You are previewing Security in Computing, Third Edition.
O'Reilly logo
Security in Computing, Third Edition

Book Description

The classic guide to information security—fully updated for the latest attacks and countermeasures

Security in Computing, Third Edition systematically demonstrates how to control failures of confidentiality, integrity, and availability in applications, databases, operating systems, and networks alike.

This sweeping revision of the field's classic guide to computer security reflects today's entirely new generation of network- and Internet-based threats and vulnerabilities, and offers practical guidance for responding to them.

  • Updated to cover wireless security, intrusion detection, AES, DRM, biometrics, honeypots, online privacy, and more

  • Security in Internet-based, distributed, desktop and traditional centralized applications

  • New attacks, including scripted vulnerability probing, denial of service, and buffer overflows—with symptoms and cures

  • Clear, accessible introduction to cryptography—without sophisticated math

  • Up-to-the-minute explanations of digital signatures, certificates, and leading-edge quantum cryptography

  • Thoroughly revamped coverage of software engineering practices designed to enhance program security

  • Expanded coverage of risk management, contingency planning, and security policies

  • Detailed presentation of protection in general-purpose and trusted operating systems

  • Extensive pedagogical resources: end-of-chapter reviews and exercises, lists of key terms, and authoritative references

  • Exceptionally clear and easy to understand, the book covers not only technical issues, but also law, privacy, ethics, and the physical and administrative aspects of security.

    The companion website ( contains additional information, book updates, and instructor's resources.

    Table of Contents

    1. Copyright
    2. About Prentice Hall Professional Technical Reference
    3. Foreword
    4. Preface to the Third Edition
    5. Is There a Security Problem in Computing?
      1. What Does “Secure” Mean?
      2. Attacks
      3. The Meaning of Computer Security
      4. Computer Criminals
      5. Methods of Defense
      6. What's Next
      7. Summary
      8. Terms and Concepts
      9. Where the Field Is Headed
      10. To Learn More
      11. Exercises
    6. Elementary Cryptography
      1. Terminology and Background
      2. Substitution Ciphers
      3. Transpositions (Permutations)
      4. Making “Good” Encryption Algorithms
      5. The Data Encryption Standard (DES)
      6. The AES Encryption Algorithm
      7. Public Key Encryption
      8. The Uses of Encryption
      9. Summary of Encryption
      10. Terms and Concepts
      11. Where the Field Is Headed
      12. To Learn More
      13. Exercises
    7. Program Security
      1. Secure Programs
      2. Nonmalicious Program Errors
      3. Viruses and Other Malicious Code
      4. Targeted Malicious Code
      5. Controls Against Program Threats
      6. Summary of Program Threats and Controls
      7. Terms and Concepts
      8. Where the Field Is Headed
      9. To Learn More
      10. Exercises
    8. Protection in General-Purpose Operating Systems
      1. Protected Objects and Methods of Protection
      2. Memory and Address Protection
      3. Control of Access to General Objects
      4. File Protection Mechanisms
      5. User Authentication
      6. Summary of Security for Users
      7. Terms and Concepts
      8. Where the Field Is Headed
      9. To Learn More
      10. Exercises
    9. Designing Trusted Operating Systems
      1. What Is a Trusted System?
      2. Security Policies
      3. Models of Security
      4. Trusted Operating System Design
      5. Assurance in Trusted Operating Systems
      6. Implementation Examples
      7. Summary of Security in Operating Systems
      8. Terms and Concepts
      9. Where the Field Is Headed
      10. To Learn More
      11. Exercises
    10. Database Security
      1. Introduction to Databases
      2. Security Requirements
      3. Reliability and Integrity
      4. Sensitive Data
      5. Inference
      6. Multilevel Databases
      7. Proposals for Multilevel Security
      8. Summary of Database Security
      9. Terms and Concepts
      10. Where the Field Is Headed
      11. To Learn More
      12. Exercises
    11. Security in Networks
      1. Network Concepts
      2. Threats in Networks
      3. Network Security Controls
      4. Firewalls
      5. Intrusion Detection Systems
      6. Secure E-Mail
      7. Summary of Network Security
      8. Terms and Concepts
      9. Where the Field Is Headed
      10. To Learn More
      11. Exercises
    12. Administering Security
      1. Security Planning
      2. Risk Analysis
      3. Organizational Security Policies
      4. Physical Security
      5. Summary
      6. Terms and Concepts
      7. To Learn More
      8. Exercises
    13. Legal, Privacy, and Ethical Issues in Computer Security
      1. Protecting Programs and Data
      2. Information and the Law
      3. Rights of Employees and Employers
      4. Software Failures
      5. Computer Crime
      6. Privacy
      7. Ethical Issues in Computer Security
      8. Case Studies of Ethics
      9. Terms and Concepts
      10. To Learn More
      11. Exercises
    14. Cryptography Explained
      1. Mathematics for Cryptography
      2. Symmetric Encryption
      3. Public Key Encryption Systems
      4. Quantum Cryptography
      5. Summary of Encryption
      6. Terms and Concepts
      7. Where the Field Is Headed
      8. To Learn More
      9. Exercises
    15. Bibliography