메뉴 바로가기 검색 및 카테고리 바로가기 본문 바로가기

한빛출판네트워크

한빛랩스 - 지식에 가능성을 머지하다 / 강의 콘텐츠 무료로 수강하시고 피드백을 남겨주세요. ▶︎
Information Security: Principles and Practice (Hardcover, 3)

Information Security: Principles and Practice (Hardcover, 3)

한빛아카데미

원서

판매중

  • 저자 : 마크 스탬프
  • 출간 : 2021-09-28
  • 페이지 : 448 쪽
  • ISBN : 9781119505907
  • 물류코드 :30124
  • 초급 초중급 중급 중고급 고급
0점 (0명)
좋아요 : 6

Provides systematic guidance on meeting the information security challenges of the 21st century, featuring newly revised material throughout

Information Security: Principles and Practice is the must-have book for students, instructors, and early-stage professionals alike. Author Mark Stamp provides clear, accessible, and accurate information on the four critical components of information security: cryptography, access control, security protocols, and software. Readers are provided with a wealth of real-world examples that clarify complex topics, highlight important security issues, and demonstrate effective methods and strategies for protecting the confidentiality and integrity of data.

Fully revised and updated, the third edition of Information Security features a brand-new chapter on network security basics and expanded coverage of cross-site scripting (XSS) attacks, Stuxnet and other malware, the SSH protocol, secure software development, and security protocols. Fresh examples illustrate the Rivest-Shamir-Adleman (RSA) cryptosystem, Elliptic-curve cryptography (ECC), and hash functions based on bitcoin and blockchains. Updated problem sets, figures, tables, and graphs help readers develop a working knowledge of classic cryptosystems, symmetric and public key cryptography, cryptanalysis, simple authentication protocols, intrusion and malware detection systems, and more. Presenting a highly practical approach to information security, this popular textbook:

Provides up-to-date coverage of the rapidly evolving field of information security
Explains session keys, perfect forward secrecy, timestamps, SSH, SSL, IPSec, Kerberos, WEP, GSM, and other authentication protocols
Addresses access control techniques including authentication and authorization, ACLs and capabilities, and multilevel security and compartments
Discusses software tools used for malware detection, digital rights management, and operating systems security
Includes an instructor’s solution manual, PowerPoint slides, lecture videos, and additional teaching resources
Information Security: Principles and Practice, Third Edition is the perfect textbook for advanced undergraduate and graduate students in all Computer Science programs, and remains essential reading for professionals working in industrial or government security.

To request supplementary materials, please contact mark.stamp@sjsu.edu and visit the author-maintained website for more: https://www.cs.sjsu.edu/~stamp/infosec/.

 

New feature

Provides systematic guidance on meeting the information security challenges of the 21st century, featuring newly revised material throughout

Information Security: Principles and Practice is the must-have book for students, instructors, and early-stage professionals alike. Author Mark Stamp provides clear, accessible, and accurate information on the four critical components of information security: cryptography, access control, network security, and software. Readers are provided with a wealth of real-world examples that clarify complex topics, highlight important security issues, and demonstrate effective methods and strategies for protecting the confidentiality and integrity of data.

Fully revised and updated, the third edition of Information Security features a brand-new chapter on network security basics and expanded coverage of cross-site scripting (XSS) attacks, Stuxnet and other malware, the SSH protocol, secure software development, and security protocols. Fresh examples illustrate the Rivest-Shamir-Adleman (RSA) cryptosystem, elliptic-curve cryptography (ECC), SHA-3, and hash function applications including bitcoin and blockchains. Updated problem sets, figures, tables, and graphs help readers develop a working knowledge of classic cryptosystems, modern symmetric and public key cryptography, cryptanalysis, simple authentication protocols, intrusion and malware detection systems, quantum computing, and more. Presenting a highly practical approach to information security, this popular textbook:

Provides up-to-date coverage of the rapidly evolving field of information security
Explains session keys, perfect forward secrecy, timestamps, SSH, SSL, IPSec, Kerberos, WEP, GSM, and other authentication protocols
Addresses access control techniques including authentication and authorization, ACLs and capabilities, and multilevel security and compartments
Discusses software security issues, ranging from malware detection to secure software development
Includes an instructor’s solution manual, PowerPoint slides, lecture videos, and additional teaching resources
Information Security: Principles and Practice, Third Edition is the perfect textbook for advanced undergraduate and graduate students in all Computer Science programs, and remains essential reading for professionals working in industrial or government security.

To request supplementary materials, please contact mark.stamp@sjsu.edu and visit the author-maintained website for more: https://www.cs.sjsu.edu/~stamp/infosec/.

마크 스탬프 저자

마크 스탬프

Texas Tech University에서 수학 석사 및 박사학위를 취득하였다. 현재 실리콘밸리에 있는 산호세 주립대 전산학과 교수로 정보보안을 강의하고 있다. 정보보안 관련 기업과 학계에서 풍부한 실무 경험을 쌓았으며, 미 국가보안국(NSA)에서 암호분석가로 7년간 근무하였다.

 

 

Preface xv

About The Author xix

Acknowledgments xxi

1 Introductions 1

1.1 The Cast of Characters 1

1.2 Alice's Online Bank 2

1.2.1 Confidentiality, Integrity, and Availability 2

1.2.2 Beyond CIA 2

1.3 About This Book 4

1.3.1 Cryptography 4

1.3.2 Access Control 5

1.3.3 Network Security 6

1.3.4 Software 6

1.4 The People Problem 7

1.5 Principles and Practice 7

1.6 Problems 8

I Crypto 13

2 Classic Cryptography 15

2.1 Introduction 15

2.2 How to Speak Crypto 15

2.3 Classic Crypto 17

2.3.1 Simple Substitution Cipher 18

2.3.2 Cryptanalysis of a Simple Substitution 20

2.3.3 Definition of Secure 21

2.3.4 Double Transposition Cipher 22

2.3.5 One-Time Pad 23

2.3.6 Codebook Cipher 27

viii CONTENTS

2.4 Classic Crypto in History 28

2.4.1 Ciphers of the Election of 1876 28

2.4.2 Zimmermann Telegram 30

2.4.3 Project VENONA 32

2.5 Modern Crypto History 33

2.6 A Taxonomy of Cryptography 36

2.7 A Taxonomy of Cryptanalysis 37

2.8 Summary 39

2.9 Problems 39

3 Symmetric Ciphers 45

3.1 Introduction 45

3.2 Stream Ciphers 46

3.2.1 A5/1 47

3.2.2 RC4 49

3.3 Block Ciphers 51

3.3.1 Feistel Cipher 51

3.3.2 DES 52

3.3.3 Triple DES 57

3.3.4 AES 59

3.3.5 TEA 62

3.3.6 Block Cipher Modes 64

3.4 Integrity 68

3.5 Quantum Computers and Symmetric Crypto 70

3.6 Summary 72

3.7 Problems 72

4 Public Key Crypto 79

4.1 Introduction 79

4.2 Knapsack 82

4.3 RSA 85

4.3.1 Textbook RSA Example 87

4.3.2 Repeated Squaring 88

4.3.3 Speeding Up RSA 90

4.4 Diffie-Hellman 91

4.5 Elliptic Curve Cryptography 93

4.5.1 Elliptic Curve Math 93

4.5.2 ECC Diffie-Hellman 95

4.5.3 Realistic Elliptic Curve Example 96

4.6 Public Key Notation 97

4.7 Uses for Public Key Crypto 98

4.7.1 Confidentiality in the Real World 98

4.7.2 Signatures and Non-repudiation 99

CONTENTS ix

4.7.3 Confidentiality and Non-repudiation 99

4.8 Certificates and PKI 102

4.9 Quantum Computers and Public Key 104

4.10 Summary 106

4.11 Problems 106

5 Crypto Hash Functions++ 115

5.1 Introduction 115

5.2 What is a Cryptographic Hash Function? 116

5.3 The Birthday Problem 117

5.4 A Birthday Attack 119

5.5 Non-Cryptographic Hashes 120

5.6 SHA-3 121

5.7 HMAC 124

5.8 Cryptographic Hash Applications 126

5.8.1 Online Bids 126

5.8.2 Blockchain 127

5.9 Miscellaneous Crypto-Related Topics 136

5.9.1 Secret Sharing 136

5.9.2 Random Numbers 140

5.9.3 Information Hiding 143

5.10 Summary 147

5.11 Problems 147

II Access Control 159

6 Authentication 161

6.1 Introduction 161

6.2 Authentication Methods 162

6.3 Passwords 163

6.3.1 Keys Versus Passwords 164

6.3.2 Choosing Passwords 164

6.3.3 Attacking Systems via Passwords 166

6.3.4 Password Verification 167

6.3.5 Math of Password Cracking 168

6.3.6 Other Password Issues 173

6.4 Biometrics 174

6.4.1 Types of Errors 176

6.4.2 Biometric Examples 176

6.4.3 Biometric Error Rates 181

6.4.4 Biometric Conclusions 182

6.5 Something You Have 182

x CONTENTS

6.6 Two-Factor Authentication 183

6.7 Single Sign-On and Web Cookies 183

6.8 Summary 184

6.9 Problems 185

7 Authorization 195

7.1 Introduction 195

7.2 A Brief History of Authorization 196

7.2.1 The Orange Book 196

7.2.2 The Common Criteria 199

7.3 Access Control Matrix 200

7.3.1 ACLs and Capabilities 201

7.3.2 Confused Deputy 202

7.4 Multilevel Security Models 204

7.4.1 Bell-LaPadula 206

7.4.2 Biba's Model 207

7.4.3 Compartments 208

7.5 Covert Channels 210

7.6 Inference Control 212

7.7 CAPTCHA 214

7.8 Summary 216

7.9 Problems 216

III Topics in Network Security 221

8 Network Security Basics 223

8.1 Introduction 223

8.2 Networking Basics 223

8.2.1 The Protocol Stack 225

8.2.2 Application Layer 226

8.2.3 Transport Layer 228

8.2.4 Network Layer 231

8.2.5 Link Layer 233

8.3 Cross-Site Scripting Attacks 235

8.4 Firewalls 236

8.4.1 Packet Filter 238

8.4.2 Stateful Packet Filter 240

8.4.3 Application Proxy 240

8.4.4 Defense in Depth 242

8.5 Intrusion Detection Systems 243

8.5.1 Signature-Based IDS 245

8.5.2 Anomaly-Based IDS 246

CONTENTS xi

8.6 Summary 250

8.7 Problems 250

9 Simple Authentication Protocols 257

9.1 Introduction 257

9.2 Simple Security Protocols 259

9.3 Authentication Protocols 261

9.3.1 Authentication Using Symmetric Keys 264

9.3.2 Authentication Using Public Keys 267

9.3.3 Session Keys 268

9.3.4 Perfect Forward Secrecy 270

9.3.5 Mutual Authentication, Session Key, and PFS 273

9.3.6 Timestamps 273

9.4 ``Authentication"" and TCP 275

9.5 Zero Knowledge Proofs 278

9.6 Tips for Analyzing Protocols 282

9.7 Summary 284

9.8 Problems 284

10 Real-World Security Protocols 293

10.1 Introduction 293

10.2 SSH 294

10.2.1 SSH and the Man-in-the-Middle 295

10.3 SSL 296

10.3.1 SSL and the Man-in-the-Middle 299

10.3.2 SSL Connections 300

10.3.3 SSL Versus IPsec 300

10.4 IPsec 301

10.4.1 IKE Phase 1 302

10.4.2 IKE Phase 2 309

10.4.3 IPsec and IP Datagrams 310

10.4.4 Transport and Tunnel Modes 311

10.4.5 ESP and AH 313

10.5 Kerberos 314

10.5.1 Kerberized Login 316

10.5.2 Kerberos Ticket 316

10.5.3 Security of Kerberos 318

10.6 WEP 319

10.6.1 WEP Authentication 319

10.6.2 WEP Encryption 320

10.6.3 WEP Non-Integrity 320

10.6.4 Other WEP Issues 321

10.6.5 WEP: The Bottom Line 322

xii CONTENTS

10.7 GSM 322

10.7.1 GSM Architecture 323

10.7.2 GSM Security Architecture 324

10.7.3 GSM Authentication Protocol 326

10.7.4 GSM Security Flaws 327

10.7.5 GSM Conclusions 329

10.7.6 3GPP 330

10.8 Summary 330

10.9 Problems 331

IV Software 339

11 Software Flaws and Malware 341

11.1 Introduction 341

11.2 Software Flaws 341

11.2.1 Buffer Overflow 345

11.2.2 Incomplete Mediation 356

11.2.3 Race Conditions 356

11.3 Malware 358

11.3.1 Malware Examples 359

11.3.2 Malware Detection 365

11.3.3 The Future of Malware 367

11.3.4 The Future of Malware Detection 369

11.4 Miscellaneous Software-Based Attacks 369

11.4.1 Salami Attacks 369

11.4.2 Linearization Attacks 370

11.4.3 Time Bombs 371

11.4.4 Trusting Software 372

11.5 Summary 373

11.6 Problems 373

12 Insecurity in Software 381

12.1 Introduction 381

12.2 Software Reverse Engineering 382

12.2.1 Reversing Java Bytecode 384

12.2.2 SRE Example 385

12.2.3 Anti-Disassembly Techniques 390

12.2.4 Anti-Debugging Techniques 391

12.2.5 Software Tamper Resistance 392

12.3 Software Development 393

12.3.1 Flaws and Testing 395

12.3.2 Secure Software Development? 396

CONTENTS xiii

12.4 Summary 396

12.5 Problems 397

Appendix 403

A-1 Modular Arithmetic 403

A-2 Permutations 405

A-3 Probability 406

A-4 DES Permutations 406

Index 418

  • 첫번째 리뷰어가 되어주세요.
  • 결제하기
    • 문화비 소득공제 가능

    도서구입 안내

    <한빛아카데미> 도서는 한빛 홈페이지에서 더 이상 판매를 하지 않습니다. 도서 구입은 인터넷 서점을 이용하시기 바랍니다. 양해바랍니다.

    리뷰쓰기

    닫기
    * 상품명 :
    Information Security: Principles and Practice (Hardcover, 3)
    * 제목 :
    * 별점평가
    * 내용 :

    * 리뷰 작성시 유의사항

    글이나 이미지/사진 저작권 등 다른 사람의 권리를 침해하거나 명예를 훼손하는 게시물은 이용약관 및 관련법률에 의해 제재를 받을 수 있습니다.

    1. 특히 뉴스/언론사 기사를 전문 또는 부분적으로 '허락없이' 갖고 와서는 안됩니다 (출처를 밝히는 경우에도 안됨).
    2. 저작권자의 허락을 받지 않은 콘텐츠의 무단 사용은 저작권자의 권리를 침해하는 행위로, 이에 대한 법적 책임을 지게 될 수 있습니다.

    오탈자 등록

    닫기
    * 도서명 :
    Information Security: Principles and Practice (Hardcover, 3)
    * 구분 :
    * 상품 버전
    종이책 PDF ePub
    * 페이지 :
    * 위치정보 :
    * 내용 :

    도서 인증

    닫기
    도서명*
    Information Security: Principles and Practice (Hardcover, 3)
    구입처*
    구입일*
    부가기호*
    부가기호 안내

    * 온라인 또는 오프라인 서점에서 구입한 도서를 인증하면 마일리지 500점을 드립니다.

    * 도서인증은 일 3권, 월 10권, 년 50권으로 제한되며 절판도서, eBook 등 일부 도서는 인증이 제한됩니다.

    * 구입하지 않고, 허위로 도서 인증을 한 것으로 판단되면 웹사이트 이용이 제한될 수 있습니다.

    닫기

    해당 상품을 장바구니에 담았습니다.이미 장바구니에 추가된 상품입니다.
    장바구니로 이동하시겠습니까?

    자료실

    최근 본 상품1