D. Russell and G.T. Gangemi. Computer Security Basics. O'Reilly & Associates Inc., Sebastopol, California, 1991.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....against what. The resources that we want to protect are the processes, files and data in transit, on computers and networks. Resource objects, such as databases or semaphores must also be protected. For such resources, the main security elements are confidentiality, integrity and availability [1]. Confidentiality refers to protecting information from being read or copied by anyone who has not been explicitly authorized by the owner of the information. Integrity protects information from being deleted or altered in any way without the permission of the owner of that information. ....

Deborah Russell and G. T. Gangemi, Sr., Computer Security Basics, O'Reilly & Associates, Inc., Sebastopol, CA, 1991.

....both red and black connections, such as cipher machines and multilevel secure workstations, requires particularly thorough testing. The U.S. standard NACSIM 5100A that specifies the test requirements for Tempest protected equipment, and its NATO equivalent AMSG 720B, are classified documents [3 5]. In Germany, even the names of the government standards on compromising radiation are kept secret. So we lack full information about the measurement technology required for Tempest tests, but descriptions in published patents [6, 7] suggest that the tools employed are orders of magnitude more ....

Deborah Russell, G. T. Gangemi Sr.: Computer Security Basics. Chapter 10: TEMPEST, O'Reilly & Associates, 1991, ISBN 0-937175-71-4

....a very significant cost saving. It is already available in COTS products; here we discuss its introduction into NATO systems. 1 Introduction NATO and its member states have been concerned for decades about the electromagnetic emission security (emsec) of computer and communications equipment [1]; the threat was mentioned in the open literature as early as 1967 [2] and became widely publicised in 1985 [3, 4] Emsec is commonly understood as consisting of Tempest (the interception of stray information bearing RF emissions from equipment) Hijack (the interception of sensitive information ....

D Russell, GT Gangemi, `Computer Security Basics', O'Reilly & Associates, 1991, ISBN 0-937175-71-4; chapter 10 (TEMPEST)

....of this document specifies the cryptographic service calls for secret key and public key cryptosystems, an overview of these cryptosystems will be helpful. However, to fully understand these service calls, some familiarity with both cryptosystems is required. Interested readers may wish to read [3] and [4] to learn more about the two prime cryptographic technologies. In secret key cryptography, a secret key is established and shared between two individuals or parties and the same key is used to encrypt or decrypt messages, therefore, it is also referred to as symmetric cryptography. If the ....

.... PublicKey; typedef struct union DSAPrivateKey dsaprikey; RSAPrivateKey rsaprikey; priktype; PrivateKey; The following defines the data type Certificate in the C language. Some of the supporting data types may not have been defined. typedef struct BYTE countryName[3]; country name BYTE orgName[64] organization name BYTE orgUnitName[64] optinal organization unit name BYTE personalName[64] personal name Name; typedef struct To be defined UTCTime; typedef struct UTCTime notBefore; UTCTime notAfter; ....

Deborah Russell and G. T. Gangemi Sr., Computer Security Basics, O'Reilly & Associates, Inc., 1991.

....suffers from most of the same problems as one large list of terms. 4.3. Results Categories Another variation of a single list of terms is to group all attacks into basic categories that describe the results of an attack. An example is corruption, leakage, and denial, as used by Cohen [Coh95:54; RuG91:10 11] where corruption is the unauthorized modification of information, leakage is when information ends up where it should not be, and denial is when computer or network services are not available for use [Coh95:55] Russell and Gangemi use similar categories but define them using opposite ....

.... ends up where it should not be, and denial is when computer or network services are not available for use [Coh95:55] Russell and Gangemi use similar categories but define them using opposite terms: 1) secrecy and confidentiality; 2) accuracy, integrity, and authenticity; and 3) availability [RuG91:9 10] Other authors use other terms, or use them differently. With the exception of intruders who only want to increase access to a computer or network, or intruders who use computer or network resources without degrading the service of others (theft of resources) Amo94:31] many individual ....

[Article contains additional citation context not shown here]

Deborah Russell and G. T. Gangemi, Sr., Computer Security Basics, O'Reilly & Associates, Inc., Sebastopol, CA, 1991.

....of this document specifies the cryptographic service calls for secret key and public key cryptosystems, an overview of these cryptosystems will be helpful. However, to fully understand these service calls, some familiarity with both cryptosystems is required. Interested readers may wish to read [3] and [4] to learn more about the two prime cryptographic technologies. In secret key cryptography, a secret key is established and shared between two individuals or parties and the same key is used to encrypt or decrypt messages, therefore, it is also referred to as symmetric cryptography. If the ....

.... pubktype; PublicKey; typedef struct union DSAPrivateKey dsaprikey; RSAPrivateKey rsaprikey; priktype; PrivateKey; The following defines the data type Certificate in the C language. Some of the supporting data types may not have been defined. typedef struct BYTE countryName[3]; country name BYTE orgName[64] organization name BYTE orgUnitName[64] optinal organization unit name BYTE personalName[64] personal name Name; typedef struct To be defined UTCTime; typedef struct UTCTime notBefore; UTCTime notAfter; Validity; typedef ....

Deborah Russell and G. T. Gangemi Sr., Computer Security Basics, O'Reilly & Associates, Inc., 1991.

....occurrences can be minimized, but in a real world application, interrupts and other events can occur at any time. A solution must be able to handle events as they occur. 2. 1 Intrusions and Intrusion Detection Computer security is concerned with confidentiality, integrity and availability [Russell and Gangeni (1991)] of resources on a system. Users must be able to trust that the system will keep their data secure from prying eyes, operate as they expect it to, and be available when they need to use it. An intrusion can be defined as [Heady et al. 1990) any set of actions that attempt to compromise the ....

Russell D., and Gangeni Sr. G. 1991. Computer Security Basics. O'Reilly and Associates Inc.

....Spafford 1991) it can be depended upon to behave as it is expected to. This is an intuitive definition we generally will have confidence in a system if it behaves according to our expectations. More formally, security is often described in terms of confidentiality, integrity and availability (Russell and Gangeni Sr. 1991). Confidentiality guarantees that private or secure information will not be accessed by unauthorised users, integrity states that the system and its data will remain intact and unviolated throughout the system lifetime and availability states how the system will be available for use in the face of ....

Russell D., and Gangeni Sr. G. 1991. Computer Security Basics. O'Reilly and Associates Inc.

....controls in both low and high assurance systems, identification and authentication protocols, the use of cryptography in distributed systems, and database technology in trusted systems. With few books to choose from as texts, we elected to use a book that would give an overview of the field [15] and to provide an extensive set of other materials for assigned readings. Because the book had no homework problems, we had to devise all homework sets ourselves. Below is a brief outline of the topics covered in the NPS CISR version of Introduction to Computer Security. The references are to the ....

Russell, D., and Gangemi, G. T., Computer Security Basics, O'Reilly & Associates, Inc., 1991.

....is not always clearcut. Safety is mostly concerned with the behavior of systems in the presence of bugs, but as a lack of safety can be exploited for security breaches, safety becomes a necessary (but not sufficient) prerequisite for security. We distinguish between four security properties [RS91] 2 Intranet is a popular term for local networks using Internet technologies. RR n3134 6 Tommy Thorn Confidentiality, also known as secrecy: it concerns the absence of leakage of private information (which often occurs through a covert channel, i.e. a channel that is not explicitly intended ....

D. Russell and G. T. Gangemi Sr. Computer Security Basics. O'Reilly & Associates, Inc., 1991.

....are of the concern of database security. Database security comprises a set of measures, policies, and mechanisms to provide secrecy, integrity, and availability of data and to protect the system from possible attacks which might be launched by insiders and outsiders, either malicious or accidental [23, 111]. The aim of secrecy (or confidentiality) is to keep information unreadable for outsiders while making it available for authorized users. Integrity of information covers methods and techniques to protect information against illegal modification. Availability of information ensures that ....

D. Russell and G. T. Gangemi. Computer Security Basic. O'Reill & Associates, 1991.

....and design principles that must be followed to successfully build secure systems. Designing and building secure systems involves an understanding of foundational aspects of operating systems, software engineering, modeling, and many other fundamental areas of computer science and engineering, see [10, 30, 46, 35, 3]. The framework described in this paper provides a blueprint for achieving an information security education with an appropriately broad scope. 6 Conclusions The increasing use, reliance upon, and vulnerability of current large scale information systems demands that more resilient, reliable, and ....

Deborah Russell and G.T. Gangemi. Computer Security Basics. O'Reilly and Associates, Inc., Sebastopol, CA, 1991.

....of this document specifies the cryptographic service calls for secret key and public key cryptosystems, an overview of these cryptosystems will be helpful. However, to fully understand these service calls, some familiarity with both cryptosystems is required. Interested readers may wish to read [3] and [4] to learn more about the two prime cryptographic technologies. In secret key cryptography, a secret key is established and shared between two individuals or parties and the same key is used to encrypt or decrypt messages, therefore, it is also referred to as symmetric cryptography. If the ....

.... pubktype; PublicKey; typedef struct union DSAPrivateKey dsaprikey; RSAPrivateKey rsaprikey; priktype; PrivateKey; The following defines the data type Certificate in the C language. Some of the supporting data types may not have been defined. typedef struct BYTE countryName[3]; country name BYTE orgName[64] organization name BYTE orgUnitName[64] optinal organization unit name BYTE personalName[64] personal name Name; typedef struct To be defined UTCTime; typedef struct UTCTime notBefore; UTCTime notAfter; Validity; typedef ....

Deborah Russell and G. T. Gangemi Sr., Computer Security Basics, O'Reilly & Associates, Inc., 1991.

....of this document specifies the cryptographic service calls for secret key and public key cryptosystems, an overview of these cryptosystems will be helpful. However, to fully understand these service calls, some familiarity with both cryptosystems is required. Interested readers may wish to read [3] and [4] to learn more about the two prime cryptographic technologies. In secret key cryptography, a secret key is established and shared between two individuals or parties and the same key is used to encrypt or decrypt messages, therefore, it is also referred to as symmetric cryptography. If the ....

.... pubktype; PublicKey; typedef struct union DSAPrivateKey dsaprikey; RSAPrivateKey rsaprikey; priktype; PrivateKey; The following defines the data type Certificate in the C language. Some of the supporting data types may not have been defined. typedef struct BYTE countryName[3]; country name BYTE orgName[64] organization name BYTE orgUnitName[64] optinal organization unit name BYTE personalName[64] personal name Name; typedef struct To be defined UTCTime; typedef struct UTCTime notBefore; UTCTime notAfter; Validity; typedef ....

Deborah Russell and G. T. Gangemi Sr., Computer Security Basics, O'Reilly & Associates, Inc., 1991.

....by Thimbleby and his colleagues. Other forms of self reproducing and usually malicious software have also been written. Although no formal definitions have been accepted by the entire community to describe this software, there are some informal definitions that seem to be commonly accepted (cf. [21]) Several of these are often discussed by analogy to living organisms. This tendency towards anthropomorphism has perhaps led to some confusion about the nature of this software. Rather than discuss each of these software forms here, possibly adding to the confusion, the remainder of this paper ....

Deborah Russell and Sr. G. T. Gangemi. Computer Security Basics. O'Reilly & Associates, Cambridge, MA, 1991.

....for host configurations for all hosts on the Internet, while the orange book[7] is the classification of all hosts on the basis of their security. O Reilly and Associates has recently published two new books on security. These are Computer Security Basics by Deborah Russell and G.T.Gangemi Sr. [25] and Practical UNIX Security by Simson Garfinkel and Gene Spafford[10] It should be mentioned that this is by no means an exhaustive list of the available literature on security issues related to the Internet. 4.3 Mailing lists There are a variety of lists where security related announcements ....

D Russell and G T Gangemi Sr. Computer Security Basics. O'Reilly & Associates, not known.

....host configurations for all hosts on the Internet, while the orange book[8] is the classification of all hosts on the basis of their security. ffl O Reilly and Associates has recently published two new books on security. These are Computer Security Basics by Deborah Russell and G.T.Gangemi Sr. [24] and Practical UNIX Security by Simson Garfinkel and Gene Spafford[11] Kannan Varadhan [Page 11] OARnet document OARnet Security Procedures September 15, 1992 4.3 Mailing lists There are a variety of lists where security related announcements are made. ffl CERT puts out advisories from time ....

Deborah Russell and G T Gangemi Sr. Computer Security Basics. O'Reilly & Associates, not known.

No context found.

D. Russell and G.T. Gangemi. Computer Security Basics. O'Reilly & Associates Inc., Sebastopol, California, 1991.

No context found.

D. Russell and G. T. Gangemi Sr. Computer Security Basics. O'Reilly & Associates, Inc., 1991.

No context found.

. Russell, D. and Gangemi Sr., G. T., Computer Security Basics, O'Reilly & Associates, 1991.

No context found.

G. T. Russell, Deborah & Gangemi Sr. Computer Security Basics. O'Reilly & Associates, Inc., 1991.

No context found.

Deborah Russell, G. T. Gangemi Sr.: Computer Security Basics. Chapter 10: TEMPEST, O'Reilly & Associates, 1991, ISBN 0-937175-71-4

No context found.

D. Russell and G. Gangemi, "Computer Security Basics" O'Reilly & Associates, Sebastopol, CA, 1991.

No context found.

Deborah Russell, G. T. Gangemi Sr.: Computer Security Basics, Chapter 10: TEMPEST, O'Reilly & Associates, 1991.

No context found.

Russell, Deborah & Gangemi, G. T., Computer Security Basics, O'Reilly & Associates, 1991.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC