Жанры
Авторы
Контакты
О сайте
Книжные новинки
Популярные книги
Найти
Главная
Авторы
Ross Anderson
Security Engineering
Читать книгу Security Engineering - Ross Anderson - Страница 1
Оглавление
Предыдущая
Следующая
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
...
234
Оглавление
Купить и скачать книгу
Вернуться на страницу книги Security Engineering
Оглавление
Страница 1
Table of Contents
List of Illustrations
Guide
Pages
Страница 6
Preface to the Third Edition
Preface to the Second Edition
Preface to the First Edition
For my daughter, and other lawyers…
Foreword
PART I
CHAPTER 1 What Is Security Engineering?
1.1 Introduction
1.2 A framework
1.3 Example 1 – a bank
1.4 Example 2 – a military base
1.5 Example 3 – a hospital
1.6 Example 4 – the home
1.7 Definitions
1.8 Summary
Note
CHAPTER 2 Who Is the Opponent?
2.1 Introduction
2.2 Spies
2.2.1 The Five Eyes
2.2.1.1 Prism
2.2.1.2 Tempora
2.2.1.3 Muscular
2.2.1.4 Special collection
2.2.1.5 Bullrun and Edgehill
2.2.1.6 Xkeyscore
2.2.1.7 Longhaul
2.2.1.8 Quantum
2.2.1.9 CNE
2.2.1.10 The analyst's viewpoint
2.2.1.11 Offensive operations
2.2.1.12 Attack scaling
2.2.2 China
2.2.3 Russia
2.2.4 The rest
2.2.5 Attribution
2.3 Crooks
2.3.1 Criminal infrastructure
2.3.1.1 Botnet herders
2.3.1.2 Malware devs
2.3.1.3 Spam senders
2.3.1.4 Bulk account compromise
2.3.1.5 Targeted attackers
2.3.1.6 Cashout gangs
2.3.1.7 Ransomware
2.3.2 Attacks on banking and payment systems
2.3.3 Sectoral cybercrime ecosystems
2.3.4 Internal attacks
2.3.5 CEO crimes
2.3.6 Whistleblowers
2.4 Geeks
2.5 The swamp
2.5.1 Hacktivism and hate campaigns
2.5.2 Child sex abuse material
2.5.3 School and workplace bullying
2.5.4 Intimate relationship abuse
2.6 Summary
Research problems
Further reading
Notes
CHAPTER 3 Psychology and Usability
3.1 Introduction
3.2 Insights from psychology research
3.2.1 Cognitive psychology
3.2.2 Gender, diversity and interpersonal variation
3.2.3 Social psychology
3.2.3.1 Authority and its abuse
3.2.3.2 The bystander effect
3.2.4 The social-brain theory of deception
3.2.5 Heuristics, biases and behavioural economics
3.2.5.1 Prospect theory and risk misperception
3.2.5.2 Present bias and hyperbolic discounting
3.2.5.3 Defaults and nudges
3.2.5.4 The default to intentionality
3.2.5.5 The affect heuristic
3.2.5.6 Cognitive dissonance
3.2.5.7 The risk thermostat
3.3 Deception in practice
3.3.1 The salesman and the scamster
3.3.2 Social engineering
3.3.3 Phishing
3.3.4 Opsec
3.3.5 Deception research
3.4 Passwords
3.4.1 Password recovery
3.4.2 Password choice
3.4.3 Difficulties with reliable password entry
3.4.4 Difficulties with remembering the password
3.4.4.1 Naïve choice
3.4.4.2 User abilities and training
3.4.4.3 Design errors
3.4.4.4 Operational failures
3.4.4.5 Social-engineering attacks
3.4.4.6 Customer education
3.4.4.7 Phishing warnings
3.4.5 System issues
3.4.6 Can you deny service?
3.4.7 Protecting oneself or others?
3.4.8 Attacks on password entry
3.4.8.1 Interface design
3.4.8.2 Trusted path, and bogus terminals
3.4.8.3 Technical defeats of password retry counters
3.4.9 Attacks on password storage
3.4.9.1 One-way encryption
3.4.9.2 Password cracking
3.4.9.3 Remote password checking
3.4.10 Absolute limits
3.4.11 Using a password manager
3.4.12 Will we ever get rid of passwords?
3.5 CAPTCHAs
3.6 Summary
Research problems
Further reading
Notes
CHAPTER 4 Protocols
4.1 Introduction
4.2 Password eavesdropping risks
4.3 Who goes there? – simple authentication
4.3.1 Challenge and response
4.3.2 Two-factor authentication
4.3.3 The MIG-in-the-middle attack
4.3.4 Reflection attacks
4.4 Manipulating the message
4.5 Changing the environment
4.6 Chosen protocol attacks
4.7 Managing encryption keys
4.7.1 The resurrecting duckling
4.7.2 Remote key management
4.7.3 The Needham-Schroeder protocol
4.7.4 Kerberos
4.7.5 Practical key management
4.8 Design assurance
4.9 Summary
Research problems
Further reading
Notes
CHAPTER 5 Cryptography
5.1 Introduction
5.2 Historical background
5.2.1 An early stream cipher – the Vigenère
5.2.2 The one-time pad
5.2.3 An early block cipher – Playfair
5.2.4 Hash functions
5.2.5 Asymmetric primitives
5.3 Security models
5.3.1 Random functions – hash functions
5.3.1.1 Properties
5.3.1.2 The birthday theorem
5.3.2 Random generators – stream ciphers
5.3.3 Random permutations – block ciphers
5.3.4 Public key encryption and trapdoor one-way permutations
5.3.5 Digital signatures
5.4 Symmetric crypto algorithms
5.4.1 SP-networks
5.4.1.1 Block size
5.4.1.2 Number of rounds
5.4.1.3 Choice of S-boxes
5.4.1.4 Linear cryptanalysis
5.4.1.5 Differential cryptanalysis
5.4.2 The Advanced Encryption Standard (AES)
5.4.3 Feistel ciphers
5.4.3.1 The Luby-Rackoff result
5.4.3.2 DES
5.5 Modes of operation
5.5.1 How not to use a block cipher
5.5.2 Cipher block chaining
5.5.3 Counter encryption
5.5.4 Legacy stream cipher modes
5.5.5 Message authentication code
5.5.6 Galois counter mode
5.5.7 XTS
5.6 Hash functions
5.6.1 Common hash functions
5.6.2 Hash function applications – HMAC, commitments and updating
5.7 Asymmetric crypto primitives
5.7.1 Cryptography based on factoring
5.7.2 Cryptography based on discrete logarithms
5.7.2.1 One-way commutative encryption
5.7.2.2 Diffie-Hellman key establishment
5.7.2.3 ElGamal digital signature and DSA
5.7.3 Elliptic curve cryptography
5.7.4 Certification authorities
5.7.5 TLS
5.7.5.1 TLS uses
5.7.5.2 TLS security
5.7.5.3 TLS 1.3
5.7.6 Other public-key protocols
5.7.6.1 Code signing
5.7.6.2 PGP/GPG
5.7.6.3 QUIC
5.7.7 Special-purpose primitives
5.7.8 How strong are asymmetric cryptographic primitives?
5.7.9 What else goes wrong
5.8 Summary
Research problems
Further reading
Notes
CHAPTER 6 Access Control
6.1 Introduction
6.2 Operating system access controls
6.2.1 Groups and roles
6.2.2 Access control lists
6.2.3 Unix operating system security
6.2.4 Capabilities
6.2.5 DAC and MAC
6.2.6 Apple's macOS
6.2.7 iOS
6.2.8 Android
6.2.9 Windows
6.2.10 Middleware
6.2.10.1 Database access controls
6.2.10.2 Browsers
6.2.11 Sandboxing
6.2.12 Virtualisation
6.3 Hardware protection
6.3.1 Intel processors
6.3.2 Arm processors
6.4 What goes wrong
6.4.1 Smashing the stack
6.4.2 Other technical attacks
6.4.3 User interface failures
6.4.4 Remedies
6.4.5 Environmental creep
6.5 Summary
Research problems
Further reading
Notes
{buyButton}
Подняться наверх
