The Craft of System Security by Sean Smith; John Marchesini Publisher: Addison Wesley Professional Pub Date: November 21, 2007 Print ISBN-10: 0-321-43483-8 Print ISBN-13: 978-0-321-43483-8 Pages: 592 Table of Contents | Index Overview "I believe The Craft of System Security is one of the best software security books on the market today It has not only breadth, but depth, covering topics ranging from cryptography, networking, and operating systems to the Web, computerhuman interaction, and how to improve the security of software systems by improving hardware Bottom line, this book should be required reading for all who plan to call themselves security practitioners, and an invaluable part of every university's computer science curriculum." Edward Bonver, CISSP, Senior Software QA Engineer, Product Security, Symantec Corporation "Here's to a fun, exciting read: a unique book chock-full of practical examples of the uses and the misuses of computer security I expect that it will motivate a good number of college students to want to learn more about the field, at the same time that it will satisfy the more experienced professional." L Felipe Perrone, Department of Computer Science, Bucknell University Whether you're a security practitioner, developer, manager, or administrator, this book will give you the deep understanding necessary to meet today's security challenges and anticipate tomorrow's Unlike most books, The Craft of System Security doesn't just review the modern security practitioner's toolkit: It explains why each tool exists, and discusses how to use it to solve real problems After quickly reviewing the history of computer security, the authors move on to discuss the modern landscape, showing how security challenges and responses have evolved, and offering a coherent framework for understanding today's systems and vulnerabilities Next, they systematically introduce the basic building blocks for securing contemporary systems, apply those building blocks to today's applications, and consider important emerging trends such as hardware-based security After reading this book, you will be able to Understand the classic Orange Book approach to security, and its limitations Use operating system security tools and structures with examples from Windows, Linux, BSD, and Solaris Learn how networking, the Web, and wireless technologies affect security Identify software security defects, from buffer overflows to development process flaws Understand cryptographic primitives and their use in secure systems Use best practice techniques for authenticating people and computer systems in diverse settings Use validation, standards, and testing to enhance confidence in a system's security Discover the security, privacy, and trust issues arising from desktop productivity tools Understand digital rights management, watermarking, information hiding, and policy expression Learn principles of human-computer interaction (HCI) design for improved security Understand the potential of emerging work in hardwarebased security and trusted computing The Craft of System Security by Sean Smith; John Marchesini Publisher: Addison Wesley Professional Pub Date: November 21, 2007 Print ISBN-10: 0-321-43483-8 Print ISBN-13: 978-0-321-43483-8 Pages: 592 Table of Contents | Index Copyright List of Figures Preface Acknowledgments About the Authors Part I: History Chapter 1 Introduction Section 1.1 The Standard Rubric Section 1.2 The Matrix Section 1.3 Other Views Section 1.4 Safe States and the Access Control Matrix Section 1.5 Other Hard Questions Section 1.6 The Take-Home Message Section 1.7 Project Ideas Chapter 2 The Old Testament Section 2.1 The Basic Framework Section 2.2 Security Models Section 2.3 The Orange Book Section 2.4 INFOSEC, OPSEC, JOBSEC Section 2.5 The Take-Home Message Section 2.6 Project Ideas Chapter 3 Old Principles, New World Section 3.1 Solving the Wrong Problem? Section 3.2 Lack of Follow-Through? Section 3.3 Too Unwieldy? Section 3.4 Saltzer and Schroeder Section 3.5 Modern Relevance Section 3.6 The Take-Home Message Section 3.7 Project Ideas Part II: Security and the Modern Computing Landscape Chapter 4 OS Security Section 4.1 OS Background Section 4.2 OS Security Primitives and Principles Section 4.3 Real OSes: Everything but the Kitchen Sink Section 4.4 When the Foundation Cracks Section 4.5 Where Are We? Section 4.6 The Take-Home Message Section 4.7 Project Ideas Chapter 5 Network Security Section 5.1 Basic Framework Section 5.2 Protocols Section 5.3 The Network as a Battlefield Section 5.4 The Brave New World Section 5.5 The Take-Home Message Section 5.6 Project Ideas Chapter 6 Implementation Security Section 6.1 Buffer Overflow Section 6.2 Argument Validation and Other Mishaps Section 6.3 TOCTOU Section 6.4 Malware Section 6.5 Programming Language Security Section 6.6 Security in the Development Lifecycle Section 6.7 The Take-Home Message Section 6.8 Project Ideas Part III: Building Blocks for Secure Systems Chapter 7 Using Cryptography Section 7.1 Framework and Terminology Section 7.2 Randomness Section 7.3 Symmetric Cryptography Section 7.4 Applications of Symmetric Cryptography Section 7.5 Public-Key Cryptography Section 7.6 Hash Functions Section 7.7 Practical Issues: Public Key Section 7.8 Past and Future Section 7.9 The Take-Home Message Section 7.10 Project Ideas Chapter 8 Subverting Cryptography Section 8.1 Breaking Symmetric Key without Brute Force Section 8.2 Breaking Symmetric Key with Brute Force Section 8.3 Breaking Public Key without Factoring Section 8.4 Breaking Cryptography via the Real World Section 8.5 The Potential of Efficiently Factoring Moduli Section 8.6 The Take-Home Message Section 8.7 Project Ideas Chapter 9 Authentication Section 9.1 Basic Framework Section 9.2 Authenticating Humans Section 9.3 Human Factors Section 9.4 From the Machine's Point of View Section 9.5 Advanced Approaches Section 9.6 Case Studies Section 9.7 Broader Issues Section 9.8 The Take-Home Message Section 9.9 Project Ideas Chapter 10 Public Key Infrastructure Section 10.1 Basic Definitions Section 10.2 Basic Structure Section 10.3 Complexity Arrives Section 10.4 Multiple CAs Section 10.5 Revocation Section 10.6 The X.509 World Section 10.7 Dissent Section 10.8 Ongoing Trouble Section 10.9 The Take-Home Message Section 10.10 Project Ideas Chapter 11 Standards, Compliance, and Testing Section 11.1 Standards Section 11.2 Policy Compliance Section 11.3 Testing Section 11.4 The Take-Home Message Section 11.5 Project Ideas Part IV: Applications Chapter 12 The Web and Security Section 12.1 Basic Structure Section 12.2 Security Techniques Section 12.3 Privacy Issues Section 12.4 Web Services Section 12.5 The Take-Home Message Section 12.6 Project Ideas Chapter 13 Office Tools and Security Section 13.1 Word Section 13.2 Lotus 1-2-3 Section 13.3 PDF Section 13.4 Cut-and-Paste Section 13.5 PKI and Office Tools Section 13.6 Mental Models Section 13.7 The Take-Home Message Section 13.8 Project Ideas Chapter 14 Money, Time, Property Section 14.1 Money Section 14.2 Time Section 14.3 Property Section 14.4 The Take-Home Message Section 14.5 Project Ideas Part V: Emerging Tools Chapter 15 Formal Methods and Security Section 15.1 Specification Section 15.2 Logics Section 15.3 Cranking the Handle Section 15.4 Case Studies Section 15.5 Spinning Your Bank Account Section 15.6 Limits Section 15.7 The Take-Home Message Section 15.8 Project Ideas Chapter 16 Hardware-Based Security Section 16.1 Data Remanence Section 16.2 Attacks and Defenses Section 16.3 Tools Section 16.4 Alternative Architectures Section 16.5 Coming Trends Section 16.6 The Take-Home Message Section 16.7 Project Ideas Chapter 17 In Search of the Evil Bit Section 17.1 The AI Toolbox Section 17.2 Application Taxonomy Section 17.3 Case Study Section 17.4 Making It Real Section 17.5 The Take-Home Message Section 17.6 Project Ideas Chapter 18 Human Issues Section 18.1 The Last Mile Section 18.2 Design Principles Section 18.3 Other Human-Space Issues Section 18.4 Trust Section 18.5 The Take-Home Message Section 18.6 Project Ideas The Take-Home Lesson Appendix A Exiled Theory A.1 Relations, Orders, and Lattices A.2 Functions A.3 Computability Theory A.4 Frameworks A.5 Quantum Physics and Quantum Computation Bibliography Index Copyright Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests For more information, please contact: U.S Corporate and Government Sales (800) 382-3419 corpsales@pearsontechgroup.com For sales outside the United States please contact: International Sales international@pearsoned.com Visit us on the Web: www.awprofessional.com Library of Congress Cataloging-in-Publication Data Smith, Sean W., 1964 The craft of system security / Sean Smith, John Marchesini p cm Includes bibliographical references and index ISBN 0-321-43483-8 (pbk : alk paper) StealthWatch tank detection BOON code analyzers dynamic analysis formal methods FXCop hardware security [See Hardware security, tools.] ITS4 2nd office applications [See Office tools.] Prevent Purify rootkits API hooking definition detecting DKOM (direct kernel object manipulation) DLL injection hookers IAT (import address table), redirecting installed as drivers kernel space kernel state, modifying Linux modifying data structures SSDT (system service descriptor table) system calls, intercepting user space Vanquish Windows Splint static analysis Valgrind Topology, network TOR network Total correctness Total orders TPM (trusted platform module) Track Changes feature Tragedy of the commons Transformations, cryptography Transitivity of electronic money Transmission Control Protocol (TCP) Transparency Transport layer Transport Layer Security (TLS) [See also SSL (Secure Sockets Layer).] Transport mode Trap instructions Trapdoors Traps Triple DES [See TDES (Triple DES).] Trojan horses Trust facilitating importance of management negotiation Trust anchors Trust flow issues Trust root CAs Trusted boot Trusted Computer System Evaluation Criteria (TCSEC) [See also Orange Book.] Trusted computing base Trusted computing base (TCB) Trusted Computing Group (TCG) Trusted Computing Platform Alliance (TCPA) Trusted computing technology Trusted devices Trusted distribution Trusted facility management Trusted network connect (TNC) Trusted path 2nd Trusted platform module (TPM) Trustworthy, definition TTL (time-to-live) attack Tunnel mode Turing, Alan Turing test Two-factor authentication Tygar, Doug 2nd Type casting Type safety Typejacking Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] UDP (User Datagram Protocol) Unauthorized OS access Uncomputable things Uncountable things Unicity distance 2nd Unicode encoding Unit-testing frameworks Unpredictability, cryptography Unprivileged mode URI (uniform resource identifier) URLs (Uniform Resource Locators) 2nd User interaction User interface issues, server-side SSL User mode User privileges, hardware security Userland User-space rootkits Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] Valgrind Validation ***See also Authenticating; Authentication; Authorization CA (certification authority) input arguments [See Argument validation.] standards Vanquish VAX Security Kernel, case study Venona ciphers, decrypting Verified protection 2nd Virtual machines 2nd Virtual memory Virtual paper, mental model Virtual private networks (VPNs) Virtualization case study containers definition detecting grouping processors LT (LaGrande technology) Pacifica architecture paenevirtualization paravirtualization Presidio architecture red pills security trends SubVirt project trends type I machines type II machines virtual machine introspection VMWare project VT (Vanderpol technology) XEN project zones Virtualization technology Viruses definition in hardware Kriz Magistr remote code execution Wazzu Visual hashes of random strings VMM (virtual machine monitor) Voting systems VPNs (virtual private networks) Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] Wagner, Dave Wagner, David WANs (wide area networks) Wardriving Watermarking [See also Information, hiding.] analog hole problem applications attacks in code definition examples mosaic attack robustness software tamper resistance unintended fingerprinting Wazzu virus Web of trust 2nd Web security access control issues AJAX (asynchronous JavaScript and XML) authentication basic actions case studies click fraud client-side SSL authentication authorization key-pair issues password authentication password sharing problems protocol description security issues connectivity, and national boundaries cookies digest authentication escape sequence bug htaccess file HTTP state Mosaic Netscape network issues page content active content ActiveX controls atomic-page model browser perspective CSRF (cross-site request forgery) framesets Java applets JavaScript mental model of rendering pages page requests browser escape sequence attacks form filling form processing impersonating users interaction server-side CGI scripts user XSS (cross-site scripting) privacy issues autofilling URLs browser history cache cookies cache hits client-side CROWDS tool leaking across sessions onion routing overview P3P (platform for privacy preferences) Privacy Bird plug-in private browsing pseudonymity server-side third-party servers TOR network REFERER field Secure HTTP server-side SSL anonymous SSL certificate identity mismatch certificate-chain discovery ciphersuites definition history of initiating a secure interaction PKI issues PRE_MASTER_SECRET nonce problems protocol description trust root CAs user interface issues uses for variations state typejacking Unicode encoding URL syntax Web services Well-formed transactions White-box testing Whitten, Alma 2nd "Why Johnny Can't Encrypt," Wide area networks (WANs) Wi-Fi Protected Access (WPA) Win32 Windows versus Linux versus Macintosh metafile vulnerability rootkits Wing, Jeannette Wireless networking [See also Bluetooth; WLANs (wireless LANs).] WireShark WLANs (wireless LANs) access control access points ad hoc networking detecting IEEE standards infrastructure networking promiscuous passive mode rogue access points sniffing 2nd supplicants wardriving wireless, definition WPA (Wi-Fi Protected Access) Word anecdotes demonstration electronic objects versus paper Fast Save feature forms protection hidden data macros metadata passwords, removing Pattybug relics templates text files, viewing in binary Track Changes feature Word bugs Word processors [See Word.] Worms 2nd WPA (Wi-Fi Protected Access) Write permission Writing down passwords Writing Secure Code Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] X.509 certificates [See also CA (certification authority).] AA (attribute authority) alternatives to attribute certificates attributes, binding to entities CMP (Certificate Management Protocol) dissenting voices Ellison, Carl Garfinkel, Simson Gutmann, Peter Tygar, Doug Whitten, Alma extensions KCM (key-continuity management) key chains overview PERMIS system PGP (Pretty Good Privacy) PMI (privilege management infrastructure) proxy certificates SDSI/SPKI SOA (source of authority) variations web of trust XACML (Extensible Access Control Markup Language) XKMS (XML Key Management Specification) XML (Extensible Markup Language) XML Key Management Specification (XKMS) XML-encryption XML-signatures XOM XrML (Extensible rights Markup Language) XSS (cross-site scripting) Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] Yee, Ka-Ping Young, Adam Yung, Moti Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] Zero-day exploits Zero-knowledge authentication Zimmerman, Phil ... explosively, in ways that affect everyone, not only computer scientists—compare the state of home or office computing and of the Web in 1994 to today However, security must be viewed in the context of the social impact of the systems If one is going to build, deploy, work with, manage, or perhaps simply... understanding of the issues Such mastery of the toolkit is necessary to understand the craft of system security How does one get such a security education? One could read through a bookshelf of material or access a large set of CDROMs to get the necessary depth, but most people do not have... Learn principles of human-computer interaction (HCI) design for improved security Understand the potential of emerging work in hardwarebased security and trusted computing The Craft of System Security