Front Cover; Title Page; Copyright Page; Dedication Page; Contents; Preface; Notation; About the Authors; Chapter 1 Overview; 1.1 Computer Security Concepts; 1.2 Threats, Attacks, and Assets; 1.3 Security Functional Requirements; 1.4 Fundamental Security Design Principles; 1.5 Attack Surfaces and Attack Trees; 1.6 Computer Security Strategy; 1.7 Standards; 1.8 Key Terms, Review Questions, and Problems; Part One Computer Security Technology and Principles; Chapter 2 Cryptographic Tools; 2.1 Confidentiality with Symmetric Encryption; 2.2 Message Authentication and Hash Functions. 2.3 Public-Key Encryption2.4 Digital Signatures and Key Management; 2.5 Random and Pseudorandom Numbers; 2.6 Practical Application: Encryption of Stored Data; 2.7 Key Terms, Review Questions, and Problems; Chapter 3 User Authentication; 3.1 Digital User Authentication Principles; 3.2 Password-Based Authentication; 3.3 Token-Based Authentication; 3.4 Biometric Authentication; 3.5 Remote User Authentication; 3.6 Security Issues for User Authentication; 3.7 Practical Application: An Iris Biometric System; 3.8 Case Study: Security Problems for ATM Systems. 3.9 Key Terms, Review Questions, and ProblemsChapter 4 Access Control; 4.1 Access Control Principles; 4.2 Subjects, Objects, and Access Rights; 4.3 Discretionary Access Control; 4.4 Example: UNIX File Access Control; 4.5 Role-Based Access Control; 4.6 Attribute-Based Access Control; 4.7 Identity, Credential, and Access Management; 4.8 Trust Frameworks; 4.9 Case Study: RBAC System for a Bank; 4.10 Key Terms, Review Questions, and Problems; Chapter 5 Database and Data Center Security; 5.1 The Need for Database Security; 5.2 Database Management Systems; 5.3 Relational Databases. 5.4 SQL Injection Attacks5.5 Database Access Control; 5.6 Inference; 5.7 Database Encryption; 5.8 Data Center Security; 5.9 Key Terms, Review Questions, and Problems; Chapter 6 Malicious Software; 6.1 Types of Malicious Software (Malware); 6.2 Advanced Persistent Threat; 6.3 Propagation-Infected Content-Viruses; 6.4 Propagation-Vulnerability Exploit-Worms; 6.5 Propagation-Social Engineering-Spam E-mail, Trojans; 6.6 Payload-System Corruption; 6.7 Payload-Attack Agent-Zombie, Bots; 6.8 Payload-Information Theft-Keyloggers, Phishing, Spyware; 6.9 Payload-Stealthing-Backdoors, Rootkits. 6.10 Countermeasures6.11 Key Terms, Review Questions, and Problems; Chapter 7 Denial-of-Service Attacks; 7.1 Denial-of-Service Attacks; 7.2 Flooding Attacks; 7.3 Distributed Denial-of-Service Attacks; 7.4 Application-Based Bandwidth Attacks; 7.5 Reflector and Amplifier Attacks; 7.6 Defenses Against Denial-of-Service Attacks; 7.7 Responding to a Denial-of-Service Attack; 7.8 Key Terms, Review Questions, and Problems; Chapter 8 Intrusion Detection; 8.1 Intruders; 8.2 Intrusion Detection; 8.3 Analysis Approaches; 8.4 Host-Based Intrusion Detection; 8.5 Network-Based Intrusion Detection.

For courses in computer/network security Balancing principle and practice-an updated survey of the fast-moving world of computer and network security Computer Security: Principles and Practice, the 4th Edition, is ideal for courses in Computer/Network Security. The need for education in computer security and related topics continues to grow at a dramatic rate-and is essential for anyone studying Computer Science or Computer Engineering. Written for both an academic and professional audience, the 4th Edition continues to set the standard for computer security with a balanced presentation of principles.

CSCI262