Security in Computing, 2/E
Charles P. Pfleeger

ISBN-10: 0133374866
ISBN-13: 9780133374865

Publisher: Prentice Hall
Copyright: 1997
Format: Cloth; 592 pp
Status: Out of Print

Suggested retail price: $74.00
Buy from myPearsonStore

Appropriate for courses in Computer Security.

This sweeping revision of the classic computer security book provides an overview of all types of computer security from centralized systems to distributed networks. The Second Edition has been updated to make the most current information in the field available and accessible to today's professionals.

  • NEW - Features new coverage of network security (firewalls, privacy enhancements for e-mail—PEM and PGP, secure network management, address spoofing, authentication and authorization in distributed systems, Kerberos, DCE, SESAME, CORBA, virtual private networks).
  • NEW - Includes new coverage of security in programs (viruses, worms, the Morris/Internet worm, Trojan horses, other malicious code, covert leakage channels, program development and management controls).
  • NEW - Presents new coverage of trust (security policies, models, security enforcement mechanisms, secure design, assurance, evaluation criteria, the U.S. "Orange Book" or TCSEC, the European ITSEC, the harmonized Common Criteria, evaluation).
  • NEW - Offers new coverage of management/administration of security (security administration for PCs, UNIX systems, and networks, security plans, organizational security policies, physical security management, risk management/analysis, contingency planning).
  • Provides coverage that is extremely up to date.
  • Offers extended coverage of network security issues.
  • Explains cryptology in depth.
  • Brings together core computer science concepts of operating systems, networks, database management systems, and program development techniques, while making accessible the mathematical and formal topics of computation complexity, number theory, cryptography, and protocols.
  • Contains pedagogical aids, such as an overview of key points to be learned in the chapter, a review of what the chapter has covered, a list of new terms and concepts, notes on key bibliographic references, and exercises to check understanding.
  • Offers a layered presentation and comprehensive coverage of all aspects of security, allowing instructors to decide which topics to cover and how deeply to cover them.
  • Covers key topics—vulnerabilities and controls—to the security of today’s information systems, including Firewalls, Privacy enhanced e-mail (PEM, PGP), Viruses, worms, Trojan horses, other malicious code, Cryptographic key escrow (e.g., "Clipper" /Fortezza), Risks in the World Wide Web and the Internet, Software quality, including ISO 9000 and the SEI CMM, Password security, Contingency planning, Digital signatures, including DSS, Public key cryptosystems, including RSA and El Gamal, Assurance evaluation—the Common Criteria, the ITSEC, the U.S. "Orange Book", Management and administration of secure installations, Security for the PC user—standalone and networked, and Risk analysis.
  • Offers over 175 exercises and six case studies.

  • Features new coverage of network security (firewalls, privacy enhancements for e-mail—PEM and PGP, secure network management, address spoofing, authentication and authorization in distributed systems, Kerberos, DCE, SESAME, CORBA, virtual private networks).
  • Includes new coverage of security in programs (viruses, worms, the Morris/Internet worm, Trojan horses, other malicious code, covert leakage channels, program development and management controls).
  • Presents new coverage of trust (security policies, models, security enforcement mechanisms, secure design, assurance, evaluation criteria, the U.S. "Orange Book" or TCSEC, the European ITSEC, the harmonized Common Criteria, evaluation).
  • Offers new coverage of management/administration of security (security administration for PCs, UNIX systems, and networks, security plans, organizational security policies, physical security management, risk management/analysis, contingency planning).



Preface.


1. Is There a Security Problem in Computing?

Characteristics of Computer Intrusion. Kinds of Security Breaches. Security Goals and Vulnerabilities. The People Involved. Methods of Defense. Plan of Attack. Bibliographic Notes. Terms and Concepts. Exercises.



2. Basic Encryption and Decryption.

Terminology and Background. Monoalphabetic Ciphers (Substitutions). Polyalphabetic Substitution Ciphers. Transpositions (Permutations). Fractionated Morse. Stream and Block Ciphers. Characteristics of “Good” Ciphers. What the Cryptanalyst Has to Work With. Summary of Basic Encryption. Bibliographic Notes. Terms and Concepts. Exercises.



3. Secure Encryption Systems.

“Hard” Problems: Complexity. Properties of Arithmetic. Public Key Encryption Systems. Merkle—Hellman Knapsacks. Rivest—Shamir— Adelman (RSA) Encryption. El Gamal and Digital Signature Algorithms. Hash Algorithms. Secure Secret Key (Symmetric) Systems. The Data Encryption Standard (DES). Key Escrow and Clipper. The Clipper Program. Conclusions. Summary of Secure Encryption. Bibliographic Notes. Terms and Concepts. Exercises.



4. Using Encryption: Protocols and Practices.

Protocols: Orderly Behavior. How to Use Encryption. Enhancing Cryptographic Security. Modes of Encryption. Summary of Protocols and Practices. Bibliographic Notes. Terms and Concepts. Exercises.



5. Program Security.

Viruses and Other Malicious Code. Targeted Malicious Code. Controls Against Program Threats. Summary of Program Threats and Controls. Bibliographic Notes. Terms and Concepts. Exercises.



6. Protection in General-Purpose Operating Systems.

Protected Objects and Methods of Protection. Protecting Memory and Addressing. Protecting Access to General Objects. File Protection Mechanisms. User Authentication. Summary of Security for Users. Bibliographic Notes. Terms and Concepts. Exercises.



7. Designing Trusted Operating Systems.

What Is a Trusted System? Security Policies. Models of Security. Design of Trusted Operating Systems. Assurance in Trusted Operating Systems. Implementation Examples. Summary of Security in Operating Systems. Bibliographic Notes. Terms and Concepts. Exercises.



8. Data Base Security.

Introduction to Data Bases. Security Requirements. Reliability and Integrity. Sensitive Data. Inference Problem. Multilevel Data Bases. Proposals for Multilevel Security. Summary of Data Base Security. Bibliographic Notes. Terms and Concepts. Exercises.



9. Security in Networks and Distributed Systems.

Network Concepts. Threats in Networks. Network Security Controls. Privacy Enhanced Electronic Mail. Firewalls. Encrypting Gateway. Multilevel Security on Networks. Summary of Network Security. Bibliographic Notes. Terms and Concepts. Exercises.



10. Administering Security.

Personal Computer Security Management. UNIX Security Management. Network Security Management. Risk Analysis. Security Planning. Organizational Security Policies. Summary of Administering Security. Bibliographic Notes. Terms and Concepts. Exercises.



11. Legal and Ethical Issues in Computer Security.

Protecting Programs and Data. Information and the Law. Rights of Employees and Employers. Computer Crime. Ethical Issues in Computer Security. Ethical Reasoning. Electronic Privacy. Privacy of Electronic Data. Use of Encryption. Cryptographic Key Escrow. Case Studies of Ethics. Case Studies of Ethics. Codes of Ethics. Conclusion. Bibliographic Notes. Terms and Concepts.



Bibliography.


Index.

    Appropriate for beginning to intermediate courses in computer security.

    This sweeping revision of the classic computer security book provides an authoritative overview of computer security for every type of system, from traditional centralized systems to distributed networks and the Internet. The Third Edition has been updated to reflect the state-of-the-art in networking; cryptography; program and operating system security; administration; legal, privacy, and ethical issues, and much more. It combines core computer science concepts related to operating systems, networks, data bases, and programming, with accessible discussions of the use of cryptography and protocols. The book describes each important area from a developer's or user's point of view, lays out the security vulnerabilities and threats, and follows countermeasures to address them. Their book's layered approach is ideal for instructors who wish to customize courses based on their unique requirements. They also provide extensive pedagogical resources–including overviews, end-of-chapter reviews, lists of key terms, and updated exercises and references.

    The authors are recognized experts in their fields. Lead author Dr. Charles P. Pfleeger, CISSP, is currently Master Security Architect for Cable & Wireless, one of the world's leading providers of Internet and secure infrastructure services. Co-author Dr. Shari Lawrence Pfleeger is a Senior Researcher at RAND Corporation, a not-for-profit company providing strategy and decision-making support in the public interest. They are the authors of more than a dozen previous books on computer security, software engineering, software measurement, software quality, and programming.

    Supplements including a solutions manual, PowerPoints and a companion website are available.  In the "Resources" box above, please click on "Instructor."

  • 0130355488Security in Computing, 3/E
    Pfleeger & Pfleeger
    © 2003 | Prentice Hall | Cloth; 746 pages | Instock
    ISBN-10: 0130355488 | ISBN-13: 9780130355485
    Brief Description
  • 0132342596Instructor's Manual, 4/E
    Pfleeger & Pfleeger
    © 2007 | Prentice Hall | Paper; 96 pages | Instock
    ISBN-10: 0132342596 | ISBN-13: 9780132342599

Charles P. Pfleeger is a master security architect at Exodus Communications, Inc. He has worked on security projects in Europe and Australia as well as in the USA. He has also spent 14 years as a professor of computer science at the University of Tennessee. Dr. Pfleeger is a graduate of Ohio Wesleyan University, and holds a Ph. D. in Computer Science from Pennsylvania State University.


33748-5

Every day, more and more critical information is created, transmitted, and archived by computers. This ever-growing reliance on technology has made computer security a higher priority than ever before, yet the pace of computer development has far outstripped the improvements in computer security. Today's computer professionals need a comprehensive understanding of all aspects of security in computing.

Security in Computing is the most complete and up-to-date college textbook now available. Enlivened by actual case studies and supported by more than 175 exercises, the book covers:

  • Viruses, worms, Trojan horses, and other forms of malicious code
  • Firewalls and the protection of networked systems
  • E-mail privacy, including PEM, PGP, key management, and certificates
  • Key escrow—both as a technology and in the “Clipper” program
  • Evaluation of trusted systems, including the Common Criteria, the ITSEC, and the Orange Book
  • Standards for program development and quality, including ISO9000 and SEI CMM
  • Administering secure installations of PCs, UNIX¨, and networked environments
  • Ethical and legal issues in computing

A modular, layered structure makes Security in Computing ideal for classroom use as well as a reference for professionals. Once the basic tools have been covered, the remaining chapters can be studied in any order, and to any depth desired.

Since the publication of the first edition in 1989, the number of threats to secure computing have increased, but so have the available countermeasures. This second edition has been thoroughly revised to reflect teaching experiences with the first edition and to incorporate all the latest information on computer security.

View a Sample Chapter PDF:

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students, contact your Pearson Higher Education representative for pricing and ordering information.

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students contact your Pearson Higher Education representative.


Copyright ©2008 Pearson Education. All rights reserved. Legal Notice | Privacy Policy | Permissions