptual counterparts of security-related error patterns that have been recurring in software and system designs for over 50 years. The book is "elementary" in that it assumes no background in security, but unlike "soft" high-level texts it does not avoid low-level details, instead it selectively dives into fine points for exemplary topics to concretely illustrate concepts and principles. The book is rigorous in the sense of being technically sound, but avoids both mathematical proofs and lengthy source-code examples that typically make books inaccessible to general audiences. Knowledge of elementary operating system and networking concepts is helpful, but review sections summarize the essential background. For graduate students, inline exercises and supplemental references provided in per-chapter endnotes provide a bridge to further topics and a springboard to the research literature; for those in industry and govern ment, pointers are provided to helpful surveys and relevant standards, e.g., documents from the Internet Engineering Task Force (IETF), and the U.S. National Institute of Standards and Technology |
| Notes |
5.1 Memory protection, supervisor mode, and accountability |
|
Includes index |
|
Print version record |
| Subject |
Computer security.
|
|
Internet -- Security measures
|
|
Computer Security
|
|
Computer security
|
|
Internet -- Security measures
|
|
Seguretat informàtica.
|
|
Ordinadors -- Disseny i funcionament.
|
| Form |
Electronic book
|
| ISBN |
9783030336493 |
|
3030336492 |
|
9783030336509 |
|
3030336506 |
|
