Deriving security requirements from crosscutting threat descriptions
Proceedings of the 3rd international conference on Aspect-oriented software development
Integrating security across the computer science curriculum
Journal of Computing Sciences in Colleges
PRISM: A Preventive and Risk-Reducing Integrated Security Management Model Using Security Label
The Journal of Supercomputing
MIAMI: methods and infrastructure for the assurance of measurement information
DMSN '05 Proceedings of the 2nd international workshop on Data management for sensor networks
EURASIP Journal on Wireless Communications and Networking
Distributed computing and computer security education
Proceedings of the 6th conference on Information technology education
Writing requirements in computer security
Proceedings of the 6th conference on Information technology education
A teaching module to introduce encryption for web users
InfoSecCD '05 Proceedings of the 2nd annual conference on Information security curriculum development
A framework for security requirements engineering
Proceedings of the 2006 international workshop on Software engineering for secure systems
Catching spam before it arrives: domain specific dynamic blacklists
ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
Bridging a gap in the proposed personal health record
HIKM '06 Proceedings of the international workshop on Healthcare information and knowledge management
Proceedings of the 44th annual Southeast regional conference
InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development
New challenges in teaching database security
InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development
On the power of simple branch prediction analysis
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
A three-layered model to implement data privacy policies
Computer Standards & Interfaces
Toward a theory of network gatekeeping: A framework for exploring information control
Journal of the American Society for Information Science and Technology
Now what was that password again? A more flexible way of identifying and authenticating our seniors
Behaviour & Information Technology - Designing Computer Systems for and with Older Users
Understanding security architecture
Proceedings of the 2008 Spring simulation multiconference
Authenticating the query results of text search engines
Proceedings of the VLDB Endowment
Does enforcing anonymity mean decreasing data usefulness?
Proceedings of the 4th ACM workshop on Quality of protection
The 'how' and 'why' of persistent information security
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Toward a Regional ICT Hub: Need for Cyber Laws in Kenya
Information Security Journal: A Global Perspective
Requirements-based Access Control Analysis and Policy Specification (ReCAPS)
Information and Software Technology
Model-driven business process security requirement specification
Journal of Systems Architecture: the EUROMICRO Journal
Modeling and analysis of security trade-offs - A goal oriented approach
Data & Knowledge Engineering
Communications of the ACM - Amir Pnueli: Ahead of His Time
Dynamic distributed intrusion detection for secure multi-robot systems
ICRA'09 Proceedings of the 2009 IEEE international conference on Robotics and Automation
Context-Based Constraints in Security: Motivations and First Approach
Electronic Notes in Theoretical Computer Science (ENTCS)
Dynamic cryptography algorithm for real-time applications DCA-RTA
ASMCSS'09 Proceedings of the 3rd International Conference on Applied Mathematics, Simulation, Modelling, Circuits, Systems and Signals
A goal oriented approach for modeling and analyzing security trade-offs
ER'07 Proceedings of the 26th international conference on Conceptual modeling
Security ontology to facilitate web service description and discovery
Journal on data semantics IX
A lightweight secure architecture for wireless sensor networks
International Journal of Internet Technology and Secured Transactions
The impact of information security breaches: Has there been a downward shift in costs?
Journal of Computer Security
Discovering Multidimensional Correlations among Regulatory Requirements to Understand Risk
ACM Transactions on Software Engineering and Methodology (TOSEM)
An approach for adapting moodle into a secure infrastructure
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Connecting security requirements analysis and secure design using patterns and UMLsec
CAiSE'11 Proceedings of the 23rd international conference on Advanced information systems engineering
Addressing cloud computing security issues
Future Generation Computer Systems
Security engineering using problem frames
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Application of neural networks in network control and information security
ISNN'06 Proceedings of the Third international conference on Advances in Neural Networks - Volume Part III
Towards a risk management perspective on AAIs
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
A security architecture for adapting multiple access control models to operating systems
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part V
A multiple agents based intrusion detection system
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part I
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part I
Predicting secret keys via branch prediction
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Data driven language for agents secure interaction
LADS'09 Proceedings of the Second international conference on Languages, Methodologies, and Development Tools for Multi-Agent Systems
Data protection based on physical separation: concepts and application scenarios
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part IV
Secret message in a ping: creation and prevention
SITE'12 Proceedings of the 11th international conference on Telecommunications and Informatics, Proceedings of the 11th international conference on Signal Processing
Stream cipher for binary image encryption using Ant Colony Optimization based key generation
Applied Soft Computing
Formalising security in ubiquitous and cloud scenarios
CISIM'12 Proceedings of the 11th IFIP TC 8 international conference on Computer Information Systems and Industrial Management
Information Resources Management Journal
Patch Release Behaviors of Software Vendors in Response to Vulnerabilities: An Empirical Analysis
Journal of Management Information Systems
Detection of anomalies from user profiles generated from system logs
AISC '11 Proceedings of the Ninth Australasian Information Security Conference - Volume 116
Increasing cheat robustness of crowdsourcing tasks
Information Retrieval
Evaluation of Organizational E-Government Readiness in the Public Sector
International Journal of E-Services and Mobile Applications
Hi-index | 0.00 |
From the Book:PREFACE: When the first edition of this book was published in 1989, viruses and other forms of malicious code were fairly uncommon, the Internet was used largely by just computing professionals, a Clipper was a sailing ship, and computer crime was seldom a headline topic in daily newspapers. In that era most people were unconcerned about--even unaware of--how serious is the threat to security in the use of computers. The use of computers has spread at a rate completely unexpected back then. Now you can bank by computer, order and pay for merchandise, and even commit to contracts by computer. And the uses of computers in business have similarly increased both in volume and in richness. Alas, the security threats to computing have also increased significantly. Why Read This Book? Are your data and programs at risk? If you answer "yes" to any of the following questions, you have a potential security risk. Have you acquired any new programs within the last year? Do you use your computer to communicate electronically with other computers? Do you ever receive programs or data from other people? Is there any significant program or data item of which you do not have a second copy? Relax; you are not alone. Most computer users have a security risk. Being at risk does not mean you should stop using computers. It does mean you should learn more about the risk you face, and how to control that risk. Users and managers of large mainframe computing systems of the 1960s and l970s developed computer security techniques that were reasonably effective against thethreatsof that era. However, two factors have made those security procedures outdated: Personal computer use. Vast numbers of people have become dedicated users of personal computing systems, both for business and pleasure. We try to make applications "user friendly" so that computers can be used by people who know nothing of hardware or programming, just as people who can drive a car do not need to know how to design an engine. Users may not be especially conscious of the security threats involved in computer use; even users who are aware may not know what to do to reduce their risk. Networked remote-access systems. Machines are being linked in large numbers. The Internet and its cousin, the World-Wide Web, seem to double every year in number of users. A user of a mainframe computer may not realize that access to the same machine is allowed to people throughout the world from an almost uncountable number of computing systems. Every computing professional must understand the threats and the countermeasures currently available in computing. This book addresses that need. This book is designed for the student or professional in computing. Beginning at a level appropriate for an experienced computer user, this book describes the security pitfalls inherent in many important computing tasks today. Then, the book explores the controls that can check these weaknesses. The book also points out where existing controls are inadequate and serious consideration must be given to the risk present in the computing situation. Uses of This Book The chapters of this book progress in an orderly manner. After an introduction, the topic of encryption, the process of disguising something written to conceal its meaning, is presented as the first tool in computer security. The book continues through the different kinds of computing applications, their weaknesses, and their controls. The applications areas include: general programs operating systems data base management systems remote access computing multicomputer networks These sections begin with a definition of the topic, continue with a description of the relationship of security to the topic, and conclude with a statement of the current state of the art of computer security research related to the topic. The book concludes with an examination of risk analysis and planning for computer security, and a study of the relationship of law and ethics to computer security. Background required to appreciate the book is an understanding of programming and computer systems. Someone who is a senior or graduate student in computer science or a professional who has been in the field for a few years would have the appropriate level of understanding. Although some facility with mathematics is useful, all necessary mathematical background is developed in the book. Similarly, the necessary material on design of software systems, operating systems, data bases, or networks is given in the relevant chapters. One need not have a detailed knowledge of these areas before reading this book. The book is designed to be a textbook for a one- or two-semester course in computer security. The book functions equally well as a reference for a computer professional. The introduction and the chapters on encryption are fundamental to the understanding of the rest of the book. After studying those pieces, however, the reader can study any of the later chapters in any order. Furthermore, many chapters follow the format of introduction, then security aspects of the topic, then current work in the area. Someone who is interested more in background than in current work can stop in the middle of one chapter and go on to the next. This book has been used in classes throughout the world. Roughly half of the book can be covered in a semester. Therefore, an instructor can design a one-semester course that considers some of the topics of greater interest. What Does This Book Contain? This is the revised edition of Security in Computing. It is based largely on the previous version, with many updates to cover newer topics in computer security. Among the salient additions to the new edition are these items: Viruses, worms, Trojan horses, and other malicious code. Complete new section (first half of Chapter 5) including sources of these kinds of code, how they are written, how they can be detected and/or prevented, and several actual examples. Firewalls. Complete new section (end of Chapter 9) describing what they do, how they work, how they are constructed, and what degree of protection they provide. Private e-mail. Complete new section (middle of Chapter 9) explaining exposures in e-mail, kind of protection available, PEM and PGP, key management, and certificates. Clipper, Capstone, Tessera, Mosaic, and key escrow. Several sections, in Chapter 3 as an encryption technology, and Chapter 4 as a key management protocol, and in Chapter 11 as a privacy and ethics issue. Trusted system evaluation. Extensive addition (in Chapter 7) including criteria from the United States, Europe, Canada, and the soon-to-be-released Common Criteria. Program development processes, including ISO 9000 and the SEI CMM. A major section in Chapter 5 gives comparisons between these methodologies. Guidance for administering PC, Unix, and networked environments. In addition to these major changes, there are numerous small changes, ranging from wording changes to subtle notational changes for pedagogic reasons, to replacement, deletion, rearrangement, and expansion of sections. The focus of the book remains the same, however. This is still a book covering the complete subject of computer security. The target audience is college students (advanced undergraduates or graduate students) and professionals. A reader is expected to bring a background in general computing technology; some knowledge of programming, operating systems, and networking is expected, although advanced knowledge in those areas is not necessary. Mathematics is used as appropriate, although a student can ignore most of the mathematical foundation if he or she chooses. Acknowledgments Many people have contributed to the content and structure of this book. The following friends and colleagues have supplied thoughts, advice, challenges, criticism, and suggestions that have influenced my writing of this book: Lance Hoffman, Marv Schaefer, Dave Balenson, Terry Benzel, Curt Barker, Debbie Cooper, and Staffan Persson. Two people from outside the computer security community were very encouraging: Gene Davenport and Bruce Barnes. I apologize if I have forgotten to mention someone else; the oversight is accidental. Lance Hoffman deserves special mention. He used a preliminary copy of the book in a course at George Washington University. Not only did he provide me with suggestions of his own, but his students also supplied invaluable comments from the student perspective on sections that did and did not communicate effectively. I want to thank them for their constructive criticisms. Finally, if someone alleges to have written a book alone, distrust the person immediately. While an author is working 16-hour days on the writing of the book, someone else needs to see to all the other aspects of life, from simple things like food, clothing, and shelter, to complex things like social and family responsibilities. My wife, Shari Lawrence Pfleeger, took the time from her professional schedule so that I could devote my full energies to writing. Furthermore, she soothed me when the schedule inexplicably slipped, when the computer went down, when I had writer脮s block, or when some other crisis beset this project. On top of that, she reviewed the entire manuscript, giving the most thorough and constructive review this book has had. Her suggestions have improved the content, organization, readability, and overall quality of this book immeasurably. Therefore, it is with great pleasure that I dedicate this book to Shari, the other half of the team that caused this book to be written. Charles P. Pfleeger Washington DC