Security in Computing, Fourth Edition By Charles P Pfleeger - Pfleeger Consulting Group, Shari Lawrence Pfleeger - RAND Corporation Publisher: Prentice Hall Pub Date: October 13, 2006 Print ISBN-10: 0-13-239077-9 Print ISBN-13: 978-0-13-239077-4 Pages: 880 Table of Contents | Index The New State-of-the-Art in Information Security: Now Covers the Economics of Cyber Security and the Intersection of Privacy and Information Security For years, IT and security professionals and students have turned to Security in Computing as the definitive guide to information about computer security attacks and countermeasures In their new fourth edition, Charles P Pfleeger and Shari Lawrence Pfleeger have thoroughly updated their classic guide to reflect today's newest technologies, standards, and trends The authors first introduce the core concepts and vocabulary of computer security, including attacks and controls Next, the authors systematically identify and assess threats now facing programs, operating systems, database systems, and networks For each threat, they offer best-practice responses Security in Computing, Fourth Edition, goes beyond technology, covering crucial management issues faced in protecting infrastructure and information This edition contains an all-new chapter on the economics of cybersecurity, explaining ways to make a business case for security investments Another new chapter addresses privacy from data mining and identity theft, to RFID and e-voting New coverage also includes Programming mistakes that compromise security: man-in-the-middle, timing, and privilege escalation attacks Web application threats and vulnerabilities Networks of compromised systems: bots, botnets, and drones Rootkits including the notorious Sony XCP Wi-Fi network security challenges, standards, and techniques New malicious code attacks, including false interfaces and keystroke loggers Improving code quality: software engineering, testing, and liability approaches Biometric authentication: capabilities and limitations Using the Advanced Encryption System (AES) more effectively Balancing dissemination with piracy control in music and other digital content Countering new cryptanalytic attacks against RSA, DES, and SHA Responding to the emergence of organized attacker groups pursuing profit Security in Computing, Fourth Edition By Charles P Pfleeger - Pfleeger Consulting Group, Shari Lawrence Pfleeger - RAND Corporation Publisher: Prentice Hall Pub Date: October 13, 2006 Print ISBN-10: 0-13-239077-9 Print ISBN-13: 978-0-13-239077-4 Pages: 880 Table of Contents | Index Copyright Foreword Preface Chapter 1 Is There a Security Problem in Computing? Section 1.1 What Does "Secure" Mean? Section 1.2 Attacks Section 1.3 The Meaning of Computer Security Section 1.4 Computer Criminals Section 1.5 Methods of Defense Section 1.6 What's Next Section 1.7 Summary Section 1.8 Terms and Concepts Section 1.9 Where the Field Is Headed Section 1.10 To Learn More Section 1.11 Exercises Chapter 2 Elementary Cryptography Section 2.1 Terminology and Background Section 2.2 Substitution Ciphers Section 2.3 Transpositions (Permutations) Section 2.4 Making "Good" Encryption Algorithms Section 2.5 The Data Encryption Standard Section 2.6 The AES Encryption Algorithm Section 2.7 Public Key Encryption Section 2.8 The Uses of Encryption Section 2.9 Summary of Encryption Section 2.10 Terms and Concepts Section 2.11 Where the Field Is Headed Section 2.12 To Learn More Section 2.13 Exercises Chapter 3 Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code Section 3.4 Targeted Malicious Code Section 3.5 Controls Against Program Threats Section 3.6 Summary of Program Threats and Controls Section 3.7 Terms and Concepts Section 3.8 Where the Field Is Headed Section 3.9 To Learn More Section 3.10 Exercises Chapter 4 Protection in General-Purpose Operating Systems Section 4.1 Protected Objects and Methods of Protection Section 4.2 Memory and Address Protection Section 4.3 Control of Access to General Objects Section 4.4 File Protection Mechanisms Section 4.5 User Authentication Section 4.6 Summary of Security for Users Section 4.7 Terms and Concepts Section 4.8 Where the Field Is Headed Section 4.9 To Learn More Section 4.10 Exercises Chapter 5 Designing Trusted Operating Systems Section 5.1 What Is a Trusted System? Section 5.2 Security Policies Section 5.3 Models of Security Section 5.4 Trusted Operating System Design Section 5.5 Assurance in Trusted Operating Systems Section 5.6 Summary of Security in Operating Systems Section 5.7 Terms and Concepts Section 5.8 Where the Field Is Headed Section 5.9 To Learn More Section 5.10 Exercises Chapter 6 Database and Data Mining Security Section 6.1 Introduction to Databases Section 6.2 Security Requirements Section 6.3 Reliability and Integrity Section 6.4 Sensitive Data Section 6.5 Inference Section 6.6 Multilevel Databases Section 6.7 Proposals for Multilevel Security Section 6.8 Data Mining Section 6.9 Summary of Database Security Section 6.10 Terms and Concepts Section 6.11 Where the Field Is Headed Section 6.12 To Learn More Section 6.13 Exercises Chapter 7 Security in Networks Section 7.1 Network Concepts Section 7.2 Threats in Networks Section 7.3 Network Security Controls Section 7.4 Firewalls Section 7.5 Intrusion Detection Systems Section 7.6 Secure E-Mail Section 7.7 Summary of Network Security Section 7.8 Terms and Concepts Section 7.9 Where the Field Is Headed Section 7.10 To Learn More Section 7.11 Exercises Chapter 8 Administering Security Section 8.1 Security Planning Section 8.2 Risk Analysis Section 8.3 Organizational Security Policies Section 8.4 Physical Security Section 8.5 Summary Section 8.6 Terms and Concepts Section 8.7 To Learn More Section 8.8 Exercises Chapter 9 The Economics of Cybersecurity Section 9.1 Making a Business Case Section 9.2 Quantifying Security Section 9.3 Modeling Cybersecurity Section 9.4 Current Research and Future Directions Section 9.5 Summary Section 9.6 Terms and Concepts Section 9.7 To Learn More Section 9.8 Exercises Chapter 10 Privacy in Computing Section 10.1 Privacy Concepts Section 10.2 Privacy Principles and Policies Section 10.3 Authentication and Privacy Section 10.4 Data Mining Section 10.5 Privacy on the Web Section 10.6 E-Mail Security Section 10.7 Impacts on Emerging Technologies Section 10.8 Summary Section 10.9 Terms and Concepts Section 10.10 Where the Field Is Headed Section 10.11 To Learn More Section 10.12 Exercises Chapter 11 Legal and Ethical Issues in Computer Security Section 11.1 Protecting Programs and Data Section 11.2 Information and the Law Section 11.3 Rights of Employees and Employers Section 11.4 Redress for Software Failures Section 11.5 Computer Crime Section 11.6 Ethical Issues in Computer Security Section 11.7 Case Studies of Ethics Section 11.8 Terms and Concepts Section 11.9 To Learn More Section 11.10 Exercises Chapter 12 Cryptography Explained Section 12.1 Mathematics for Cryptography Section 12.2 Symmetric Encryption Section 12.3 Public Key Encryption Systems Section 12.4 Quantum Cryptography Section 12.5 Summary of Encryption Section 12.6 Terms and Concepts Section 12.7 Where the Field Is Headed Section 12.8 To Learn More Section 12.9 Exercises Bibliography Index Copyright Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests For more information, please contact: U.S Corporate and Government Sales (800) 382-3419 corpsales@pearsontechgroup.com For sales outside the United States, please contact: International Sales international@pearsoned.com Visit us on the Web: www.prenhallprofessional.com Library of Congress Cataloging-in-Publication Data Pfleeger, Charles P., 1948 Security in computing / Charles P Pfleeger, Shari Lawrence Pfleeger p cm Includes bibliographical references and index ISBN 0-13-239077-9 (hardback : alk paper) Computer security Data protection Privacy, Right of I Pfleege Lawrence II Title QA76.9.A25P45 2006 005.8dc22 2006026798 Copyright © 2007 Pearson Education, Inc All rights reserved Printed in the United States of America This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise For information regarding permissions, write to: Pearson Education, Inc Rights and Contracts Department One Lake Street Upper Saddle River, NJ 07458 Fax: (201) 236-3290 Text printed in the United States on recycled paper at Courier in Westford, First printing, October 2006 Foreword In the 1950s and 1960s, the prominent conference gathering places for practitioners and users of computer technology were the twice yearly Joint Computer Conferences (JCCs)initially called the Eastern and Western JCCs, but later renamed the Spring and Fall JCCs and even later, the annual National (AFIPS) Computer Conference From this milieu, the topic of computer securitylater to be called information system security and currently also referred to as "protection of the national information infrastructure"moved from the world of classified defense interests into public view A few peopleRobert L Patrick, John P Haverty, and I among othersall then at the RAND Corporationhad been talking about the growing dependence of the country and its institutions on computer technology It concerned us that the installed systems might not be able to protect themselves and their data against intrusive and destructive attacks We decided that it was time to bring the security aspect of computer systems to the attention of the technology and user communities The enabling event was the development within the National Security Agency (NSA) of a remote-access time-sharing system with a full set of security access controls, running on a Univac 494 machine, and serving terminals and users not only within the headquarters building at Fort George G Meade, Maryland, but also worldwide Fortuitously, I knew details of the system Persuading two others from RAND to helpDr Harold Peterson and Dr Rein Turnplus Bernard Peters of NSA, I organized a group of papers and presented it to the SJCC conference management as a ready-made additional paper session to be chaired by me [1] The conference accepted the offer, and the session was presented at the Atlantic City (NJ) Convention Hall in 1967 ITSEC (Information Technology Security Evaluation Criteria) 2nd marketability overview process description protection profiles security targets security, as add-on summary of criteria target phrases TCSEC (Trusted Computer System Evaluation Criteria) 2nd TOE (target of evaluation) transferability United States 2nd flaws ambiguous access policies exploitation examples incomplete mediation known vulnerabilities time-of-check to time-of-use flaws typical flaws user interface vulnerability methods formal verification penetration testing requirements checking reviews, design and code system testing testing theorem provers validation open source overview Tunnels, network encryption Turing machines Two-factor authentication Two-phase update Twofish algorithm Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] UCC (Uniform Commercial Code) UDP (user datagram protocol) Unauthorized access Undefined opcodes Unexpected behavior Uninterruptible power supply (UPS) Unit testing 2nd [See also Testing.] United Kingdom cost of security incidents RIPA (Regulation of Investigatory Powers Act) United States California Breach Act CAN SPAM Act Census Bureau Computer Fraud and Abuse Act Economic Espionage Act Electronic Communications Privacy Act Electronic Funds Transfer Act evaluating trusted systems 2nd Freedom of Information Act GLBA (Graham-Leach-Bliley Act) government audit data overload security report card HIPAA (Health Insurance Portability and Accountability Act) laws [See Laws, U.S ] Patriot Act Privacy Act privacy principles and policies Universality of ethics Universities, as prime targets Unknown path Unknown perimeter Unshielded twisted pair (UTP) cable Upper bound UPS (uninterruptible power supply) URLs, legal issues Usage controls on cryptography Use of computer services, ethical issues Usefulness User authentication [See also Authentication.] additional authentication information biometrics 2nd challenge-response system 2nd cookies databases flaws impersonating trusted systems impersonation of login multifactor authentication one-time passwords overview password attacks password selection criteria passwords as authenticators phishing principles of trusted systems 2nd process description single sign-on two-factor authentication versus identification User datagram protocol (UDP) User interests User interface vulnerability User-group-world protection Users human fallibility case study security policies security responsibilities Utilitarianism UTP (unshielded twisted pair) cable Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] V.A (Veterans Administration) Validation Validation errors Value of data Value of security [See Economics of cybersecurity.] VAM (Vulnerability Assessment and Mitigation) 2nd Vandalism Varian, Hal Vendor interests Verifying program code [See Testing code.] Verisign 2nd 3rd Vernam cipher Vernam, Gilbert Version proliferation, databases Views, multilevel databases Vignère tableau 2nd Virtual machines Virtual memory Virtual private networks (VPNs) Virtualization Virus scanners Viruses [See also Malicious code.] appended to a program application programs attachment benign boot sector bootstrapping Brain Code Red cookies defense methods definition document e-mail attachment effects and causes gaining control homes for 2nd in read-only files infecting hardware integrated Internet worm libraries memory-resident misconceptions one-time execution platform limitations qualities of resident signatures definition execution patterns polymorphism scanners storage patterns transmission patterns source of spreading media surrounding a program surviving power off transient triggering web bugs Voice recognition authentication [See Biometrics.] VoIP (Voice over IP) Voting, electronic VPNs (virtual private networks) Vulnerabilities [See also Attacks ; specific vulnerabilities.] data definition hardware laptop computers mapping to controls network threat 2nd risk analysis software versus threats Vulnerability Assessment and Mitigation (VAM) 2nd Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] Walk-through, code WAN (wide area network) War driving Ware committee report Ware, Willis Warranty of cyberworthiness Watermarking Weak keys, DES Weak passwords Weakest link principle Weakest point Weakness [See Risk analysis; Risks; Threats; Vulnerabilities.] Weaknesses Web bugs 2nd Web servers, escape-character attack Web sites [See also Internet.] content, legal issues defacing posting privacy policies privacy advertising adware contests cookies credit card payments drive-by installation highjackers keystroke loggers offers online environment online profiling payment schemes payments online precautions registration shopping site ownership spyware third-party ads third-party cookies web bugs privacy controls, commercial privacy controls, government tracking usage vulnerabilities Well-formed transactions Well-known authentication WEP (wired equivalent privacy) White-box testing Wide area network (WAN) WiFi [See Wireless.] WiFi Protected Access (WPA) Wild cards Wilshire Associates, e-mail theft Windows, distributed authentication Windows, multilevel databases [See also Views.] Wireless networks description eavesdropping interception rogue access points security theft of service 2nd vulnerabilities vulnerabilities, case study war driving wiretapping Wiretapping 2nd Woods, Alan Word, deleting text Work for hire Workstations World War II case studies ASINTOER code Enigma code machine Japanese codes poem codes silken codes Soviet Union codes Worms [See also Malicious code; Viruses.] Code Red 2nd definition Internet worm WPA (WiFi Protected Access) Write-down Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] XCP (extended copy protection) Xu, Hao Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] Zero day exploits Zimmerman, Phil Zombie ... Is There a Security Problem in Computing? In this chapter The risks involved in computing The goals of secure computing: confidentiality, integrity, availability The threats to security in computing: interception, interruption, modification,... encryption: the "Swiss army knife" of security controls code: security in programs, including applications, operating systems, database management systems, and networks management: building and administering a computing installation, from one computer to thousands, and... the shift from individual hackers working for personal reasons to organized attacker groups working for financial gain programming flaws leading to security failures, highlighting man -in- the-middle, timing, and privilege escalation errors