Fundamentals of Computer Security Technology

The primary goal of this book is to introduce critical issues in computer security technology to individuals who rely on computer and network systems in their work and need to protect information and resources from malicious tampering.

In his forward, Leonard LaPadula writes, "Students, teachers, engineers, and scientists interested in computer security have a new assistant in this book. Basing his approach and much of the material on extensive notes from his teaching experience, D. Amoroso has produced a book that sympathetically teaches and effectively summarizes computer security."

Students and professionals will benefit from the thorough coverage of fundamental topics including:

• Threat and vulnerability assessment
• Security policy modeling
• Safeguard and countermeasure selection
• Network and database security
• Security evaluation

Also includes an extensive annotated bibliography describing over 250 papers, reports, and texts dealing with computer security.

1. Threats to Computer Systems
1. Threats, Vulnerabilities, and Attacks
2. Types of Threats
• Disclosure Threat
• Integrity Threat
• Denial of Service Threat
3. Attacker Intent
4. Security and Usability
5. Further Impediments to Security
6. System Security Engineering
• Summary
• Bibliographic Notes
• Exercises
2. Threat Trees
1. Arbitrary Threat Lists
2. Threat Trees
3. Example: Hospital Computer System
4. Using Threat Trees for Calculation
5. Using Threat Trees to Support System Security Engineering
6. Example: Aircraft Computer System
• Summary
• Bibliographic Notes
• Exercises
3. Categorization of Attacks
1. Using an Attack Taxonomy
2. Considerations in Selecting an Attack Taxonomy
3. Example: Simple Attack Taxonomy
4. Example: Risks-based Empirical Attack Taxonomy
• External Information Theft
• External Abuse of resources
• External Masquerading
• Pest Programs
• Bypassing of Internal Controls
• Active Authority Abuse
• Abuse Through Inaction
• Indirect Abuse
• Summary
• Bibliographic Notes
• Exercises
4. Trojan Horses and Viruses
1. Trojan Horses
2. Viruses
3. Self-Reproducing Programs
4. Code Propagation
5. Typical Virus Operation
6. Example: Internet Virus
7. Trojan Horse Clues
• Summary
• Bibliographic Notes
• Exercises
5. Common Attack Methods
1. Example: Password Spoof Program
2. Example: Password Theft by Clever Reasoning
3. Example: Logic Bomb Mail
4. Example: Scheduled File Removal
5. Example: Field Separator Attack
6. Example: Insertion of Compiler Trojan Horse
7. Simple Attack Prevention Methods
• Individual Screening
• Physical Controls
• Care in Operations
• Summary
• Bibliographic Notes
• Exercises
6. Security Labels
1. Security Levels
2. Security Categories
3. Security Labels
4. Subjects and Objects
5. Clearances and Classifications
6. Dominates Relation
7. Example: UNIX System V/MLS Security Labels
• Summary
• Bibliographic Notes
• Exercises
7. The Lattice of Security Labels
1. Basic Properties of Lattices
2. The Lattice of Security Labels
3. Example: Military Security Label Lattices
4. Using Security Label Lattices
5. Mathematical Security Modeling
• Summary
• Bibliographic Notes
• Exercises
8. Security Policies
1. Reference Monitor Concept
2. Security Policy Concepts
3. Informal Security Policy Expression
4. Example: UNIX System V/MLS Security Policy
5. Formal Security Policy Expression
6. Example: Formal Policy Expressions
7. Expressing a Security Policy with Respect to a Specificatgion
• Summary
• Bibliographic Notes
• Exercises
9. The Bell-LaPadula Disclosure Model
1. Level Diagrams
2. BLP Model Rules
3. Tranquility and the BLP Model
4. Formalized Description of the BLP Model
5. An Inductive Procedure for the BLP Model
6. Example: BLP Model-Compliant System
• Summary
• Bibliographic Notes
• Exercises
10. BLP Analysis and Debate
1. Example; Blind Writes
2. Example: Remote Reads
3. Example: Trusted Subjects
4. Example: System Z
• Summary
• Bibliographic Notes
• Exercises
11. Nondeduciblility and Noninterference Security
1. Nondeducibility Security
2. Example: Nondeducibility Secure Parity System
3. Noninterference Security
4. Example: Parity System Not Noninterference Secure
5. Remarks on Disclosure Definitions
• Summary
• Bibliographic Notes
• Exercises
12. The Biba Integrity Model
1. Mandatory Integrity Model
2. Subject Low-Water Mark Model
3. Object Low-Water Mark Model
4. Formalized Description of the Biba Model
5. Example: Biba Model-Compliant System
6. Assessment of the Biba Model
7. Example; Biba abd BLP Model Combination
• Summary
• Bibliographic Notes
• Exercises
13. The Clark-Wilson Integrity Model
1. Preliminary CW Concepts
2. CW Model Rules
3. Assessment of the CW Model
4. Combining the CW Model with the Biba Model
• Summary
• Bibliographic Notes
• Exercises
14. Denial of Service
1. DOS Concept Definitions
2. Example: DOS Requirements in Temporal Logic
3. Mandatory DOS Model
4. Millen's Resource Allocation Model (RAM)
• Summary
• Bibliographic Notes
• Exercises
15. Safeguards and Countermeasures
1. Safeguards
2. Countermeasures
3. Overview of Security Mechanisms
• Configuration Management
• Formal Specification and Verification
• Enhanced Life Cycle Activities
4. A Collection of Selection Principles
• Summary
• Bibliographic Notes
• Exercises
16. Auditing
1. Auditing Requirements
2. Operational Descriptions of Auditing
• Step 1: Determine What Must Be Audited
• Step 2: Insert Audit Calls
• Step 3: Create Protected Log Routines
3. Example: UNIX System V/MLS Auditing
4. Example: CMW Auditing
5. Alternative Auditing Approaches
6. Attacks Countered by Auditing
• Summary
• Bibliographic Notes
• Exercises
17. Intrusion Detection
1. Intrusion Detection Architecture
2. Intrusion Detection Concepts
3. IDES Model
• Subjects and Objects
• Audit Records
• Profiles
• Anomaly Records
• Activity Rules
4. Example: ComputerWatch
5. Attacks Countered by Intrusion Detection
• Summary
• Bibliographic Notes
• Exercises
18. Identification and Authentication
1. Identification and Authentication Concepts
2. Identification and Authentication Approaches
• Something Possessed
• Something Embodied
• Something Known
3. Example: Polonius
4. User Sessions
5. Trusted Path
6. Attacks Countered by Identification and Authentication
• Summary
• Bibliographic Notes
• Exercises
19. Passwords
1. User-Generated Passwords
2. Computer-Generated Passwords
3. Tunable Passwords
4. Password Cracking
5. Password Encryption
6. Password Salt
7. Example: UNIX System Password Management
• Summary
• Bibliographic Notes
• Exercises
20. Encryption
1. Basic Encryption Terminology and Concepts
2. Example; UNIX crypt
3. Substitution and Transposition
• Substitution
• Transposition
4. DES Overview
5. Attacks Countered by Encryption
• Summary
• Bibliographic Notes
• Exercises
21. Key Management Protocols
1. Attacks to Remote Communications
2. Private Key Protocol
3. Public Key Protocol
4. Example: Secure Terminal/Host Communication
5. RSA Implementation
6. Arbitrated Protocols with Third Party
7. Example: Kerberos
8. Key Distribution
9. Digital Signatures
• Summary
• Bibliographic Notes
• Exercises
22. Access Control
1. Access Control Mechanism
2. Discretionary vs. Mandatory
3. Access Matrices
4. Permission Mechanisms
5. ACL and Capability Mechanism
6. Example: Secure Xenix ACLs
7. Capabilities and the BLP Model
8. Mandatory Label-Based Mechanism
9. Example: UNIX System V/MLS Access Control
10. Example: Trusted Mach Access Control
11. Example: Secure Tunis Access Control
12. Attacks Countered by Access Control
• Summary
• Bibliographic Notes
• Exercises
23. Covert Channels
1. Definition of Covert Channels
2. Covert Storage Channels
3. Covert Timing Channels
4. Information Flow Approach
5. Resource Matrix Approach
6. Example: Covert Channel in SAT
7. Computers as the Weakest Link
• Summary
• Bibliographic Notes
• Exercises
24. Composing Security
1. Security Composibility
2. Nondeducibility Composition Scenario
3. Composing Nondeducibility
4. Noninterference Composibility Scenario
5. Composing Noninterfeernce
6. Security Composibility Implications
• Summary
• Bibliographic Notes
• Exercises
25. Privileges and Roles
1. Privileges and Role Definitions
2. Role-Based Attacks
3. Principles of Least Privilege
4. Transformation and Revocation
5. Example: Least Privilege on UNIX-Based Systems
6. Example: Least Privilege in Program Development
• Summary
• Bibliographic Notes
• Exercises
26. Security Kernels
1. Security Kernel Organization
2. Principles of Kernel Design
3. Example: Kernelized Secure Operating System (KSOS)
4. Trusted Computing Base (TCB)
5. Example: UNIX System V/MLS TCB
6. Example: SCOMP TCB
7. TCB Layering
• Summary
• Bibliographic Notes
• Exercises
27. Network Security
1. Network Security Overview
2. Network Attacks
3. Encryption Strategies
4. End-to-End vs. Link Encryption
• Link Encryption
• End-to-End Encryption
5. Network Security Policy Issues
6. Example: MLS/TCP
7. Example: Secure Data Network System (SDNS)
• Summary
• Bibliographic Notes
• Exercises
28. Database Security
1. Database Attacks
2. Database Inference Problem
3. Database Aggregation Problem
4. Polyinstantiation
5. Database Applications on Secure Base
6. Example: SeaView Database
7. Integrity Lock Approach
8. Integrity Mechanisms for Secure Databases
• Summary
• Bibliographic Notes
• Exercises
29. Security Evaluation
1. Goals of Security Evaluation
2. Orange Book Overview
• D Division (Minimal Protection)
• C Division (Discretionary Protection)
• B Division (Mandatory Protection)
• A Division (Verified Protection)
3. Trusted Network Interpretation
4. NCSC RAMP
5. Alternate Security Criteria
• Summary
• Bibliographic Notes
• Exercises

• Annotated Bibliography
• Twenty-Five Greatest Works in Computer Security

One of my favorite security books. Describes nearly everything you need to know in a very condensed manner. My layman explanations are to a large degree stolen from this book.