Tools

LEADER 08291cam 2200553 a 4500

001 ocn144216832;

003 OCoLC;

005 20141212071715.0;

008 100615s2011 flua b 001 0 eng ;

010 a| 2010022619;

020 a| 9781584888628 (hardcover : alk. paper);

020 a| 1584888628 (hardcover : alk. paper);

029 1 a| AU@b| 000045747281;

035 a| (Sirsi) o144216832;

035 a| (OCoLC)144216832;

049 a| EREE;

050 00 a| QA76.9.A25b| C446 2011;

082 00 a| 005.82| 22;

100 1 a| Chin, Shiu-Kai.=| ^A1049537;

245 10 a| Access control, security, and trust :b| a logical approach /c| Shiu-Kai Chin, Susan Older.;

300 a| xxi, 322 pages :b| illustrations ;c| 25 cm.;

336 a| text2| rdacontent;

337 a| unmediated2| rdamedia;

338 a| volume2| rdacarrier;

490 1 a| Chapman & Hall/CRC cryptography and network security;

504 a| Includes bibliographical references and indexes.;

505 0 a| 1 Access Control, Security, Trust, and Logic -- 1.1 Deconstructing Access-Control Decisions -- 1.2 A Logical Approach to Access Control -- I Preliminaries -- 2 A Language for Access Control -- 2.1 Sets and Relations -- 2.1.1 Notation -- 2.1.2 Approaches for Mathematical Proofs -- 2.2 Syntax -- 2.2.1 Principal Expressions -- 2.2.2 Access-Control Statements -- 2.2.3 Well-Formed Formulas -- 2.3 Semantics -- 2.3.1 Kripke Structures -- 2.3.2 Semantics of the Logic -- 3 Reasoning about Access Control -- 3.1 Logical Rules -- 3.1.1 The Taut Rule -- 3.1.2 The Modus Ponens Rule -- 3.1.3 The Says Rule -- 3.1.4 The MP Says Rule -- 3.1.5 The Speaks For Rule -- 3.1.6 The & Says and Quoting Rules -- 3.1.7 Properties of --> -- 3.1.8 The Equivalence Rule -- 3.1.9 The Controls Definition -- 3.2 Formal Proofs and Theorems -- 3.3 Soundness of Logical Rules -- 4 Basic Concepts -- 4.1 Reference Monitors -- 4.2 Access-Control Mechanisms: Tickets and Lists -- 4.2.1 Tickets -- 4.2.2 Lists -- 4.2.3 Logical and Pragmatic Implications -- 4.3 Authentication -- 4.3.1 Two-Factor Authentication -- 4.3.2 Using Credentials from Other Authorities;

505 0 a| 5 Security Policies -- 5.1 Confidentiality, Integrity, and Availability -- 5.2 Discretionary Security Policies -- 5.3 Mandatory Security Policies -- 5.4 Military Security Policies -- 5.4.1 Extending the Logic with Security levels -- 5.4.2 Expressing Military Security Policies -- 5.4.3 Military Security Policies: An Extended Example -- 5.5 Commercial Policies -- 5.5.1 Extending the Logic with Integrity Levels -- 5.5.2 Protecting Integrity -- 5.5.3 Strict Integrity -- 5.5.4 An Extended Example of a Strict Integrity Policy -- II Distributed Access Control -- 6 Digital Authentication -- 6.1 Public-Key Cryptography -- 6.2 Efficiency Mechanisms -- 6.2.1 Cryptographic Hash Functions -- 6.2.2 Data-Encryption Keys -- 6.2.3 Digital Signatures -- 6.3 Reasoning about Cryptographic Communications -- 6.4 Certificates, Certificate Authorities, and Trust -- 6.5 Symmetric-Key Cryptography -- 7 Delegation -- 7.1 Simple Delegations -- 7.2 Delegation and Its Properties -- 7.3 A Delegation Example: Simple Checking -- 7.3.1 Formal Definitions of Checks -- 7.3.2 Bank Policies on Checks -- 7.3.3 Operating Rules for Checks -- 8 Networks: Case Studies -- 8.1 SSL and TLS: Authentication across the Web -- 8.1.1 Handshake Protocol -- 8.1.2 Record Protocol -- 8.2 Kerberos: Authentication for Distributed Systems -- 8.2.1 Initial Authentication Requests -- 8.2.2 Requests for Service-Specific Tickets -- 8.2.3 Requests for Services -- 8.2.4 Proxiable Tickets -- 8.3 Financial Networks -- 8.3.1 Electronic Clearinghouses -- 8.3.2 Bank Authorities, Jurisdiction, and Policies -- 8.3.3 Bank Operating Rules;

505 0 a| III Isolation and Sharing -- 9 A Primer on Computer Hardware -- 9.1 Ones and Zeros -- 9.2 Synchronous Design -- 9.2.1 Synchronous Registers -- 9.2.2 Registers with Load Control -- 9.2.3 Registers with Tri-State Outputs -- 9.2.4 Combinational Logic and Functions -- 9.2.5 Arithmetic Logic Units -- 9.3 Microcode -- 9.3.1 Data Paths and Control Paths -- 9.3.2 Microprogramming -- 10 Virtual Machines and Memory Protection -- 10.1 A Simple Processor -- 10.1.1 Processor Components -- 10.1.2 Machine Instructions -- 10.2 Processors with Memory Segmentation -- 10.2.1 Segmentation Using a Relocation Register -- 10.2.2 Processor State and Instructions -- 10.2.3 Program Status Word -- 10.2.4 Traps -- 10.3 Controlling Access to Memory and Segmentation Registers -- 10.3.1 Access to Program Memory -- 10.3.2 Implementation Details -- 10.3.3 Access to the Relocation Register -- 10.3.4 Setting the Mode Bit -- 10.4 Design of the Virtual Machine Monitor -- 10.4.1 Privileged Instructions -- 10.4.2 Sensitive Instructions -- 10.4.3 Virtualizable Processor Architectures -- 11 Access Control Using Descriptors and Capabilities -- 11.1 Address Descriptors and Capabilities -- 11.2 Tagged Architectures -- 11.3 Capability Systems -- 11.3.1 Catalogs -- 11.3.2 Creating New Segments -- 11.3.3 Dynamic Sharing -- 11.3.4 Revocation of Capabilities;

505 0 a| 12 Access Control Using Lists and Rings -- 12.1 Generalized Addresses -- 12.2 Segment Access Controllers -- 12.3 ACL-Based Access Policy for Memory Accesses -- 12.4 Ring-Based Access Control -- 12.4.1 Access Brackets -- 12.4.2 Call Brackets -- IV Access Policies -- 13 Confidentiality and Integrity Policies -- 13.1 Classifications and Categories -- 13.2 Bell-La Padula Model, Revisited -- 13.3 Confidentiality levels: Some Practical Considerations -- 13.4 Biba's Strict Integrity, Revisited -- 13.5 Lipner's Integrity Model -- 13.5.1 Commercial Integrity Requirements -- 13.5.2 Commercial Integrity via Bell-La Padula -- 13.5.3 Commercial Integrity via Bell-La Padula and Strict Integrity -- 14 Role-Based Access Control -- 14.1 RBAC Fundamentals -- 14.1.1 Role Inheritance -- 14.1.2 Sessions -- 14.2 Separation of Duty -- 14.2.1 Static Separation of Duty -- 14.2.2 Dynamic Separation of Duty -- 14.3 Representing RBAC Systems in the Logic -- 14.3.1 RBAC Extensions to the Logic -- 14.3.2 Translating RBAC into the Logic 305;

520 a| "Developed from the authors' courses at Syracuse University and the U.S. Air Force Research Laboratory, Access Control, Security, and Trust: A Logical Approach equips readers with an access control logic they can use to specify and verify their security designs. Throughout the text, the authors use a single access control logic based on a simple propositional modal logic.;

520 a| The first part of the book presents the syntax and semantics of access control logic, basic access control concepts, and an introduction to confidentiality and integrity policies. The second section covers access control in networks, delegation, protocols, and the use of cryptography. In the third section, the authors focus on hardware and virtual machines. The final part discusses confidentiality, integrity, and role-based access control.;

520 a| Taking a logical, rigorous approach to access control, this book shows how logic is a useful tool for analyzing security designs and spelling out the conditions upon which access control decisions depend. It is designed for computer engineers and computer scientists who are responsible for designing, implementing, and verifying secure computer and information systems."--pub. desc.;

650 0 a| Computersx| Access control.=| ^A83351;

650 0 a| System design.=| ^A123910;

700 1 a| Older, Susan Beth.=| ^A1049538;

830 0 a| Chapman & Hall/CRC cryptography and network security.=| ^A771472;

949 a| QA76.9.A25 C446 2011h| JOYNER48o| jmpli| 30372015706788;

938 a| Baker and Taylorb| BTCPn| BK0006976850;

938 a| Baker & Taylorb| BKTYc| 89.95d| 89.95i| 1584888628n| 0006976850s| active;

938 a| YBP Library Servicesb| YANKn| 3312300;

938 a| Blackwell Book Serviceb| BBUSn| R2861532c| $89.95;

938 a| Coutts Information Servicesb| COUTn| 8018110;

994 a| C0b| ERE;

596 a| 1;

998 a| 2580292;

999 a| QA76.9.A25 C446 2011w| LCc| 1i| 30372015706788d| 4/1/2019e| 1/14/2019f| 2/26/2013g| 1l| JGESm| JOYNERn| 2q| 1r| Ys| Yt| JGESBKu| 9/29/2011x| BOOKz| JSTACKSo| .STAFF. jmpl;

Access control, security, and trust : a logical approach / Shiu-Kai Chin, Susan Older.

Author/creator	Chin, Shiu-Kai
Other author	Older, Susan Beth.
Format	Book
Publication Info	Boca Raton, FL : Chapman & Hall/CRC, ©2011.
Description	xxi, 322 pages : illustrations ; 25 cm.
Subjects	Computers--Access control. System design.

Series	Chapman & Hall/CRC cryptography and network security Chapman & Hall/CRC cryptography and network security. ^A771472
Contents	1 Access Control, Security, Trust, and Logic -- 1.1 Deconstructing Access-Control Decisions -- 1.2 A Logical Approach to Access Control -- I Preliminaries -- 2 A Language for Access Control -- 2.1 Sets and Relations -- 2.1.1 Notation -- 2.1.2 Approaches for Mathematical Proofs -- 2.2 Syntax -- 2.2.1 Principal Expressions -- 2.2.2 Access-Control Statements -- 2.2.3 Well-Formed Formulas -- 2.3 Semantics -- 2.3.1 Kripke Structures -- 2.3.2 Semantics of the Logic -- 3 Reasoning about Access Control -- 3.1 Logical Rules -- 3.1.1 The Taut Rule -- 3.1.2 The Modus Ponens Rule -- 3.1.3 The Says Rule -- 3.1.4 The MP Says Rule -- 3.1.5 The Speaks For Rule -- 3.1.6 The & Says and Quoting Rules -- 3.1.7 Properties of --> -- 3.1.8 The Equivalence Rule -- 3.1.9 The Controls Definition -- 3.2 Formal Proofs and Theorems -- 3.3 Soundness of Logical Rules -- 4 Basic Concepts -- 4.1 Reference Monitors -- 4.2 Access-Control Mechanisms: Tickets and Lists -- 4.2.1 Tickets -- 4.2.2 Lists -- 4.2.3 Logical and Pragmatic Implications -- 4.3 Authentication -- 4.3.1 Two-Factor Authentication -- 4.3.2 Using Credentials from Other Authorities
Contents	5 Security Policies -- 5.1 Confidentiality, Integrity, and Availability -- 5.2 Discretionary Security Policies -- 5.3 Mandatory Security Policies -- 5.4 Military Security Policies -- 5.4.1 Extending the Logic with Security levels -- 5.4.2 Expressing Military Security Policies -- 5.4.3 Military Security Policies: An Extended Example -- 5.5 Commercial Policies -- 5.5.1 Extending the Logic with Integrity Levels -- 5.5.2 Protecting Integrity -- 5.5.3 Strict Integrity -- 5.5.4 An Extended Example of a Strict Integrity Policy -- II Distributed Access Control -- 6 Digital Authentication -- 6.1 Public-Key Cryptography -- 6.2 Efficiency Mechanisms -- 6.2.1 Cryptographic Hash Functions -- 6.2.2 Data-Encryption Keys -- 6.2.3 Digital Signatures -- 6.3 Reasoning about Cryptographic Communications -- 6.4 Certificates, Certificate Authorities, and Trust -- 6.5 Symmetric-Key Cryptography -- 7 Delegation -- 7.1 Simple Delegations -- 7.2 Delegation and Its Properties -- 7.3 A Delegation Example: Simple Checking -- 7.3.1 Formal Definitions of Checks -- 7.3.2 Bank Policies on Checks -- 7.3.3 Operating Rules for Checks -- 8 Networks: Case Studies -- 8.1 SSL and TLS: Authentication across the Web -- 8.1.1 Handshake Protocol -- 8.1.2 Record Protocol -- 8.2 Kerberos: Authentication for Distributed Systems -- 8.2.1 Initial Authentication Requests -- 8.2.2 Requests for Service-Specific Tickets -- 8.2.3 Requests for Services -- 8.2.4 Proxiable Tickets -- 8.3 Financial Networks -- 8.3.1 Electronic Clearinghouses -- 8.3.2 Bank Authorities, Jurisdiction, and Policies -- 8.3.3 Bank Operating Rules
Contents	III Isolation and Sharing -- 9 A Primer on Computer Hardware -- 9.1 Ones and Zeros -- 9.2 Synchronous Design -- 9.2.1 Synchronous Registers -- 9.2.2 Registers with Load Control -- 9.2.3 Registers with Tri-State Outputs -- 9.2.4 Combinational Logic and Functions -- 9.2.5 Arithmetic Logic Units -- 9.3 Microcode -- 9.3.1 Data Paths and Control Paths -- 9.3.2 Microprogramming -- 10 Virtual Machines and Memory Protection -- 10.1 A Simple Processor -- 10.1.1 Processor Components -- 10.1.2 Machine Instructions -- 10.2 Processors with Memory Segmentation -- 10.2.1 Segmentation Using a Relocation Register -- 10.2.2 Processor State and Instructions -- 10.2.3 Program Status Word -- 10.2.4 Traps -- 10.3 Controlling Access to Memory and Segmentation Registers -- 10.3.1 Access to Program Memory -- 10.3.2 Implementation Details -- 10.3.3 Access to the Relocation Register -- 10.3.4 Setting the Mode Bit -- 10.4 Design of the Virtual Machine Monitor -- 10.4.1 Privileged Instructions -- 10.4.2 Sensitive Instructions -- 10.4.3 Virtualizable Processor Architectures -- 11 Access Control Using Descriptors and Capabilities -- 11.1 Address Descriptors and Capabilities -- 11.2 Tagged Architectures -- 11.3 Capability Systems -- 11.3.1 Catalogs -- 11.3.2 Creating New Segments -- 11.3.3 Dynamic Sharing -- 11.3.4 Revocation of Capabilities
Contents	12 Access Control Using Lists and Rings -- 12.1 Generalized Addresses -- 12.2 Segment Access Controllers -- 12.3 ACL-Based Access Policy for Memory Accesses -- 12.4 Ring-Based Access Control -- 12.4.1 Access Brackets -- 12.4.2 Call Brackets -- IV Access Policies -- 13 Confidentiality and Integrity Policies -- 13.1 Classifications and Categories -- 13.2 Bell-La Padula Model, Revisited -- 13.3 Confidentiality levels: Some Practical Considerations -- 13.4 Biba's Strict Integrity, Revisited -- 13.5 Lipner's Integrity Model -- 13.5.1 Commercial Integrity Requirements -- 13.5.2 Commercial Integrity via Bell-La Padula -- 13.5.3 Commercial Integrity via Bell-La Padula and Strict Integrity -- 14 Role-Based Access Control -- 14.1 RBAC Fundamentals -- 14.1.1 Role Inheritance -- 14.1.2 Sessions -- 14.2 Separation of Duty -- 14.2.1 Static Separation of Duty -- 14.2.2 Dynamic Separation of Duty -- 14.3 Representing RBAC Systems in the Logic -- 14.3.1 RBAC Extensions to the Logic -- 14.3.2 Translating RBAC into the Logic 305
Abstract	"Developed from the authors' courses at Syracuse University and the U.S. Air Force Research Laboratory, Access Control, Security, and Trust: A Logical Approach equips readers with an access control logic they can use to specify and verify their security designs. Throughout the text, the authors use a single access control logic based on a simple propositional modal logic.
Abstract	The first part of the book presents the syntax and semantics of access control logic, basic access control concepts, and an introduction to confidentiality and integrity policies. The second section covers access control in networks, delegation, protocols, and the use of cryptography. In the third section, the authors focus on hardware and virtual machines. The final part discusses confidentiality, integrity, and role-based access control.
Abstract	Taking a logical, rigorous approach to access control, this book shows how logic is a useful tool for analyzing security designs and spelling out the conditions upon which access control decisions depend. It is designed for computer engineers and computer scientists who are responsible for designing, implementing, and verifying secure computer and information systems."--pub. desc.
Bibliography note	Includes bibliographical references and indexes.
LCCN	2010022619
ISBN	9781584888628 (hardcover : alk. paper)
ISBN	1584888628 (hardcover : alk. paper)

Access control, security, and trust : a logical approach / Shiu-Kai Chin, Susan Older.

Click here for more information about this title