下载 >  开发技术 >  Javascript > The Craft of System Security

The Craft of System Security

2009-05-22 上传大小:5.29MB
分享
The Craft of System Security 
by Sean Smith; John Marchesini 
List of Figures
1.1 An access control matrix 7 
1.2 Security and state spaces 10 
2.1 Example clearance order 26 
2.2 Example categories order 27 
2.3 Example MLS lattice 28 
2.4 The *-Property 30 
2.5 The Chinese Wall 32 
2.6 Functionality versus assurance 33 
2.7 Object reuse with local variables 37 
2.8 The Orange Book's path through the functionality/assurance space 41 
4.1 Basic computer architecture 62 
4.2 The memory management unit 65 
4.3 Address spaces 66 
4
                            .4 System call architecture 67 
5.1 LANs and WANs 89 
5.2 Switched Ethernet 90 
5.3 Network address translation 91 
5.4 Resolution and routing in the net 93 
5.5 Network ports 93 
5.6 Network protocol layers 94 
5.7 Network protocol stack 95 
5.8 Firewall 98 
5.9 BGP 103 
5.10 Subnets 110 
5.11 DMZ 111 
5.12 Basic WLAN architecture 113 
5.13 Sniffing Web traffic on WLANs 114 
5.14 Sniffing e-mail traffic on WLANs 115 
5.15 A common enterprise WLAN strategy 117 
5.16 WLAN authorization architecture 117 
6.1 A process's address space 126 
6.2 Stackframe 127 
6.3 Integer overflow 135 
6.4 Integer overflow with signed integers 136 
6.5 Errors in signed/unsigned conversion 137 
6.6 Type-safety and memory-safety 146 
7.1 Framing cryptography as a pair of transformations 158 
7.2 Explicit privileges 159 
7.3 RNG 161 
7.4 PRNG 162 
7.5 Symmetric cryptography 163 
7.6 Stream cipher 166 
7.7 Block cipher 167 
7.8 Block ciphers with CBC 168 
7.9 Meet-in-the-middle attack 170 
7.10 Inner-CBC EDE for a block cipher in triple mode 171 
7.11 Outer-CBC EDE for a block cipher in triple mode 171 
7.12 CBC residue MAC 173 
7.13 Public-key cryptography 175 
7.14 Encrypting with public key 175 
7.15 Digital signatures 176 
7.16 Signatures with public key 176 
7.17 Diffie-Hellman 179 
7.18 The Merkle-Damgard approach 181 
7.19 A Merkle tree 182 
7.20 Iterated hash functions 182 
7.21 Square and multiply 184 
7.22 Public-key encryption, in practice 185 
7.23 Digital signatures, in practice 186 
8.1 The Birthday Paradox on hash values 200 
8.2 The Wang attack on MD5 201 
8.3 Timing attack on RSA 204 
9.1 A "ladder diagram" 216 
9.2 A CAPTCHA 218 
9.3 Example ROC curve 219 
9.4 One-time passwords based on time 227 
9.5 One-time passwords based on iterated hashing 228 
9.6 The small-n attack 229 
9.7 The DND authentication protocol 231 
9.8 Key derivation in DND 232 
9.9 How the adversary can choose the challenge 232 
9.10 The ISO SC27 protocol 233 
9.11 Chess Grandmaster attack 234 
9.12 Reflection attack 234 
9.13 Using graph isomorphism for zero-knowledge authentication 236 
9.14 Getting a server ticket in Kerberos 239 
9.15 Getting a ticket-granting ticket in Kerberos 240 
9.16 SSH 242 
9.17 The Ellison triangle 245 
10.1 Basic PKI architecture 251 
10.2 Using a hamster to keep the CA offline 255 
10.3 Cross-certification 260 
10.4 Bridge CAs 261 
11.1 Timeline of standards 277 
12.1 Framesets 312 
12.2 Server-side SSL 319 
12.3 Client-side SSL 325 
12.4 Devious frameset 329 
12.5 JavaScript to sneakily send POSTs 330 
13.1 Example sequence of letters 341 
13.2 Looking at Word documents with emacs 342 
13.3 Interesting relics in the binary 342 
13.4 Turning Fast Save off 343 
13.5 File history in the binary 343 
13.6 Craptastic! 345 
13.7 Memo purportedly released by Alcatel 346 
13.8 A physics paper in Word format 346 
13.9 Turning "Track Changes" on 347 
13.10 Careful with that Distinguished Name! 350 
13.11 Altering a boarding pass 354 
13.12 Excel relics in PowerPoint 356 
13.13 End-of-line misinterpretation 358 
14.1 Secret sharing 371 
14.2 Fewer than k points 372 
14.3 The basic electronic token cash scheme 373 
14.4 Digital timestamping 378 
14.5 Renewing old timestamps 379 
14.6 Multicollisions 380 
14.7 Steganography 384 
15.1 State transitions 393 
15.2 Partial correctness 394 
15.3 Propositional logic 396 
15.4 First-order logic 397 
15.5 Temporal logic 398 
15.6 BAN logic 401 
15.7 Sample bank account code 405 
15.8 Promela specification for bank withdrawals 406 
15.9 Spin reveals a race condition 407 
15.10 Promela specification for fixed code 408 
16.1 The boot-time execution sequence 428 
16.2 Checking integrity at boot time 429 
16.3 Separation in conventional system 437 
16.4 Separation with Type I virtualization 438 
16.5 Separation with Type II virtualization 441 
16.6 Separation with OS-level virtualization 442 
17.1 The general machine learning framework 453 
17.2 A neural network 454 
18.1 Conceptual models 474 
18.2 A Norman door 479 
18.3 ROI and security 481 
A.1 A simple lattice 491 
A.2 If the real numbers were countable 493 
A.3 Cantor's diagonalization 494 
A.4 An enumeration of Turing machines 495 
A.5 An uncomputable function                        
...展开收缩
综合评分:4
开通VIP 立即下载

评论共有4条

xuegr 2017-08-04 14:35:34
系统安全经典著作,感谢分享啊!
dongqiuxiang 2014-04-28 14:16:44
给别人下的 他没说不好 是比较经典的密码学读物
fengwenyuan 2014-01-20 07:16:53
很有用,老师上课要求看的书~
 
The Craft of System Security PDF英文版本 立即下载
积分/C币:10
battleshipcraft工艺战舰2.2.1 立即下载
积分/C币:3
haskell the craft of functional programming 立即下载
积分/C币:5
Building Great Sentences - Exploring the Writer's Craft 立即下载
积分/C币:10
顶级实时3D动画工具Craft Director Studio完美搭建M1坦克教程 立即下载
积分/C币:10
low-end security 立即下载
积分/C币:0
Oracle Applications System Administrator's Guide - Security 立即下载
积分/C币:10
Information System Security 立即下载
积分/C币:3
Acegi Security System for Spring 立即下载
积分/C币:3
Operating System security 立即下载
积分/C币:3

热点文章

VIP会员动态

推荐下载

security源码
5C币 15下载
securityredis集群
3C币 76下载
security例子
3C币 28下载
securityjar包
5C币 4121下载
security权限
3C币 239下载
关闭
img

spring mvc+mybatis+mysql+maven+bootstrap 整合实现增删查改简单实例.zip

资源所需积分/C币 当前拥有积分 当前拥有C币
5 0 0
点击完成任务获取下载码
输入下载码
为了良好体验,不建议使用迅雷下载
img

The Craft of System Security

会员到期时间: 剩余下载个数: 剩余C币: 剩余积分:0
为了良好体验,不建议使用迅雷下载
VIP下载
您今日下载次数已达上限(为了良好下载体验及使用,每位用户24小时之内最多可下载20个资源)

积分不足!

资源所需积分/C币 当前拥有积分
您可以选择
开通VIP
4000万
程序员的必选
600万
绿色安全资源
现在开通
立省522元
或者
购买C币兑换积分 C币抽奖
img

资源所需积分/C币 当前拥有积分 当前拥有C币
5 4 45
为了良好体验,不建议使用迅雷下载
确认下载
img

资源所需积分/C币 当前拥有积分 当前拥有C币
5 0 0
为了良好体验,不建议使用迅雷下载
开通VIP
img

资源所需积分/C币 当前拥有积分 当前拥有C币
5 4 45
您的积分不足,将扣除 10 C币
为了良好体验,不建议使用迅雷下载
确认下载
下载
无法举报自己的资源

兑换成功

你当前的下载分为234开始下载资源
你还不是VIP会员
开通VIP会员权限,免积分下载
立即开通

你下载资源过于频繁,请输入验证码

您因违反CSDN下载频道规则而被锁定帐户,如有疑问,请联络:webmaster@csdn.net!

举报

若举报审核通过,可返还被扣除的积分

  • 举报人:
  • 被举报人:
  • *类型:
    • *投诉人姓名:
    • *投诉人联系方式:
    • *版权证明:
  • *详细原因: