Читать книгу Information Security - Mark Stamp - Страница 18

Lampson [69] believes that real‐world security boils down to the following:

 Specification/policy — What is the system supposed to do?

 Implementation/mechanism — How does it do it?

 Correctness/assurance — Does it really work?

Your humble author would humbly³ add a fourth category:

 Human nature — Can the system survive “clever” users?

The focus of this book is primarily on the implementation/mechanism front. Your self‐assured author assures you that this is appropriate, nay essential, for an introductory course, since the strengths, weaknesses, and inherent limitations of the mechanisms directly affect all other aspects of security. In other words, without a reasonable understanding of the mechanisms, it is not possible to have an informed discussion of other relevant security issues.

The material in this book is divided into four major parts. The first part deals with cryptography, while the next part covers access control. Part III shifts the focus to network security, where the emphasis is on security protocols. The final major part of the book deals with the vast and relatively ill‐defined topic of software. Hopefully, the previous discussion of AOB⁴ has convinced you that these major themes are all relevant to real‐world information security.

In the remainder of this chapter, we'll give a quick preview of each of these four major themes. The chapter concludes with a summary, followed by several not‐to‐be‐missed homework problems.