计算机安全-原理与实践-(第二版)-英文版

内容简介

本书在上一版的基础上进行了修订与更新，全面覆盖了计算机安全领域的相关主题。全书共分为五个部分：第一部分——计算机安全技术与原理，概述了支持有效安全策略所的技术领域；第二部分——软件安全与可信系统，讲解了软件开发和运行中的安全问题；第三部分——管理问题，主要讨论信息与计算机安全在管理方面的问题；第四部分——密码学算法，给出了各种类型的加密算法和其他类型的密码算法；第五部分——网络安全，重点分析了为网络通信提供安全保障的协议和标准。本书思路清晰、结构严谨，并且提供了大量精心设计的实践问题。

目录

Chapter 0 Reader’s and Instructor’s Guide
0.1 Outline of This Book
0.2 A Roadmap for Readers and Instructors
0.3 Support for CISSP Certification
0.4 Internet and Web Resources
0.5 Standards
Chapter 1 Overview
1.1 Computer Security Concepts
1.2 Threats, Attacks, and Assets
1.3 Security Functional Requirements
1.4 A Security Architecture for Open Systems
1.5 Computer Security Trends
1.6 Computer Security Strategy
1.7 Recommended Reading and Web Sites
1.8 Key Terms, Review Questions, and Problems
PART ONE: COMPUTER SECURITY TECHNOLOGY AND PRINCIPLES 38
Chapter 2 Cryptographic Tools
2.1 Confidentiality with Symmetric Encryption
2.2 Message Authentication and Hash Functions
2.3 Public-Key Encryption
2.4 Digital Signatures and Key Management
2.5 Random and Pseudorandom Numbers
2.6 Practical Application: Encryption of Stored Data
2.7 Recommended Reading and Web Sites
2.8 Key Terms, Review Questions, and Problems
Chapter 3 User Authentication
3.1 Means of Authentication
3.2 Password-based Authentication
3.3 Token-based Authentication
3.4 Biometric Authentication
3.5 Remote User Authentication
3.6 Security Issues for User Authentication
3.7 Practical Application: An Iris Biometric System
3.8 Case Study: Security Problems for ATM Systems
3.9 Recommended Reading and Web Sites
3.10 Key Terms, Review Questions, and Problems
Chapter 4 Access Control
4.1 Access Control Principles
4.2 Subjects, Objects, and Access Rights
4.3 Discretionary Access Control
4.4 Example: UNIX File Access Control
4.5 Role-based Access Control
4.6 Case Study: RBAC System for a Bank
4.7 Recommended Reading and Web Site
4.8 Key Terms, Review Questions, and Problems
Chapter 5 Database Security
5.1 The Need for Database Security
5.2 Database Management Systems
5.3 Relational Databases
5.4 Database Access Control
5.5 Inference
5.6 Statistical Databases
5.7 Database Encryption
5.8 Cloud Security
5.9 Recommended Reading and Web Site
5.10 Key Terms, Review Questions, and Problems
Chapter 6 Malicious Software
6.1 Types of Malicious Software (Malware)
6.2 Propagation—Infected Content—Viruses
6.3 Propagation—Vulnerability Exploit—Worms
6.4 Propagation—Social Engineering—SPAM E-mail, Trojans
6.5 Payload—System Corruption
6.6 Payload—Attack Agent—Zombie, Bots
6.7 Payload—Information Theft—Keyloggers, Phishing, Spyware