国外计算机科学教材系列：计算机安全·原理与实践（第2版）（英文版）

图书标准信息

• 作者 [美]William、[美]Lawrie Brown 著
• 出版社 电子工业出版社
• 出版时间 2013-04
• 版次 2
• ISBN 9787121200342
• 定价 99.00元
• 装帧 平装
• 开本 16开
• 纸张 胶版纸
• 页数 812页
• 字数 1520千字
• 正文语种 英语

【内容简介】

　　《国外计算机科学教材系列：计算机安全·原理与实践（第2版）（英文版）》在上一版的基础上进行了修订与更新，全面覆盖了计算机安全领域的相关主题。全书共分为五个部分：第一部分——计算机安全技术与原理，概述了支持有效安全策略所必需的技术领域；第二部分——软件安全与可信系统，讲解了软件开发和运行中的安全问题；第三部分——管理问题，主要讨论信息与计算机安全在管理方面的问题；第四部分——密码学算法，给出了各种类型的加密算法和其他类型的密码算法；第五部分——网络安全，重点分析了为网络通信提供安全保障的协议和标准。《国外计算机科学教材系列：计算机安全·原理与实践（第2版）（英文版）》思路清晰、结构严谨，并且提供了大量精心设计的实践问题。

【作者简介】

　　WilliamStallings，拥有美国麻省理工学院计算机科学博士学位，现任教于澳大利亚新南威尔士大学国防学院（堪培拉）信息技术与电子工程系。他是世界知名计算机学者和畅销教材作者，已经撰写了17部著作，出版了40多本书籍，内容涉及计算机安全、计算机网络和计算机体系结构等方面，堪称计算机界的全才。他曾九次荣获美国“教材和学术专著作者协会”颁发的“年度最佳计算机科学教材”奖。

【目录】

Chapter0Reader'sandInstructor'sGuide
0.1OutlineofThisBook
0.2ARoadmapforReadersandInstructors
0.3SupportforCISSPCertification
0.4InternetandWebResources
0.5Standards

Chapter1Overview
1.1ComputerSecurityConcepts
1.2Threats，Attacks，andAssets
1.3SecurityFunctionalRequirements
1.4ASecurityArchitectureforOpenSystems
1.5ComputerSecurityTrends
1.6ComputerSecurityStrategy
1.7RecommendedReadingandWebSites
1.8KeyTerms，ReviewQuestions，andProblems
PARTONE：COMPUTERSECURITYTECHNOLOGYANDPRINCIPLES

Chapter2CryptographicTools
2.1ConfidentialitywithSymmetricEncryption
2.2MessageAuthenticationandHashFunctions
2.3Public-KeyEncryption
2.4DigitalSignaturesandKeyManagement
2.5RandomandPseudorandomNumbers
2.6PracticalApplication：EncryptionofStoredData
2.7RecommendedReadingandWebSites
2.8KeyTerms，ReviewQuestions，andProblems

Chapter3UserAuthentication
3.1MeansofAuthentication
3.2Password-BasedAuthentication
3.3Token-BasedAuthentication
3.4BiometricAuthentication
3.5RemoteUserAuthentication
3.6SecurityIssuesforUserAuthentication
3.7PracticalApplication：AnIrisBiometricSystem
3.8CaseStudy：SecurityProblemsforATMSystems
3.9RecommendedReadingandWebSites
3.10KeyTerms，ReviewQuestions，andProblems

Chapter4AccessControl
4.1AccessControlPrinciples
4.2Subjects，Objects，andAccessRights
4.3DiscretionaryAccessControl
4.4Example：UNIXFileAccessControl
4.5Role-BasedAccessControl
4.6CaseStudy：RBACSystemforaBank
4.7RecommendedReadingandWebSite
4.8KeyTerms，ReviewQuestions，andProblems

Chapter5DatabaseSecurity
5.1TheNeedforDatabaseSecurity
5.2DatabaseManagementSystems
5.3RelationalDatabases
5.4DatabaseAccessControl
5.5Inference
5.6StatisticalDatabases
5.7DatabaseEncryption
5.8CloudSecurity
5.9RecommendedReadingandWebSite
5.10KeyTerms，ReviewQuestions，andProblems

Chapter6MaliciousSoftware
6.1TypesofMaliciousSoftware（Malware）
6.2Propagation-InfectedContent-Viruses
6.3Propagation-VulnerabilityExploit-Worms
6.4Propagation-SocialEngineering-SPAME-mail，Trojans
6.5Payload-SystemCorruption
6.6Payload-AttackAgent-Zombie，Bots
6.7Payload-InformationTheft-Keyloggers，Phishing，Spyware
6.8Payload-Stealthing-Backdoors，Rootkits
6.9Countermeasures
6.10RecommendedReadingandWebSites
6.11KeyTerms，ReviewQuestions，andProblems

Chapter7Denial-of-ServiceAttacks
7.1Denial-of-ServiceAttacks
7.2FloodingAttacks
7.3DistributedDenial-of-ServiceAttacks
7.4Application-BasedBandwidthAttacks
7.5ReflectorandAmplifierAttacks
7.6DefensesAgainstDenial-of-ServiceAttacks
7.7RespondingtoaDenial-of-ServiceAttack
7.8RecommendedReadingandWebSites
7.9KeyTerms，ReviewQuestions，andProblems

Chapter8IntrusionDetection
8.1Intruders
8.2IntrusionDetection
8.3Host-BasedIntrusionDetection
8.4DistributedHost-BasedIntrusionDetection
8.5Network-BasedIntrusionDetection
8.6DistributedAdaptiveIntrusionDetection
8.7IntrusionDetectionExchangeFormat
8.8Honeypots
8.9ExampleSystem：Snort
8.10RecommendedReadingandWebSites
8.11KeyTerms，ReviewQuestions，andProblems

Chapter9FirewallsandIntrusionPreventionSystems
9.1TheNeedforFirewalls
9.2FirewallCharacteristics
9.3TypesofFirewalls
9.4FirewallBasing
9.5FirewallLocationandConfigurations
9.6IntrusionPreventionSystems
9.7Example：UnifiedThreatManagementProducts
9.8RecommendedReadingandWebSite
9.9KeyTerms，ReviewQuestions，andProblems
PARTTWO：SOFTWARESECURITYANDTRUSTEDSYSTEMS

Chapter10BufferOverflow
10.1StackOverflows
10.2DefendingAgainstBufferOverflows
10.3OtherFormsofOverflowAttacks
10.4RecommendedReadingandWebSites
10.5KeyTerms，ReviewQuestions，andProblems

Chapter11SoftwareSecurity
11.1SoftwareSecurityIssues
11.2HandlingProgramInput
11.3WritingSafeProgramCode
11.4InteractingwiththeOperatingSystemandOtherPrograms
11.5HandlingProgramOutput
11.6RecommendedReadingandWebSites
11.7KeyTerms，ReviewQuestions，andProblems

Chapter12OperatingSystemSecurity
12.1IntroductiontoOperatingSystemSecurity
12.2SystemSecurityPlanning
12.3OperatingSystemsHardening
12.4ApplicationSecurity
12.5SecurityMaintenance
12.6Linux/UnixSecurity
12.7WindowsSecurity
12.8VirtualizationSecurity
12.9RecommendedReadingandWebSites
12.10KeyTerms，ReviewQuestions，andProblems

Chapter13TrustedComputingandMultilevelSecurity
13.1TheBell-LaPadulaModelforComputerSecurity
13.2OtherFormalModelsforComputerSecurity
13.3TheConceptofTrustedSystems
13.4ApplicationofMultilevelSecurity
13.5TrustedComputingandtheTrustedPlatformModule
13.6CommonCriteriaforInformationTechnologySecurityEvaluation
13.7AssuranceandEvaluation
13.8RecommendedReadingandWebSites
13.9KeyTerms，ReviewQuestions，andProblems
PARTTHREE：MANAGEMENTISSUES

Chapter14ITSecurityManagementandRiskAssessment
14.1ITSecurityManagement
14.2OrganizationalContextandSecurityPolicy
14.3SecurityRiskAssessment
14.4DetailedSecurityRiskAnalysis
14.5CaseStudy：SilverStarMines
14.6RecommendedReadingandWebSites
14.7KeyTerms，ReviewQuestions，andProblems

Chapter15ITSecurityControls，Plans，andProcedures
15.1ITSecurityManagementImplementation
15.2SecurityControlsorSafeguards
15.3ITSecurityPlan
15.4ImplementationofControls
15.5ImplementationFollow-up
15.6CaseStudy：SilverStarMines
15.7RecommendedReading
15.8KeyTerms，ReviewQuestions，andProblems

Chapter16PhysicalandInfrastructureSecurity
16.1Overview
16.2PhysicalSecurityThreats
16.3PhysicalSecurityPreventionandMitigationMeasures
16.4RecoveryfromPhysicalSecurityBreaches
16.5Example：ACorporatePhysicalSecurityPolicy
16.6IntegrationofPhysicalandLogicalSecurity
16.7RecommendedReadingandWebSites
16.8KeyTerms，ReviewQuestions，andProblems

Chapter17HumanResourcesSecurity
17.1SecurityAwareness，Training，andEducation
17.2EmploymentPracticesandPolicies
17.4ComputerSecurityIncidentResponseTeams
17.5RecommendedReadingandWebSites
17.6KeyTerms，ReviewQuestions，andProblems

Chapter18SecurityAuditing
18.1SecurityAuditingArchitecture
18.2TheSecurityAuditTrail
18.3ImplementingtheLoggingFunction
18.4AuditTrailAnalysis
18.5Example：AnIntegratedApproach
18.6RecommendedReadingandWebSite
18.7KeyTerms，ReviewQuestions，andProblems

Chapter19LegalandEthicalAspects
19.1CybercrimeandComputerCrime
19.2IntellectualProperty
19.3Privacy
19.4EthicalIssues
19.5RecommendedReadingandWebSites
19.6KeyTerms，ReviewQuestions，andProblems
PARTFOURCRYPTOGRAPHICALGORITHMS

Chapter20SymmetricEncryptionandMessageConfidentiality
20.1SymmetricEncryptionPrinciples
20.2DataEncryptionStandard
20.3AdvancedEncryptionStandard
20.4StreamCiphersandRC
20.5CipherBlockModesofOperation
20.6LocationofSymmetricEncryptionDevices
20.7KeyDistribution
20.8RecommendedReadingandWebSites
20.9KeyTerms，ReviewQuestions，andProblems

Chapter21Public-KeyCryptographyandMessageAuthentication
21.1SecureHashFunctions
21.2HMAC
21.3TheRSAPublic-KeyEncryptionAlgorithm
21.4Diffie-HellmanandOtherAsymmetricAlgorithms
21.5RecommendedReadingandWebSites
21.6KeyTerms，ReviewQuestions，andProblems
PARTFIVENETWORKSECURITY

Chapter22InternetSecurityProtocolsandStandards
22.1SecureE-mailandS/MIME
22.2DomainKeysIdentifiedMail
22.3SecureSocketsLayer（SSL）andTransportLayerSecurity（TLS）
22.4HTTPS
22.5IPv4andIPv6Security
22.6RecommendedReadingandWebSites
22.7KeyTerms，ReviewQuestions，andProblems

Chapter23InternetAuthenticationApplications
23.1Kerberos
23.2X.
23.3Public-KeyInfrastructure
23.4FederatedIdentityManagement
23.5RecommendedReadingandWebSites
23.6KeyTerms，ReviewQuestions，andProblems

Chapter24WirelessNetworkSecurity
24.1WirelessSecurityOverview
24.2IEEE802.11WirelessLANOverview
24.3IEEE802.11iWirelessLANSecurity
24.4RecommendedReadingandWebSites
24.5KeyTerms，ReviewQuestions，andProblems
AppendixAProjectsandOtherStudentExercisesforTeachingComputerSecurity
A.1HackingProject
A.2LaboratoryExercises
A.3ResearchProjects
A.4ProgrammingProjects
A.5PracticalSecurityAssessments
A.6FirewallProjects
A.7CaseStudies
A.8WritingAssignments
A.9Reading/ReportAssignments
References
Index
Credits

Chapter25LinuxSecurity
25.1Introduction
25.2Linux'sSecurityModel
25.3TheLinuxDACinDepth：FilesystemSecurity
25.4LinuxVulnerabilities
25.5LinuxSystemHardening
25.6ApplicationSecurity
25.7MandatoryAccessControls
25.8RecommendedReadingandWebSites
25.9KeyTerms，ReviewQuestions，andProblems

Chapter26WindowsandWindowsVistaSecurity
26.1WindowsSecurityArchitecture
26.2WindowsVulnerabilities
26.3WindowsSecurityDefenses
26.4BrowserDefenses
26.5CryptographicServices
26.6CommonCriteria
26.7RecommendedReadingandWebSites
26.8KeyTerms，ReviewQuestions，Problems，andProjects
AppendixBSomeAspectsofNumberTheory
B.1PrimeandRelativelyPrimeNumbers
B.2ModularArithmetic
B.3Fermat'sandEuler'sTheorems
AppendixCStandardsandStandard-SettingOrganizations
C.1TheImportanceofStandards
C.2InternetStandardsandtheInternetSociety
C.3NationalInstituteofStandardsandTechnology
C.4TheInternationalTelecommunicationUnion
C.5TheInternationalOrganizationforStandardization
C.6SignificantSecurityStandardsandDocuments
AppendixDRandomandPseudorandomNumberGeneration
D.1TheUseofRandomNumbers
D.2PseudorandomNumberGenerators（PRNGs）
D.3TrueRandomNumberGenerators
D.4References
AppendixEMessageAuthenticationCodesBasedonBlockCiphers
E.1Cipher-BasedMessageAuthenticationCode（CMAC）
E.2CounterwithCipherBlockChaining-MessageAuthenticationCode
AppendixFTCP/IPProtocolArchitecture
F.1TCP/IPLayers
F.2TCPandUDP
F.3OperationofTCP/IP
F.4TCP/IPApplications
AppendixGRadix-64Conversion
AppendixHSecurityPolicy-RelatedDocuments
H.1ACompany'sPhysicalandEnvironmentalSecurityPolicy
H.2SecurityPolicyStandardofGoodPractice
H.3SecurityAwarenessStandardofGoodPractice
H.5IncidentHandlingStandardofGoodPractice
AppendixITheDomainNameSystem
I.1DomainNames
I.2TheDNSDatabase
I.3DNSOperation
AppendixJTheBase-RateFallacy
J.1ConditionalProbabilityandIndependence
J.2Bayes'Theorem
J.3TheBase-RateFallacyDemonstrated
AppendixKGlossary
26.5CryptographicServices
26.6CommonCriteria
26.7RecommendedReadingandWebSites
26.8KeyTerms，ReviewQuestions，Problems，andProjects
AppendixBSomeAspectsofNumberTheory
B.1PrimeandRelativelyPrimeNumbers
B.2ModularArithmetic
B.3Fermat'sandEuler'sTheorems
AppendixCStandardsandStandard-SettingOrganizations
C.1TheImportanceofStandards
C.2InternetStandardsandtheInternetSociety
C.3NationalInstituteofStandardsandTechnology
C.4TheInternationalTelecommunicationUnion
C.5TheInternationalOrganizationforStandardization
C.6SignificantSecurityStandardsandDocuments
AppendixDRandomandPseudorandomNumberGeneration
D.1TheUseofRandomNumbers
D.2PseudorandomNumberGenerators（PRNGs）
D.3TrueRandomNumberGenerators
D.4References
AppendixEMessageAuthenticationCodesBasedonBlockCiphers
E.1Cipher-BasedMessageAuthenticationCode（CMAC）
E.2CounterwithCipherBlockChaining-MessageAuthenticationCode
AppendixFTCP/IPProtocolArchitecture
F.1TCP/IPLayers
F.2TCPandUDP
F.3OperationofTCP/IP
F.4TCP/IPApplications
AppendixGRadix-64Conversion
AppendixHSecurityPolicy-RelatedDocuments
H.1ACompany'sPhysicalandEnvironmentalSecurityPolicy
H.2SecurityPolicyStandardofGoodPractice
H.3SecurityAwarenessStandardofGoodPractice
H.5IncidentHandlingStandardofGoodPractice
AppendixITheDomainNameSystem
I.1DomainNames
I.2TheDNSDatabase
I.3DNSOperation
AppendixJTheBase-RateFallacy
J.1ConditionalProbabilityandIndependence
J.2Bayes'Theorem
J.3TheBase-RateFallacyDemonstrated
AppendixKGlossary