Computer Security / Edition 3

Paperback (Print)
Rent from
(Save 74%)
Est. Return Date: 07/23/2015
Buy Used
Buy Used from
(Save 39%)
Item is in good condition but packaging may have signs of shelf wear/aging or torn packaging.
Condition: Used – Good details
Used and New from Other Sellers
Used and New from Other Sellers
from $23.63
Usually ships in 1-2 business days
(Save 64%)
Other sellers (Paperback)
  • All (21) from $23.63   
  • New (10) from $49.01   
  • Used (11) from $23.63   


A completely up-to-date resource on computer security

Assuming no previous experience in the field of computersecurity, this must-have book walks you through the many essentialaspects of this vast topic, from the newest advances in softwareand technology to the most recent information on Web applicationssecurity. This new edition includes sections on Windows NT, CORBA,and Java and discusses cross-site scripting and JavaScript hackingas well as SQL injection. Serving as a helpful introduction, thisself-study guide is a wonderful starting point for examining thevariety of competing security systems and what makes them differentfrom one another.

  • Unravels the complex topic of computer security and breaks itdown in such a way as to serve as an ideal introduction forbeginners in the field of computer security
  • Examines the foundations of computer security and its basicprinciples
  • Addresses username and password, password protection, singlesign-on, and more
  • Discusses operating system integrity, hardware securityfeatures, and memory
  • Covers Unix security, Windows security, database security,network security, web security, and software security

Packed with in-depth coverage, this resource spares no detailswhen it comes to the critical topic of computer security.

This is not a handbook, encyclopedia or history of computer security; it is a publication on the technical aspects of computer security. Derived from a one-year post graduate course on information security, it discusses fundamental concepts, the application of security to current systems (UNIX and NT), distributed system security and the theoretical basis of database and multi-level security. Familiarity with operating systems, applications and security concepts at an advanced level is assumed. The author is associated with Microsoft Research Ltd, Cambridge, UK.

Read More Show Less

Editorial Reviews

From the Publisher
"Obviously, it is an excellent textbook either for high education or for advanced training programme on computer security.", Jianying Zhou, , Computer Communications 25/8/99#
Read More Show Less

Product Details

  • ISBN-13: 9780470741153
  • Publisher: Wiley
  • Publication date: 3/15/2011
  • Edition description: New Edition
  • Edition number: 3
  • Pages: 456
  • Sales rank: 513,011
  • Product dimensions: 7.30 (w) x 9.20 (h) x 1.00 (d)

Meet the Author

Dieter Gollmann, Microsoft Research, Cambridge, UK
Read More Show Less

Read an Excerpt

Chapter 8: How Things Go Wrong

8.8.5 Companion Virus

Filenames in DOS have the format name.extension. Typical extensions are .DIR, .COM, .EXE, etc. For added convenience, users do not have to specify the full filename of a program they want to execute and can omit the extension. If a user calls a program in this fashion, then DOS first looks for a .COM file with this name, then for a .EXE file, then for a .BAT file. A companion virus exploits this default searchpath. If the original program is a .EXE file, then a .COM file with the same name and containing a virus could be created and the infected program would be executed. This technique was used by the AIDS 2 virus.

Default searchpaths are convenient but dangerous. The same type of attack is possible in Unix by placing an infected file which has the same name as the target of infection in a directory which is searched first according to the PATH environment variable.

8.8.6 Macro Viruses

A virus that inserts itself into the boot process will be written in machine language and all early viruses operated at this level. However, this does not imply that every virus has to be written in machine language. As early as 1989, Harold Highland mentioned the possibility of a macro virus that attaches itself to a spreadsheet worksheet, a data file [67]. Macro viruses are particularly interesting, and damaging:

  • The virus is attached to a data file. Therefore, it will bypass integrity protection mechanisms targeting 'normal' executables (operating system, programs).
  • The virus is written in ahigh-level language. Therefore it is much more platform independent than a machine language virus.
  • Text documents are widely exchanged by email. This is an excellent medium for a virus to spread.

Macro viruses became reality in 1995. Microsoft's word processing system, MS-Word, allows users to tailor the environment their documents are displayed in. Formatting information, definitions for function keys and icons are all included in a macro file that comes with a text document. When this text document is opened the instructions in the macro are executed by MS-Word. When a new document is created the file NORMAL.DOT is used as a template for its macro.

A macro may seem to be simply an attachment to a data file but in reality it is a piece of executable code. However, users opening a file may not even he aware of the fact that they are running a program. All instructions available to write macros arc also available to virus writers who now can hide viral code in a macro file. The Concept macro-virus does exactly this. It infects .DOC and .DOT files. Once NORMAL.DOT has been infected. every newly created DOC file will automatically be infected.

A strict separation between program files and data files is an excellent basis for maintaining integrity in an environment where programs (to not change. A wordprocessor is a good example of such a program.

  • Data files may change but do not contain executable code, so they cannot damage the system.
  • Program files contain executable code but need not change. Integrity check values can be computed for all programs, saved in ROM, and any program can be checked before it is allowed to run

Macros were introduced to offer customers a more flexible word-processing system. At the same time, macros blur the distinction between data and program and create a new security problem.

8.8.7 Redirection of Interrupts

A virus is most damaging when it is executing in a privileged mode. To get into the privileged mode of a microprocessor, an interrupt (trap) has to be generated. The operating system then finds the address of the interrupt handier from the interrupt table. The interrupt table, and any similar structure, is therefore a prime target of attack. By changing the address of the interrupt handier, the operating system can be redirected to execute the virus, The virus makes itself memory resident as a TSR (terminate-and-stay-resident) program and is executed whenever the corresponding interrupt occurs.

This attack is particularly effective as it does not change the original interrupt handler and no integrity control mechanism checking this interrupt handier will detect the attack. A similar attack can be mounted by modifying entries in the file allocation table. An entry in the file allocation table (FAT) is modified so that it points to a virus, which in turn contains a link to the original file.

Removing a virus of this type may cause further damage. The virus is part of the link between table and file. If the virus is deleted, the link is broken and the file cannot be retrieved, at least not through the operating system.

8.8.8 Camouflage

A virus can try to avoid detection by various means. It can compress the infected program so that infection does not result in an increased use of memory. A stealth virus hides in a sector marked as bad in the FAT. Thus, other programs will nor-malty skip this sector when reading the disk. The virus can intercept interrupts to detect an attempt to detect its presence, e.g. an attempt to read the length, date, or checksum of a file it has infected. The virus will then return the original values. A polymorphic virus encrypts itself and uses a new key on each new infection to avoid detection by pattern recognition scanners. A multi-partite virus combines different types of infection to make detection more difficult. Slow infection viruses control the rate of infection to avoid immediate detection.

8.9 Anti-Virus Software

Viral attacks exploit a lack of integrity controls. To defend yourself, you therefore have to add those controls. Some of the available protection mechanisms are virus specific but mostly they address integrity in general. Your defensive strategy will have the following components:

  • Prevention: stops a virus from infecting your system.
  • Detection: detects a virus that has infected your system.
  • Reaction: restores your system to a clean state.

Administrative measures and user awareness are essential for successful virus protection.

8.9.1 Physical and Administrative Controls

Physical and administrative controls are an excellent way of preventing a virus from entering your system. Some of these measures are surprisingly simple. If you do not want to write to a floppy disk, put the write protection tab on and no virus will be able to infect it. If the operating system provides access control, use it properly. For example, set file permission on all applications on network servers to read and execute only.

Place controls at the point where a virus could enter your system. Test new software on quarantine machines where anti-virus software has been installed. Do your testing from an account with as few privileges as possible, e.g. Guest. Even better, use a sheep-dip (gateway) machine to run a virus scanner, checking all floppy disks entering an organization. If it decides that a floppy disk is clean, the disk receives a label and is now cleared for internal use. If the label is a sticker on the disk, it is up to user awareness to detect unauthorized disks within their organization. If an electronic label is written on the disk, then the machines within the organization can check for its presence and refuse unauthorized disks. Nowadays, fire-wall products often are equipped with a virus scanner to look for viruses coming in over the network.

Conduct regular virus checks and keep your anti-virus products up to date. Anti-virus software can be included in each user's login script. System utilities can automatically perform checks at predefined times. For example, in Unix the system manager can tell the cron utility when to run integrity check programs. Do not rely on a single protection mechanism; use a combination of techniques.

Contingency plans should be in place to know how to react to a virus incident. It is often claimed that inept reactions to a virus attack create more damage than the virus itself. Obviously, clean backups are essential when restoring your system after an attack. However, it is not uncommon that by the time a virus is detected, it has already found its way into all the backups kept.

8.9.2 Cryptographic Checksums

Cryptographic checksums are a standard integrity protection technique. A checksum is computed for a clean version of the file to be protected. This checksurn is stored in a secure place, ideally in a ROW e.g. on a CD. Whenever this file is used, the checksurn computed for its current version is compared with the stored checksum. Thus, any change to the original will be detected. Clearly, a checksummer does not have to know about a virus to detect its presence.

Checksummers are vulnerable whenever the checksum has to be recomputed, e.g. when a file changes or when the clean checksums have been lost. They are therefore more suitable for environments where only a fixed set of software tools is used than for organizations developing their own software. Also, checksummers do not indicate which virus caused the infection, making it more difficult to plan further actions once an infection has been detected....

Read More Show Less

Table of Contents

Preface xvii

CHAPTER 1 – History of Computer Security 1

1.1 The Dawn of Computer Security 2

1.2 1970s – Mainframes 3

1.3 1980s – Personal Computers 4

1.4 1990s – Internet 6

1.5 2000s – The Web 8

1.6 Conclusions – The Benefits of Hindsight 10

1.7 Exercises 11

CHAPTER 2 – Managing Security 13

2.1 Attacks and Attackers 14

2.2 Security Management 15

2.3 Risk and Threat Analysis 21

2.4 Further Reading 29

2.5 Exercises 29

CHAPTER 3 – Foundations of Computer Security 31

3.1 Definitions 32

3.2 The Fundamental Dilemma of Computer Security 40

3.3 Data vs Information 40

3.4 Principles of Computer Security 41

3.5 The Layer Below 45

3.6 The Layer Above 47

3.7 Further Reading 47

3.8 Exercises 48

CHAPTER 4 – Identification and Authentication49

4.1 Username and Password 50

4.2 Bootstrapping Password Protection 51

4.3 Guessing Passwords 52

4.4 Phishing, Spoofing, and Social Engineering 54

4.5 Protecting the Password File 56

4.6 Single Sign-on 58

4.7 Alternative Approaches 59

4.8 Further Reading 63

4.9 Exercises 63

CHAPTER 5 – Access Control 65

5.1 Background 66

5.2 Authentication and Authorization 66

5.3 Access Operations 68

5.4 Access Control Structures 71

5.5 Ownership 73

5.6 Intermediate Controls 74

5.7 Policy Instantiation 79

5.8 Comparing Security Attributes 79

5.9 Further Reading 84

5.10 Exercises 84

CHAPTER 6 – Reference Monitors 87

6.1 Introduction 88

6.2 Operating System Integrity 90

6.3 Hardware Security Features 91

6.4 Protecting Memory 99

6.5 Further Reading 103

6.6 Exercises 104

CHAPTER 7 – Unix Security 107

7.1 Introduction 108

7.2 Principals 109

7.3 Subjects 111

7.4 Objects 113

7.5 Access Control 116

7.6 Instances of General Security Principles 119

7.7 Management Issues 125

7.8 Further Reading 128

7.9 Exercises 128

CHAPTER 8 – Windows Security 131

8.1 Introduction 132

8.2 Components of Access Control 135

8.3 Access Decisions 142

8.4 Managing Policies 145

8.5 Task-Dependent Access Rights 147

8.6 Administration 150

8.7 Further Reading 153

8.8 Exercises 153

CHAPTER 9 – Database Security 155

9.1 Introduction 156

9.2 Relational Databases 158

9.3 Access Control 162

9.4 Statistical Database Security 167

9.5 Integration with the Operating System 172

9.6 Privacy 173

9.7 Further Reading 175

9.8 Exercises 175

CHAPTER 10 – Software Security 177

10.1 Introduction 178

10.2 Characters and Numbers 179

10.3 Canonical Representations 183

10.4 Memory Management 184

10.5 Data and Code 191

10.6 Race Conditions 193

10.7 Defences 194

10.8 Further Reading 201

10.9 Exercises 202

CHAPTER 11 – Bell–LaPadula Model 205

11.1 State Machine Models 206

11.2 The Bell–LaPadula Model 206

11.3 The Multics Interpretation of BLP 212

11.4 Further Reading 216

11.5 Exercises 216

CHAPTER 12 – Security Models 219

12.1 The Biba Model 220

12.2 Chinese Wall Model 221

12.3 The Clark–Wilson Model 223

12.4 The Harrison–Ruzzo–Ullman Model 225

12.5 Information-Flow Models 228

12.6 Execution Monitors 230

12.7 Further Reading 232

12.8 Exercises 233

CHAPTER 13 – Security Evaluation 235

13.1 Introduction 236

13.2 The Orange Book 239

13.3 The Rainbow Series 241

13.4 Information Technology Security Evaluation Criteria 242

13.5 The Federal Criteria 243

13.6 The Common Criteria 243

13.7 Quality Standards 246

13.8 An Effort Well Spent? 247

13.9 Summary 248

13.10 Further Reading 248

13.11 Exercises 249

CHAPTER 14 – Cryptography 251

14.1 Introduction 252

14.2 Modular Arithmetic 256

14.3 Integrity Check Functions 257

14.4 Digital Signatures 260

14.5 Encryption 264

14.6 Strength of Mechanisms 270

14.7 Performance 271

14.8 Further Reading 272

14.9 Exercises 273

CHAPTER 15 – Key Establishment 275

15.1 Introduction 276

15.2 Key Establishment and Authentication 276

15.3 Key Establishment Protocols 279

15.4 Kerberos 283

15.5 Public-Key Infrastructures 288

15.6 Trusted Computing – Attestation 293

15.7 Further Reading 295

15.8 Exercises 295

CHAPTER 16 – Communications Security 297

16.1 Introduction 298

16.2 Protocol Design Principles 299

16.3 IP Security 301

16.4 IPsec and Network Address Translation 308

16.5 SSL/TLS 310

16.6 Extensible Authentication Protocol 314

16.7 Further Reading 316

16.8 Exercises 316

CHAPTER 17 – Network Security 319

17.1 Introduction 320

17.2 Domain Name System 322

17.3 Firewalls 328

17.4 Intrusion Detection 332

17.5 Further Reading 335

17.6 Exercises 336

CHAPTER 18 – Web Security 339

18.1 Introduction 340

18.2 Authenticated Sessions 342

18.3 Code Origin Policies 346

18.4 Cross-Site Scripting 347

18.5 Cross-Site Request Forgery 350

18.6 JavaScript Hijacking 352

18.7 Web Services Security 354

18.8 Further Reading 360

18.9 Exercises 361

CHAPTER 19 – Mobility 363

19.1 Introduction 364

19.2 GSM 364

19.3 UMTS 369

19.4 Mobile IPv6 Security 372

19.5 WLAN 377

19.6 Bluetooth 381

19.7 Further Reading 383

19.8 Exercises 383

CHAPTER 20 – New Access Control Paradigms 385

20.1 Introduction 386

20.2 SPKI 388

20.3 Trust Management 390

20.4 Code-Based Access Control 391

20.5 Java Security 395

20.6 .NET Security Framework 400

20.7 Digital Rights Management 405

20.8 Further Reading 406

20.9 Exercises 406

Bibliography 409

Index 423

Read More Show Less

Customer Reviews

Average Rating 5
( 1 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)