作者:Matt Bishop
出版日期:October 26, 2004
出版社:Addison Wesley
页数:784
ISBN:0-321-24744-2
文件格式:CHM
In this authoritative book, widely respected practitioner andteacher Matt Bishop presents a clear and useful introduction to the artand science of information security. Bishop's insights and realisticexamples will help any practitioner or student understand the cruciallinks between security theory and the day-to-day security challenges ofIT environments.
Bishop explains the fundamentals of security: the different types ofwidely used policies, the mechanisms that implement these policies, theprinciples underlying both policies and mechanisms, and how attackerscan subvert these tools–as well as how to defend against attackers. Apracticum demonstrates how to apply these ideas and mechanisms to arealistic company.
Coverage includes
Confidentiality, integrity, and availability
Operational issues, cost-benefit and risk analyses, legal and human factors
Planning and implementing effective access control
Defining security, confidentiality, and integrity policies
Using cryptography and public-key systems, and recognizing their limits
Understanding and using authentication: from passwords to biometrics
Security design principles: least-privilege, fail-safe defaults, open design, economy of mechanism, and more
Controlling information flow through systems and networks
Assuring security throughout the system lifecycle
Malicious logic: Trojan horses, viruses, boot sector and executableinfectors, rabbits, bacteria, logic bombs–and defenses against them
Vulnerability analysis, penetration studies, auditing, and intrusion detection and prevention
Applying security principles to networks, systems, users, and programs
Introduction to Computer Security is adapted from Bishop'scomprehensive and widely praised book, Computer Security: Art andScience. This shorter version of the original work omits muchmathematical formalism, making it more accessible for professionals andstudents who have a less formal mathematical background, or for readerswith a more practical than theoretical interest.