计算机安全导论 英文【2025|PDF|Epub|mobi|kindle电子书版本百度云盘下载】

计算机安全导论 英文PDF格式电子书版下载

注意：本站所有压缩包均有解压码： 点击下载压缩包解压工具

1 Introduction1

1.1 Fundamental Concepts2

1.1.1 Confidentiality，Integrity，and Availability3

1.1.2 Assurance，Authenticity，and Anonymity9

1.1.3 Threats and Attacks14

1.1.4 Security Principles15

1.2 Access Control Models19

1.2.1 Access Control Matrices19

1.2.2 Access Control Lists20

1.2.3 Capabilities22

1.2.4 Role-Based Access Control23

1.3 Cryptographic Concepts25

1.3.1 Encryption25

1.3.2 Digital Signatures31

1.3.3 Simple Attacks on Cryptosystems32

1.3.4 Cryptographic Hash Functions35

1.3.5 Digital Certificates37

1.4 Implementation and Usability Issues39

1.4.1 Efficiency and Usability39

1.4.2 Passwords41

1.4.3 Social Engineering43

1.4.4 Vulnerabilities from Programming Errors44

1.5 Exercises46

2 Physical Security55

2.1 Physical Protections and Attacks56

2.2 Locks and Safes57

2.2.1 Lock Technology57

2.2.2 Attacks on Locks and Safes62

2.2.3 The Mathematics of Lock Security68

2.3 Authentication Technologies71

2.3.1 Barcodes71

2.3.2 Magnetic Stripe Cards72

2.3.3 Smart Cards74

2.3.4 RFIDs79

2.3.5 Biometrics83

2.4 Direct Attacks Against Computers88

2.4.1 Environmental Attacks and Accidents88

2.4.2 Eavesdropping89

2.4.3 TEMPEST94

2.4.4 Live CDs96

2.4.5 Computer Forensics96

2.5 Special-Purpose Machines99

2.5.1 Automated Teller Machines99

2.5.2 Voting Machines101

2.6 Physical Intrusion Detection103

2.6.1 Video Monitoring103

2.6.2 Human Factors and Social Engineering105

2.7 Exercises106

3 Operating Systems Security113

3.1 Operating Systems Concepts114

3.1.1 The Kernel and Input/Output115

3.1.2 Processes116

3.1.3 The Filesystem121

3.1.4 Memory Management124

3.1.5 Virtual Machines128

3.2 Process Security130

3.2.1 Inductive Trust from Start to Finish130

3.2.2 Monitoring，Management，and Logging132

3.3 Memory and Filesystem Security136

3.3.1 Virtual Memory Security136

3.3.2 Password-Based Authentication137

3.3.3 Access Control and Advanced File Permissions140

3.3.4 File Descriptors146

3.3.5 Symbolic Links and Shortcuts148

3.4 Application Program Security149

3.4.1 Compiling and Linking149

3.4.2 Simple Buffer Overflow Attacks150

3.4.3 Stack-Based Buffer Overflow152

3.4.4 Heap-Based Buffer Overflow Attacks159

3.4.5 Format String Attacks162

3.4.6 Race Conditions163

3.5 Exercises166

4 Malware173

4.1 Insider Attacks174

4.1.1 Backdoors174

4.1.2 Logic Bombs177

4.1.3 Defenses Against Insider Attacks180

4.2 Computer Viruses181

4.2.1 Virus Classification182

4.2.2 Defenses Against Viruses185

4.2.3 Encrypted Viruses186

4.2.4 Polymorphic and Metamorphic Viruses187

4.3 Malware Attacks188

4.3.1 Trojan Horses188

4.3.2 Computer Worms190

4.3.3 Rootkits195

4.3.4 Zero-Day Attacks199

4.3.5 Botnets200

4.4 Privacy-Invasive Software202

4.4.1 Adware202

4.4.2 Spyware204

4.5 Countermeasures208

4.5.1 Best Practices208

4.5.2 The Impossibility of Detecting All Malware211

4.5.3 The Malware Detection Arms Race213

4.5.4 Economics of Malware214

4.6 Exercises215

5 Network Security Ⅰ221

5.1 Network Security Concepts222

5.1.1 Network Topology222

5.1.2 Internet Protocol Layers223

5.1.3 Network Security Issues227

5.2 The Link Layer229

5.2.1 Ethernet229

5.2.2 Media Access Control（MAC）Addresses232

5.2.3 ARP Spoofing233

5.3 The Network Layer236

5.3.1 IP236

5.3.2 Internet Control Message Protocol240

5.3.3 IP Spoofing242

5.3.4 Packet Sniffing244

5.4 The Transport Layer246

5.4.1 Transmission Control Protocol（TCP）246

5.4.2 User Datagram Protocol（UDP）250

5.4.3 Network Address Translation（NAT）251

5.4.4 TGP Session Hijacking253

5.5 Denial-of-Service Attacks256

5.5.1 ICMP Attacks256

5.5.2 SYN Flood Attacks258

5.5.3 Optimistic TCP ACK Attack260

5.5.4 Distributed Denial-of-Service261

5.5.5 IP Traceback262

5.6 Exercises264

6 Network Security Ⅱ269

6.1 The Application Layer and DNS270

6.1.1 A Sample of Application-Layer Protocols270

6.1.2 The Domain Name System（DNS）271

6.1.3 DNS Attacks278

6.1.4 DNSSEC285

6.2 Firewalls287

6.2.1 Firewall Policies288

6.2.2 Stateless and Stateful Firewalls289

6.3 Tunneling292

6.3.1 Secure Shell（SSH）293

6.3.2 IPsec294

6.3.3 Virtual Private Networking（VPN）297

6.4 Intrusion Detection299

6.4.1 Intrusion Detection Events302

6.4.2 Rule-Based Intrusion Detection305

6.4.3 Statistical Intrusion Detection306

6.4.4 Port Scanning308

6.4.5 Honeypots312

6.5 Wireless Networking313

6.5.1 Wireless Technologies314

6.5.2 Wired Equivalent Privacy（WEP）315

6.5.3 Wi-Fi Protected Access（WPA）318

6.6 Exercises322

7 Web Security327

7.1 The World Wide Web328

7.1.1 HTTP and HTML328

7.1.2 HTTPS334

7.1.3 Dynamic Content339

7.1.4 Sessions and Cookies342

7.2 Attacks on Clients347

7.2.1 Session Hijacking347

7.2.2 Phishing349

7.2.3 Click-Jacking351

7.2.4 Vulnerabilities in Media Content352

7.2.5 Privacy Attacks356

7.2.6 Cross-Site Scripting（XSS）357

7.2.7 Cross-Site Request Forgery（CSRF）364

7.2.8 Defenses Against Client-Side Attacks366

7.3 Attacks on Servers368

7.3.1 Server-Side Scripting368

7.3.2 Server-Side Script Inclusion Vulnerabilities370

7.3.3 Databases and SQL Injection Attacks372

7.3.4 Denial-of-Service Attacks378

7.3.5 Web Server Privileges379

7.3.6 Defenses Against Server-Side Attacks380

7.4 Exercises382

8 Cryptography387

8.1 Symmetric Cryptography388

8.1.1 Attacks389

8.1.2 Substitution Ciphers391

8.1.3 One-Time Pads393

8.1.4 Pseudo-Random Number Generators395

8.1.5 The Hill Cipher and Transposition Ciphers397

8.1.6 The Advanced Encryption Standard（AES）399

8.1.7 Modes of Operation402

8.2 Public-Key Cryptography406

8.2.1 Modular Arithmetic406

8.2.2 The RSA Cryptosystem410

8.2.3 The Elgamal Cryptosystem413

8.2.4 Key Exchange415

8.3 Cryptographic Hash Functions417

8.3.1 Properties and Applications417

8.3.2 Birthday Attacks419

8.4 Digital Signatures421

8.4.1 The RSA Signature Scheme422

8.4.2 The Elgamal Signature Scheme423

8.4.3 Using Hash Functions with Digital Signatures424

8.5 Details of AES and RSA Cryptography425

8.5.1 Details for AES425

8.5.2 Details for RSA431

8.6 Exercises439

9 Security Models and Practice445

9.1 Policy，Models，and Trust446

9.1.1 Security Policy446

9.1.2 Security Models447

9.1.3 Trust Management448

9.2 Access-Control Models450

9.2.1 The Bell-La Padula Model450

9.2.2 Other Access-Control Models454

9.2.3 Role-Based Access Control456

9.3 Security Standards and Evaluation460

9.3.1 Orange Book and Common Criteria460

9.3.2 Government Regulations and Standards462

9.4 Software Vulnerability Assessment464

9.4.1 Static and Dynamic Analysis465

9.4.2 Exploit Development and Vulnerability Disclosure468

9.5 Administration and Auditing470

9.5.1 System Administration470

9.5.2 Network Auditing and Penetration Testing473

9.6 Kerberos475

9.6.1 Kerberos Tickets and Servers475

9.6.2 Kerberos Authentication476

9.7 Secure Storage479

9.7.1 File Encryption479

9.7.2 Disk Encryption481

9.7.3 Trusted Platform Module482

9.8 Exercises484

10 Distributed-Applications Security487

10.1 Database Security488

10.1.1 Tables and Queries489

10.1.2 Updates and the Two-Phase Commit Protocol491

10.1.3 Database Access Control493

10.1.4 Sensitive Data497

10.2 Email Security500

10.2.1 How Email Works500

10.2.2 Encryption and Authentication502

10.2.3 Spam507

10.3 Payment Systems and Auctions513

10.3.1 Credit Cards513

10.3.2 Digital Cash516

10.3.3 Online Auctions518

10.4 Digital-Rights Management519

10.4.1 Digital-Media Rights Techniques520

10.4.2 Digital-Media Rights Practice523

10.4.3 Software Licensing Schemes525

10.4.4 LegalIssues527

10.5 Social Networking528

10.5.1 Social Networks as Attack Vectors528

10.5.2 Privacy529

10.6 Voting Systems531

10.6.1 Security Goals531

10.6.2 ThreeBallot532

10.7 Exercises535