计算机安全:原理与实践(英文版影印)
点击看大图基本信息
- 作者: 斯托林斯(Stallings,W.) 布朗(Brown,L.)
- 丛书名: 经典原版书库
- 出版社:机械工业出版社
- ISBN:9787111292470
- 上架时间:2010-1-25
- 出版日期:2010 年1月
- 开本:32开
- 页码:798
- 版次:1-1
- 所属分类:
计算机 > 安全 > 综合
内容简介回到顶部↑
本书系统地介绍了计算机安全领域中的各个方面,全面分析了计算机安全威胁、检测与防范安全攻击的技术方法以及软件安全问题和管理问题。本书重点介绍核心原理,揭示了这些原理是如何将计算机安全领域统一成一体的,并说明了它们在实际系统和网络中的应用。此外,本书还探讨了满足安全需求的各种设计方法,阐释了对于当前安全解决方案至关重要的标准。
本书思路清晰,结构严谨,并且提供了扩展的教学支持——数百个精心设计的实践问题,是高等院校计算机安全专业的理想教材,同时也可作为研究人员和专业技术人员的非常有价值的参考书。
本书主要内容
·安全技术和原理,包括密码编码技术、认证以及访问控制。
·威胁及其对策,从检测入侵者到应对dos攻击。
·可信计算与多级安全。
·安全软件:避免缓冲区溢出、恶意输入和其他弱点。
·linux和windows安全模型。
·管理安全:物理安全、培训、审计和策略等。
·计算机犯罪、知识产权、隐私和道德。
·密码算法,包括公钥密码体制。
·internet安全:ssl、tls、ip安全、s/mime、kerberos、x.509以及联合身份管理。
本书思路清晰,结构严谨,并且提供了扩展的教学支持——数百个精心设计的实践问题,是高等院校计算机安全专业的理想教材,同时也可作为研究人员和专业技术人员的非常有价值的参考书。
本书主要内容
·安全技术和原理,包括密码编码技术、认证以及访问控制。
·威胁及其对策,从检测入侵者到应对dos攻击。
·可信计算与多级安全。
·安全软件:避免缓冲区溢出、恶意输入和其他弱点。
·linux和windows安全模型。
·管理安全:物理安全、培训、审计和策略等。
·计算机犯罪、知识产权、隐私和道德。
·密码算法,包括公钥密码体制。
·internet安全:ssl、tls、ip安全、s/mime、kerberos、x.509以及联合身份管理。
作译者回到顶部↑
目录回到顶部↑
preface v
about the authors ix
notation x
acronyms xi
chapter 0 reader's and instructor's guide 1
0.1 outline of the book 2
0.2 a roadmap for readers and instructors 3
0.3 internet and web resources 3
0.4 standards 5
chapter 1 overview 6
1.1 computer security concepts 7
1.2 threats, attacks, and assets 14
1.3 security functional requirements 20
1.4 a security architecture for open systems 22
1.5 the scope of computer security 27
1.6 computer security trends 28
1.7 computer security strategy 32
1.8 reconunended reading andweb sites 34
1.9 key terms, review questions, and problems 36
appendix: 1a significant security standards and documents 37
about the authors ix
notation x
acronyms xi
chapter 0 reader's and instructor's guide 1
0.1 outline of the book 2
0.2 a roadmap for readers and instructors 3
0.3 internet and web resources 3
0.4 standards 5
chapter 1 overview 6
1.1 computer security concepts 7
1.2 threats, attacks, and assets 14
1.3 security functional requirements 20
1.4 a security architecture for open systems 22
1.5 the scope of computer security 27
1.6 computer security trends 28
1.7 computer security strategy 32
1.8 reconunended reading andweb sites 34
1.9 key terms, review questions, and problems 36
appendix: 1a significant security standards and documents 37
前言回到顶部↑
BACKGROUND
Interest in education in computer security and related topics has been growing at a dramatic rate in recent years. This interest has been spurred by a number of factors, two of which stand out:
1. As information systems, databases, and Internet-based distributed systems and communication have become pervasive in the commercial world, coupled with the increased intensity and sophistication of security-related attacks, organizations now recognize the need for a comprehensive security strategy. This strategy encompasses the use of specialized hardware and software and trained personnel to meet that need.
2. Computer security education, often termed information security education or information assurance education has emerged as a national goal in the United States and other countries, with national defense and homeland security implications Organizations such as the Colloquium for Information System Security Education and the National Security Agency's (NSA's) Information Assurance Courseware Evaluation (IACE) Program are spearheading a government role in the development of standards for computer security education.
Accordingly, the number of courses in universities, community colleges, and other institutions in computer security and related areas is growing.
OBJECTIVES
The objective of this book is to provide an up-to-date survey of developments in computer security. Central problems that confront security designers and security administrators indude defining the threats to computer and network systems, evaluating the relative risks of these threats, and developing cost-effective and user-friendly countermeasures.
The following basic themes unify the discussion:
Pfindples: Although the scope of this book is broad, there are a number of basic principles that appear repeatedly as themes and that unify this field. Examples are issues relating to authentication and access control. The book highlights these principles and examines their application in specific areas of computer security.
Design approaches: The book examines alterna,tive approaches to meeting specific computer security requirements
Standards: Standards have come to assume an increasingly important, indeed dominant, role in this field. An understanding of the current status and future direction of technology requires a comprehensive discussion of the related standards.
Real-world examples: A number of the chapters include a section that shows the practical application of that chapter's principles in a real-world environment.
INTENDED AUDIENCE
The book is intended for both an academic and a professional audience. As a textbook, it is intended as a one- or two-semester undergraduate course for computer science, computer engineering, and electrical engineering majors, It covers all the topics in 0S7 Security and Protection, which is one of the core subject areas in the IEEE/ACM Computer Curricula 2001,as well as a number of other topis The book covers the core area lAS Information Assurance and Security in the Computer Curricula 2005 Information Technology Volume; and CE-OPS6 Security and Protection from the Computer Engineering Curriculum Guidelines, 2004.
For the professional interested in this field, the book serves as a basic reference volume and is suitable for self-study.
PLAN OF THE TEXT
The book is divided into six parts (see Chapter 0):
·Computer Security Technology and Principles
·Software Security
·Management Issues
Interest in education in computer security and related topics has been growing at a dramatic rate in recent years. This interest has been spurred by a number of factors, two of which stand out:
1. As information systems, databases, and Internet-based distributed systems and communication have become pervasive in the commercial world, coupled with the increased intensity and sophistication of security-related attacks, organizations now recognize the need for a comprehensive security strategy. This strategy encompasses the use of specialized hardware and software and trained personnel to meet that need.
2. Computer security education, often termed information security education or information assurance education has emerged as a national goal in the United States and other countries, with national defense and homeland security implications Organizations such as the Colloquium for Information System Security Education and the National Security Agency's (NSA's) Information Assurance Courseware Evaluation (IACE) Program are spearheading a government role in the development of standards for computer security education.
Accordingly, the number of courses in universities, community colleges, and other institutions in computer security and related areas is growing.
OBJECTIVES
The objective of this book is to provide an up-to-date survey of developments in computer security. Central problems that confront security designers and security administrators indude defining the threats to computer and network systems, evaluating the relative risks of these threats, and developing cost-effective and user-friendly countermeasures.
The following basic themes unify the discussion:
Pfindples: Although the scope of this book is broad, there are a number of basic principles that appear repeatedly as themes and that unify this field. Examples are issues relating to authentication and access control. The book highlights these principles and examines their application in specific areas of computer security.
Design approaches: The book examines alterna,tive approaches to meeting specific computer security requirements
Standards: Standards have come to assume an increasingly important, indeed dominant, role in this field. An understanding of the current status and future direction of technology requires a comprehensive discussion of the related standards.
Real-world examples: A number of the chapters include a section that shows the practical application of that chapter's principles in a real-world environment.
INTENDED AUDIENCE
The book is intended for both an academic and a professional audience. As a textbook, it is intended as a one- or two-semester undergraduate course for computer science, computer engineering, and electrical engineering majors, It covers all the topics in 0S7 Security and Protection, which is one of the core subject areas in the IEEE/ACM Computer Curricula 2001,as well as a number of other topis The book covers the core area lAS Information Assurance and Security in the Computer Curricula 2005 Information Technology Volume; and CE-OPS6 Security and Protection from the Computer Engineering Curriculum Guidelines, 2004.
For the professional interested in this field, the book serves as a basic reference volume and is suitable for self-study.
PLAN OF THE TEXT
The book is divided into six parts (see Chapter 0):
·Computer Security Technology and Principles
·Software Security
·Management Issues
加载中...
