Security in Computing / Edition 4
  • Alternative view 1 of Security in Computing / Edition 4
  • Alternative view 2 of Security in Computing / Edition 4

Security in Computing / Edition 4

5.0 1
by Charles P. Pfleeger, Shari Lawrence Pfleeger, Willis H. Ware

View All Available Formats & Editions

ISBN-10: 0132390779

ISBN-13: 9780132390774

Pub. Date: 10/27/2006

Publisher: Prentice Hall

The New State-of-the-Art in Information Security: Now Covers the Economics of Cyber Security and the Intersection of Privacy and Information Security

For years, IT and security professionals and students have turned to Security in Computing as the definitive guide to information about computer security attacks and countermeasures. In


The New State-of-the-Art in Information Security: Now Covers the Economics of Cyber Security and the Intersection of Privacy and Information Security

For years, IT and security professionals and students have turned to Security in Computing as the definitive guide to information about computer security attacks and countermeasures. In their new fourth edition, Charles P. Pfleeger and Shari Lawrence Pfleeger have thoroughly updated their classic guide to reflect today's newest technologies, standards, and trends.

The authors first introduce the core concepts and vocabulary of computer security, including attacks and controls. Next, the authors systematically identify and assess threats now facing programs, operating systems, database systems, and networks. For each threat, they offer best-practice responses.

Security in Computing, Fourth Edition , goes beyond technology, covering crucial management issues faced in protecting infrastructure and information. This edition contains an all-new chapter on the economics of cybersecurity, explaining ways to make a business case for security investments. Another new chapter addresses privacy--from data mining and identity theft, to RFID and e-voting.

New coverage also includes

  • Programming mistakes that compromise security: man-in-the-middle, timing, and privilege escalation attacks
  • Web application threats and vulnerabilities
  • Networks of compromised systems: bots, botnets, and drones
  • Rootkits--including the notorious Sony XCP
  • Wi-Fi network security challenges, standards, and techniques
  • New malicious code attacks, including false interfaces and keystroke loggers
  • Improving code quality: software engineering, testing, and liability approaches
  • Biometric authentication: capabilities and limitations
  • Using the Advanced Encryption System (AES) more effectively
  • Balancing dissemination with piracy control in music and other digital content
  • Countering new cryptanalytic attacks against RSA, DES, and SHA
  • Responding to the emergence of organized attacker groups pursuing profit

Product Details

Prentice Hall
Publication date:
Edition description:
Sales rank:
Product dimensions:
7.35(w) x 9.53(h) x 1.90(d)

Table of Contents

Preface to the Third Editionxxv
Chapter 1Is There a Security Problem in Computing?1
1.1What Does "Secure" Mean?1
1.3The Meaning of Computer Security9
1.4Computer Criminals19
1.5Methods of Defense22
1.6What's Next27
1.8Terms and Concepts30
1.9Where the Field Is Headed31
1.10To Learn More31
Chapter 2Elementary Cryptography35
2.1Terminology and Background36
2.2Substitution Ciphers41
2.3Transpositions (Permutations)52
2.4Making "Good" Encryption Algorithms55
2.5The Data Encryption Standard (DES)65
2.6The AES Encryption Algorithm69
2.7Public Key Encryption73
2.8The Uses of Encryption76
2.9Summary of Encryption88
2.10Terms and Concepts89
2.11Where the Field Is Headed90
2.12To Learn More90
Chapter 3Program Security95
3.1Secure Programs96
3.2Nonmalicious Program Errors100
3.3Viruses and Other Malicious Code108
3.4Targeted Malicious Code137
3.5Controls Against Program Threats150
3.6Summary of Program Threats and Controls172
3.7Terms and Concepts173
3.8Where the Field Is Headed174
3.9To Learn More175
Chapter 4Protection in General-Purpose Operating Systems179
4.1Protected Objects and Methods of Protection180
4.2Memory and Address Protection183
4.3Control of Access to General Objects194
4.4File Protection Mechanisms204
4.5User Authentication209
4.6Summary of Security for Users223
4.7Terms and Concepts224
4.8Where the Field Is Headed225
4.9To Learn More226
Chapter 5Designing Trusted Operating Systems229
5.1What Is a Trusted System?230
5.2Security Policies232
5.3Models of Security238
5.4Trusted Operating System Design250
5.5Assurance in Trusted Operating Systems273
5.6Implementation Examples297
5.7Summary of Security in Operating Systems302
5.8Terms and Concepts303
5.9Where the Field Is Headed305
5.10To Learn More305
Chapter 6Database Security309
6.1Introduction to Databases310
6.2Security Requirements314
6.3Reliability and Integrity320
6.4Sensitive Data326
6.6Multilevel Databases343
6.7Proposals for Multilevel Security346
6.8Summary of Database Security357
6.9Terms and Concepts358
6.10Where the Field Is Headed358
6.11To Learn More359
Chapter 7Security in Networks363
7.1Network Concepts364
7.2Threats in Networks387
7.3Network Security Controls425
7.5Intrusion Detection Systems468
7.6Secure E-Mail473
7.7Summary of Network Security479
7.8Terms and Concepts481
7.9Where the Field Is Headed483
7.10To Learn More484
Chapter 8Administering Security491
8.1Security Planning492
8.2Risk Analysis506
8.3Organizational Security Policies529
8.4Physical Security538
8.6Terms and Concepts549
8.7To Learn More550
Chapter 9Legal, Privacy, and Ethical Issues in Computer Security553
9.1Protecting Programs and Data555
9.2Information and the Law568
9.3Rights of Employees and Employers575
9.4Software Failures578
9.5Computer Crime583
9.7Ethical Issues in Computer Security605
9.8Case Studies of Ethics610
9.9Terms and Concepts626
9.10To Learn More626
Chapter 10Cryptography Explained629
10.1Mathematics for Cryptography630
10.2Symmetric Encryption642
10.3Public Key Encryption Systems666
10.4Quantum Cryptography683
10.5Summary of Encryption686
10.6Terms and Concepts687
10.7Where the Field Is Headed688
10.8To Learn More688

Customer Reviews

Average Review:

Write a Review

and post it to your social network


Most Helpful Customer Reviews

See all customer reviews >

Security in Computing 5 out of 5 based on 0 ratings. 1 reviews.
Guest More than 1 year ago
[A review of the 4th Edition, that was published in October 2006.] I would compare this book to Matt Bishop's 'Introduction to Computer Security'. The latter is far more mathematical. Probably too much so for the typical sysadmin who is looking to defend her computers and network. Bishop's book is perhaps best suited to someone who wants to deeply understand cryptosystems and malware, and who might want to design a new cryptosystem or a malware detector. Whereas the Pfleeger book does not stress mathematical formalism at all. Much easier for a broader IT audience to understand. For a sysadmin, programmer, or an IT manager. All you need is some general background in computing, and much of the book will be very intelligible. For cryptography, there are 2 chapters, that give a quick overview of symmetric and public key systems. At the schematic level, with few equations. The seminal RSA algorithm is explained. The second cryptography chapter is actually the book's last chapter. Appropriate, because it is the most mathematical section of the text. It includes a nice Figure 12-3, that is an especially clear schematic of the hierarchies of complexity classes. It should make apparent the distinction between NP and P(olynomial) complete problems. There is a wide survey of malware. For viruses, there are qualitative explanations of how viruses can infect code. The level of detail is not that of more specialised books that focus just on viruses. The text does not give you enough to detect or write a virus. But you can understand how they work, at a level adequate for a sysadmin, say. In other words, if you have computers to defend, and you need to choose between various tools for detection, the book gives you enough education to rationally understand the differences between the methods of those tools. At least to the extent that the toolmakers offer such information, and that it is accurate.