计算机安全原理与实践（英文版）

《计算机安全原理与实践（英文版）》系统地介绍了计算机安全领域中的各个方面，全面分析了计算机安全威胁、检测与防范安全攻击的技术方法以及软件安全问题和管理问题。《计算机安全原理与实践（英文版）》重点介绍核心原理，揭示了这些原理是如何将计算机安全领域统一成一体的，并说明了它们在实际系统和网络中的应用。此外，《计算机安全原理与实践（英文版）》还探讨了满足安全需求的各种设计方法，阐释了对于当前安全解决方案至关重要的标准。
《计算机安全原理与实践（英文版）》思路清晰，结构严谨，并且提供了扩展的教学支持——数百个精心设计的实践问题，是高等院校计算机安全专业的理想教材，同时也可作为研究人员和专业技术人员的非常有价值的参考书。
《计算机安全原理与实践（英文版）》主要内容
·安全技术和原理，包括密码编码技术、认证以及访问控制。
·威胁及其对策，从检测入侵者到应对DoS攻击。
·可信计算与多级安全。
·安全软件：避免缓冲区溢出、恶意输入和其他弱点。
·Linux和Windows安全模型。
·管理安全：物理安全、培训、审计和策略等。
·计算机犯罪、知识产权、隐私和道德。
·密码算法，包括公钥密码体制。
·Internet安全：SSL、TLS、IP安全、S/MIME、Kerberos、X.509以及联合身份管理。

William Stallings拥有美国麻省理工学院计算机科学博士学位，现任教于澳大利亚新南威尔士大学国防学院（堪培拉）信息技术与电子工程系。他是世界知名计算机学者和畅销教材作者，已经撰写了17部著作，出版了40多本书籍。内容涉及计算机安全、计算机网络和计算机体系结构等方面，堪称计算机界的全才。他曾九次荣获美国“教材和学术专著作者协会”颁发的“年度最佳计算机科学教材”奖。
Lawrle Brown任教于澳大利亚新南威尔士大学国防学院（堪培拉）信息技术与电子工程系。他的专业兴趣涉及密码学、通信和计算机系统安全。

Preface v
About the Authors ix
Notation x
Acronyms xi
Chapter 0 Reader's and Instructor's Guide 1
0.1 Outline of the Book 2
0.2 A Roadmap for Readers and Instructors 3
0.3 Internet and Web Resources 3
0.4 Standards 5
Chapter 1 Overview 6
1.1 Computer Security Concepts 7
1.2 Threats, Attacks, and Assets 14
1.3 Security Functional Requirements 20
1.4 A Security Architecture for Open Systems 22
1.5 The Scope of Computer Security 27
1.6 Computer Security Trends 28
1.7 Computer Security Strategy 32
1.8 Reconunended Reading andWeb Sites 34
1.9 Key Terms, Review Questions, and Problems 36
Appendix: 1A Significant Security Standards and Documents 37
PART ONE COMPUTER SECURITY TECHNOLOGY AND PRINCIPLES 40

Chapter 2 Cryptographic Tools 41
2.1 Confidentiality with Symmetric Encryption 42
2.2 Message Authentication and Hash Functions 49
2.3 Public-Key Encryption 56
2.4 Digital Signatures and Key Management 61
2.5 Random and Pseudorandom Numbers 65
2.6 Practical Application: Encryption of Stored Data 67
2.7 Recommended Reading and Web Sites 68
2.8 Key Terms, Review Questions, and Problems 69

Chapter 3 User Authentication 74
3.1 Means of Authentication 75
3.2 Password-Based Authentication 76
3.3 Token-Based Authentication 88
3.4 Biometric Authentication 92
3.5 Remote User Authentication 97
3.6 Security Issues for User Authentication 99
3.7 Practical Application: An Iris Biometric System 101
3.8 Case Study: Security Problems for ATM Systems 103
3.9 Recommended Reading and Web Sites 106
3.10 Key Terms, Review Questions, and Problems 107

Chapter 4 Access Control 110
4.1 Access Control Principles 111
4.2 Subjects, Objects, and Access Rights 115
4.3 Discretionary Access Control 116
4.4 Example: UNIX File Access Control 122
4.5 Role-Based Access Control 125
4.6 Case Study: RBAC System for a Bank 134
4.7 Recommended Reading andWeb Sites 137
4.8 KeyTerms, Review Questions, and Problems 138

Chapter 5 Database Security 142
5.1 Database Management Systems 143
5.2 Relational Databases 144
5.3 Database Access Control 148
5.4 Inference 153
5.5 Statistical Databases 156
5.6 Database Encryption 166
5.7 Recommended Reading 170
5.8 Key Terms, Review Questions and Problems 171

Chapter 6 Intrusion Detection 176
6.1 Intruders 177
6.2 Intrusion Detecuon 181
6.3 ttost-Based Intrusion Detection 183
6.4 Distributed Host-Based Intrusion Detection 190
6.5 Network-Based Intrusion Detection 193
6.6 Distributed Adaptive Intrusion Detection 197
6.7 Intrusion Detection Exchange Format 200
6.8 Honeypots 202
6.9 Example System: Snort 204
6.10 Recommended Reading and Web Sites 208
6.11 Key Terms, Review Questions, and Problems 209
Appendix 6A:The Base-Rate Fallacy 211

Chapter 7 Malicious Software 215
7.1 Types of Malicious Software 216
7.2 Viruses 220
7.3 Virus Countermeasures 226
7.4 Worms 231
7.5 Bots 240
7.6 Rootkits 242
7.7 Recommended Reading and Web Sites 245
7.8 Key Terms, Review Questions, and Problems 246

Chapter 8 Denial of Service 249
8.1 Denial of Service Attacks 250
8.2 Flooding Attacks 257
8.3 Distributed Denial of Service Attacks 259
8.4 Reflector and Amplifier Attacks 261
8.5 Defenses Against Denial of Service Attacks 265
8.6 Responding to a Denial of Service Attack 269
8.7 Recommended Reading andWeb Sites 270
8.8 Key Terms, Review Questions, and Problems 271

Chapter 9 Firewalls and Intrusion Prevention Systems 273
9.1 The Need for Firewalls 274
9.2 FirewaU Characteristics 275
9.3 Types of Firewalls 276
9.4 FirewaLl Basing 283
9.5 Firewall Location and Configurations 286
9.6 Intrusion Prevention Systems 291
9.7 Example: UnifiedThreat Management Products 294
9.8 Recommended Reading and Web Sites 298
9.9 Key Terms, Review Questions, and Problems 299

Chapter 10 Trusted Computing and Multilevel Security 303
10.1 The Bell-LaPadula Model for Computer Security 304
10.2 Other Formal Models for Computer Security 314
10.3 The Concept of Trusted Systems 320
10.4 Application of Multilevel Security 323
10.5 Trusted Computing and theTrusted Platform Module 330
10.6 Common Criteria for Information Technology Security Evaluation 334
10.7 Assurance and Evaluation 340
10.8 Recommended Reading and Web Sites 345
10.9 Key Terms, Review Questions, and Problems 346
PART TWO SOFTWARE SECURITY 349

Chapter 11 Buffer Overflow 350
11.1 Stack Overflows 352
11.2 Defending Against Buffer Overflows 373
11.3 Other Forms of Overflow Attacks 379
11.4 Recommended Reading and Web Sites 385
11.5 Key Terms, Review Questions, and Problems 386

Chapter 12 Other Software Security Issues 388
12.1 Software Security Issues 389
12.2 Handling Program Input 392
12.3 Writing Safe Program Code 403
12.4 Interacting with the Operating System and Other Programs 408
12.5 Handling Program Input 419
12.6 Recommended Reading andWeb Sites 422
12.7 Key Terms, Review Questions, and Problems 423
pART THREE MANAGEMENT ISSUES 426

Chapter 13 physical and Infrastructure Security 427
13.1 Overview 428
13.2 Physical Security Threats 429
15.3 Physical Security Prevention and Mitigation Measures 435
15.4 Recovery from Physical Security Breaches 438
13.5 Threat Assessment, Planning, and Plan Implementation 439
13.6 Example:A Corporate Physical Security Policy 440
13.7 Integration of Physical and Logical Security 44l
13.8 Recommended Reading and Web Sites 446
13.9 Key Terms, Revaew Questions, and Problems 447

Chapter 14 Human Factors 449
14.1 Security Awareness, Training, and Education 450
14.2 Organizational Security Policy 455
14.3 Employment Practices and Policies 461
14.4 E-Mail and internet Use Policies 464
14.5 Example:A Corporate Security Policy Document 465
14.6 Recommended Reading and Web Sites 467
14.7 Key Terms, Review Questions, and Problems 468
Appendix 14A: Security Awareness Standard of Good Practice 469
Appendix 14B: Security Policy Standard of Good Practice 473

Chapter 15 Security Auditing 475
15.1 Security Auditing Architecture 476
15.2 The Security Audit Trail 481
15.3 Implementing the Logging Function 486
15.4 Audit Trail Analysis 497
15.5 Example: An Integrated Approach 501
15.6 Recommended Reading and Web Sites 504
15.7 Key Terms, Review Questions, and Problems 505

Chapter 16 IT Security Management and Risk Assessment 508
16.1 IT Security Management 509
16.2 Organizational Context and Security Policy 512
16.3 Security Risk Assessment 515
16.4 Detailed Security Risk Analysis 518
16.5 Case Study: Silver Star Mines 530
16.6 Recommended Reading and Web Sites 534
16.7 Key Terms, Review Questions, and Problems 536

Chapter 17 IT Security Controls, Plans and Procedures 538
17.1 IT Security Management Implementation 539
17.2 Security Controls or Safeguards 539
17.3 IT Security Plan 547
17.4 Implementation of Controls 548
17.5 Implementation Followup 550
17.6 Case Study: Silver Star Mines 556
17.7 Recommended R. eading 559
17.8 Key Terms, Review Questions, and Problems 559

Chapter 18 Legal and Ethical Aspects 562
18.1 Cyhercrime and Computer Crime 563
18.2 Intellectual Property 567
18.3 Privacy 574
18.4 Ethical Issues 580
18.5 Recommended Reading andWeb Sites 586
18.6 KeyTerms, Review Questions, and Problems 587
Appendix 18A: Information Privacy Standard of Good Practice 590
PART FOUR CRYPTOGRAPHIC ALGORITHMS 592

Chapter 19 Symmetric Encryption and Message Confidentiality 593
19.1 Symmetric Encryption and Message Confidentiality 594
19.2 Data Encryption Standard 598
19.3 Advanced Encryption Standard 600
19.4 Stream Ciphers and RC4 607
19.5 Cipher Block Modes of Operation 610
19.6 Location of Symmetric Encrypfion Devices 616
19.7 Key Distribution 618
19.8 Recommended Reading andWeb Sites 620
19.9 Key Terms Review Questions, and Problems 620

Chapter 20 Public-Key Cryptography and Message Authentication 625
20.1 Secure Hash Functions 626
20.2 HMAC 632
20.3 The KSA Public-Key Encryption Algorithm 635
20.4 Diffie-Hellman and Other Asymmetric Algorithms 641
20.5 Recommended Reading and Web Sites 646
20.6 Key Terms, Review Questions, and Problems 646
PART FIVE INTERNET SECURITY 650

Chapter 21 Internet Security Protocols and Standards 651
21.1 Secure Sockets Layer (SSL) and Transport Layer Security (TLS) 652
21.2 IPv4 and IPv6 Security 656
21.3 Secure Email and S/MIME 662
21.4 Recommended Reading and Web Sites 665
21.5 Key Terms, Review Questions, and Problems 666
Appendix 21A: Radix-64 Conversion 668

Chapter 22 Internet Authentication Applications 671
22.1 Kerberos 672
22.2 X.509 678
22.3 Public-Key Infrastructure 680
22.4 Federated Identity Management 683
22.5 Recommended Reading and Web Sites 687
22.6 Key Terms, Review Questions, and Problems 688
PART SIX OPERATING SYSTEM SECURITY 689

Chapter 23 Linux Security 690
23.1 Introduction 691
23.2 Linux's Security Model 691
23.3 The Linux DAC in Depth: Filesystem Security 693
23.4 Linux Vulnerabilities 699
23.5 Linux System Hardening 701
23.6 Application Security 709
23.7 Mandatory Access Controls 711
23.8 Recommended Reading and Web Sites 711
23.9 Key Terms, Review Questions, and Problems 718

Chapter 24 Windows and Windows Vista Security 720
24.1 Windows Security Architecture 721
24.2 Windows Vuln erabilities 728
24.3 Windows Security Defenses 729
24.4 Browser Defenses 737
24.5 Cryptographic Services 737
24.6 Common Criteria 738
24.7 Recommended Reading andWeb Sites 739
24.8 Key Terms, Review Questions, Problems, and Projects 740
APPENDICES
Appendix A Some Aspects of Number Theory 742
A.1 Prime and Relatively Prime Numbers 743
A.2 Modular Arithmetic 744
A.3 Fermat's and Euler's Theorems 746
Appendix B Random and Pseudorandom Number Generation 750
B.1 The Use of Random Numbers 751
B.2 Pseudorandom Number Generators (PRNGs) 752
B.3 True Random Number Generators 757
Appendix C Projects for Teaching Computer Security 759
C.1 Research Projects 760
C.2 Hacking Projects 761
C.3 Programming Projects 761
C.4 Laboratory Exercises 762
C.5 Practical Security Assessments 762
C.6 Writing Assignments 762
C.7 Reading/Report Assignments 763
References 765
Index 783
ONLINE APPENDICES
Appendix D Standards and Standard-Setting Organizations
D.1 The Importance of Standards
D.2 Internet Standards and the Internet Society
D.3 National Institute of Standards and Technology
D.4 The International Telecommunication Union
D.5 The International Orgamzation for Standardization
Appendix E TCP/IP Protocol Architecture
E.1 TCP/IP Layers
E.2 TCP and UDP
E.3 Operation of TCP/IP
E.4 TCP/IP Applications
Appendix F Glossary

The subsection on threats to communication lines and networks in Section 1.2 is based on the X.800 categorization of security threats.The next two sections exam ine security services and mechanisms, using the X.800 architecture.
Security Services X.800 defines a security service as a service that is provided by a protocol layer of ommunicating open systems and that ensures adequate security of the systems or of data transfers Perhaps a clearer definition is found in RFC 2828, which provides the following definition: a processing or communication service that is provided by a system to give a specific kind of protection to system resources; security services implement security policies and are implemented by security mechanisms.
X.800 divides these services into six categories and fourteen specific services (Table 1.5). We look at each category in turn.5 Keep in mind that to a considerable extent, X.800 is focused on distributed and networked systems and so emphasizes network security over single-system computer security. Nevertheless, Table 1.5 is a useful checklist of security services.
Authentication The authentication service is concerned with assuring that a communication is authentic. In the case of a single message, such as a warning or alarm signal, the function of the authentication service is to assure the recipient that the message is from the source that it claims to be from. In the case of an ongoing interaction, such as the connection of a terminal to a host, two aspects are involved. First, at the time of connection initiation, the service assures that the two entities are authentic; that is, that each is the entity that it claims to be. Second, the service must assure that the connection is not interfered with in such a way that a third party can asquerade as one of the two legitimate parties for the purposes of unauthorized transmission or reception.
Two specific authentication services are defined in the standard:Peer entity authentication: Provides for the orroboration of the identity of a peer entity in an association. Two entities are considered peer if they imple ment the same protocol in different systems (e.g., two TCP users in two com municating systems). Peer entity uthentication is provided for use at the establishment of, or at times during the data transfer phase of, a onnection. It attempts to provide confidence that an entity is not performing either a mas querade or an nauthorized replay of a previous connection.
Data origin authenticatio: Provides for the corroboration of the source of a data unit. It does not provide otection against the duplication or modification of data units. This type of service supports applications like electronic mail where there are no prior interactions between the communicating entities.
Access Control In the context of network security, access control is the ability to limit and control the access to host systems and applications via communications links. To achieve this, each entity trying to gain access must irst be identified, or authenticated, so that access rights can be tailored to the individual.
……