Available

Introduction to Computer Security

Michael Goodrich, University of California, Irvine

Roberto Tamassia, Brown University

Introduction to Computer Security — View larger

If You're an Educator

If You're a Student

Introducing Pearson+ 1500+ eTexts and study tools, all in one place. Subscriptions starting at $9.99/month.

K-12 educators: This link is for individuals purchasing with credit cards or PayPal only. Contact your Savvas Learning Company Account General Manager for purchase options.

Overview

Description

For computer-security courses that are taught at the undergraduate level and that have as their sole prerequisites an introductory computer science sequence (e.g., CS 1/CS 2).

A new Computer Security textbook for a new generation of IT professionals.

Unlike most other computer security textbooks available today, Introduction to Computer Security, 1e does NOT focus on the mathematical and computational foundations of security, and it does not assume an extensive background in computer science. Instead it looks at the systems, technology, management, and policy side of security, and offers students fundamental security concepts and a working knowledge of threats and countermeasures with “just-enough” background in computer science. The result is a presentation of the material that is accessible to students of all levels.

Preface

Preface is available for download in PDF format.

This material is protected under all copyright laws, as they currently exist. No portion of this material may be reproduced, in any form or by any means, without permission in writing from the publisher.

Features

Accessible to the general-knowledge reader.

Authors Goodrich and Tamassia recognize that prerequisites for an extensive background in CS and mathematics are not only unnecessary for learning but also arguably contribute to a reduction in enrollments and a shortage of computer-security experts. Therefore, the authors assume only the most basic of prerequisite knowledge in computing, making this text suitable for beginning computer science majors, as well as computer science minors and non-majors.

Teaches general principles of computer security from an applied viewpoint.

In this new text, the authors cover specific computer security topics while providing necessary material on the foundations of computing needed to understand these topics. As a result, students learn about vital computer security topics such as access control, firewalls, and viruses as well as a variety of fundamental computer-science concepts like algorithms, operating systems, networking, and programming languages.

Topics covered include:

o Common cyberattacks including viruses, worms, Trojan horses, password crackers, keystroke loggers, denial of service, spoofing, and phishing.

o Techniques for identifying and patching vulnerabilities in machines and networks as well methods for detecting and repairing infected systems.

o Fundamental building blocks of secure systems such as encryption, fingerprints, digital signatures and basic cryptographic protocols.

o Human and social aspects of computer security, including usability, interfaces, copyright, digital rights management, social engineering, and ethical issues.

A practical introduction that will prepare students for careers in a variety of fields.

This text encourages students to think about security issues and to deploy security mechanisms early in designing software applications or in making software purchase/ deployment decisions. This skill will be appreciated by future employers--who may include corporations in the financial, healthcare and technology sectors--for whom the security of software applications is a critical requirement.

The material in the text will also provide readers with a clear understanding of the security ramifications of using computers and the Internet in their daily lives (e.g., for online banking and shopping), as well as the potential threats to individual privacy (as seen in recent debates on electronic voting, for example), and possibly to democracy itself, that may arise from inappropriate use of computer security technology.

Projects

The authors provide a collection of creative, hands-on projects at three levels of difficulty that can be used both in computer security and computer security-related courses. A wide set of options will allow instructors to customize the projects to suit a variety of learning modes and lab resources.

In each project, students are given a realistic, though simplified, version of a working system with multiple vulnerabilities and a list of allowed attack vectors. They may be asked to work in “break-it” mode, which will require students to attack a system by developing exploits that take advantage of the discovered vulnerabilities, or they may be asked to work in “fix-it” mode in which the student hardens the system by developing mechanisms for removing or mitigating the vulnerabilities.

SUPPLEMENTS

A collection of slide presentations created by the authors each suitable for a one-hour lecture, covering all the course topics. The presentations will include links to relevant resources on the web and will have extensive notes. The slide presentations have been created in a standard file format compatible with both Microsoft PowerPoint and OpenOffice Impress.

Fully developed programming projects, created by the authors and Professor Wenliang Du of Syracuse University, that are designed to stimulate the student’s creativity by challenging them to either break security or protect a system against attacks. Topics include:

1. virus and worm propagation

2. firewalls

3. cryptography and digital rights management

4. web applications

Solution Manual

Solutions to end-of-chapter Questions and Problems.

Companion Website

Valuable resources for both instructors and students.

Author Websites

The instructional Web sites, datastructures.net and algorithmdesign.net, supported by Drs. Goodrich and Tamassia, are used as reference material by students, teachers, and professionals worldwide.

1 Introduction 1
1.1 Fundamental Concepts . . . . . . . . . . . . . . . . . . . . . 2
1.2 Access Control Models . . . . . . . . . . . . . . . . . . . . . 19
1.3 Cryptographic Concepts . . . . . . . . . . . . . . . . . . . . . 25
1.4 Implementation and Usability Issues . . . . . . . . . . . . . . 39
1.5 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

2 Physical Security 55
2.1 Physical Protections and Attacks . . . . . . . . . . . . . . . . 56
2.2 Locks and Safes . . . . . . . . . . . . . . . . . . . . . . . . . 57
2.3 Authentication Technologies . . . . . . . . . . . . . . . . . . . 71
2.4 Direct Attacks Against Computers . . . . . . . . . . . . . . . 88
2.5 Special-Purpose Machines . . . . . . . . . . . . . . . . . . . 99
2.6 Physical Intrusion Detection . . . . . . . . . . . . . . . . . . . 13
2.7 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

3 Operating Systems Security 113
3.1 Operating Systems Concepts . . . . . . . . . . . . . . . . . . 114

3.2 Process Security . . . . . . . . . . . . . . . . . . . . . . . . . 130
3.3 Memory and Filesystem Security . . . . . . . . . . . . . . . . 136

3.4 Application Program Security . . . . . . . . . . . . . . . . . . 149
3.5 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

4 Malware 173

4.1 Insider Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . 174
4.2 Computer Viruses . . . . . . . . . . . . . . . . . . . . . . . . 181
4.3 Malware Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 188
4.4 Privacy-Invasive Software . . . . . . . . . . . . . . . . . . . . 202

4.5 Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . 208
4.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

5 Network Security I 221
5.1 Network Security Concepts . . . . . . . . . . . . . . . . . . . 222
5.2 The Link Layer . . . . . . . . . . . . . . . . . . . . . . . . . . 229
5.3 The Network Layer . . . . . . . . . . . . . . . . . . . . . . . . 236
5.4 The Transport Layer . . . . . . . . . . . . . . . . . . . . . . . 246
5.5 Denial-of-Service Attacks . . . . . . . . . . . . . . . . . . . . 256

5.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

6 Network Security II 269
6.1 The Application Layer and DNS . . . . . . . . . . . . . . . . . 270
6.2 Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
6.3 Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

6.4 Intrusion Detection . . . . . . . . . . . . . . . . . . . . . . . . 299
6.5 Wireless Networking . . . . . . . . . . . . . . . . . . . . . . . 313

6.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

7 Web Security 327
7.1 The World Wide Web . . . . . . . . . . . . . . . . . . . . . . 328
7.2 Attacks on Clients . . . . . . . . . . . . . . . . . . . . . . . . 347

7.3 Attacks on Servers . . . . . . . . . . . . . . . . . . . . . . . . 368
7.4 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382

8 Cryptography 387
8.1 Symmetric Cryptography . . . . . . . . . . . . . . . . . . . . 388
8.2 Public-Key Cryptography . . . . . . . . . . . . . . . . . . . . . 406
8.3 Cryptographic Hash Functions . . . . . . . . . . . . . . . . . 417
8.4 Digital Signatures . . . . . . . . . . . . . . . . . . . . . . . . . 421
8.5 Details on AES and RSA . . . . . . . . . . . . . . . . . . . . 425
8.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439

9 Security Models and Practice 445
9.1 Policy, Models, and Trust . . . . . . . . . . . . . . . . . . . . . 446
9.2 Access Control Models . . . . . . . . . . . . . . . . . . . . . 450
9.3 Security Standards and Evaluation . . . . . . . . . . . . . . . 460
9.4 Software Vulnerability Assessment . . . . . . . . . . . . . . . 464
9.5 Administration and Auditing . . . . . . . . . . . . . . . . . . . 470
9.6 Kerberos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
9.7 Secure Storage . . . . . . . . . . . . . . . . . . . . . . . . . . 479
9.8 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484

10 Distributed-Applications Security 487
10.1 Database Security . . . . . . . . . . . . . . . . . . . . . . . . 488
10.2 Email Security . . . . . . . . . . . . . . . . . . . . . . . . . . 500
10.3 Payment Systems and Auctions . . . . . . . . . . . . . . . . . 513
10.4 Digital Rights Management . . . . . . . . . . . . . . . . . . . 519
10.5 Social Networking . . . . . . . . . . . . . . . . . . . . . . . . 528
10.6 Voting Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 531
10.7 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535

Resources

Instructor Resources

Format	On-line Supplement
ISBN-13:	9780132744485
Availability	Live

Download PowerPoint Figure Slides (application/zip) (88.2MB)

Format	On-line Supplement
ISBN-13:	9780321511003
Availability	Live

Download Instructor Solutions Manual (application/zip) (0.2MB)

Format	On-line Supplement
ISBN-13:	9780321511010
Availability	Live

Download PowerPoint Lecture Slides - Instructors (application/zip) (43.9MB)

Download PowerPoint Lecture Slides - Students (PDF) (application/zip) (12.9MB)

Discipline Resources

Format	Website
ISBN-13:	9780135140758
Availability	Live

Order

Pearson offers affordable and accessible purchase options to meet the needs of your students. Connect with us to learn more.

K12 Educators: Contact your Savvas Learning Company Account General Manager for purchase options. Instant Access ISBNs are for individuals purchasing with credit cards or PayPal.
Savvas Learning Company is a trademark of Savvas Learning Company LLC.

Digital

Paper

book cover — Introduction to Computer Security

Goodrich & Tamassia

©2011 | Pearson | 576 pp

Format	Cloth
ISBN-13:	9780321512949
Suggested retail price	$166.65
Availability	Available

About the Author(s)

Professors Goodrich and Tamassia are well-recognized researchers in computer security, algorithms and data structures, having published many papers on these subjects, with applications to computer security, cryptography, cloud computing, information visualization, and geometric computing. They have served as principal investigators in several joint projects sponsored by the National Science Foundation, the Army Research Office, and the Defense Advanced Research Projects Agency. They are also active in educational technology research, and they have published several books, including a widely adopted textbook on data structures and algorithms.

Michael Goodrich received his Ph.D. in computer science from Purdue University. He is currently a Chancellor’s Professor in the Department of Computer Science at University of California, Irvine. Previously, he was a professor at Johns Hopkins University. He is an editor for the Journal of Computer and Systems Sciences and the Journal of Graph Algorithms and Applications. He is a Fulbright Scholar, a Distinguished Scientist of the Association for Computing Machinery (ACM), and a Fellow of the American Association for the Advancement of Science (AAAS), the ACM, and the Institute of Electrical and Electronics Engineers (IEEE).

Roberto Tamassia received his Ph.D. in electrical and computer engineering from the University of Illinois at Urbana-Champaign. He is currently the Plastech Professor of Computer Science and the chair of the Department of Computer Science at Brown University. He is a founder and editor-in-chief for the Journal of Graph Algorithms and Applications. He previously served on the editorial board of Computational Geometry: Theory and Applications and IEEE Transactions on Computers. He is a Fellow of the Institute of Electrical and Electronics Engineers (IEEE).

In addition to their research accomplishments, the authors also have extensive experience in the classroom. For example, Goodrich has taught data structures and algorithms courses, including Data Structures as a freshman-sophomore level course, Applied Cryptography as a sophomore- junior level course, and Internet Algorithmics as an upper level course. He has earned several teaching awards in this capacity. Tamassia has taught Data Structures and Algorithms as an introductory freshman-level course and Computational Geometry as an advanced graduate course. Over the last several years he has developed "Introduction to Computer Systems Security," a new computer security course aimed at sophomores. His teaching of this course since 2006 has helped to shape the vision and topics of this book. One thing that has set his teaching style apart is his effective use of interactive hypermedia presentations integrated with the web.

Get the eTexts you need starting at $9.99/mo with Pearson+

Introduction to Computer Security

If You're an Educator

If You're a Student

Overview

Description

Preface

Features

Table of Contents

Resources

Instructor Resources

Discipline Resources

Order

Digital

Paper

Introduction to Computer Security

About the Author(s)

Relevant Courses