- 博客(0)
- 资源 (3)
空空如也
Computer Security: Art and Science 计算机安全:艺术与科学 PDF版
本书详尽地介绍了计算机安全的理论与实践,阐释了该领域最基本和最普遍的知识,包括计算机安全的本质和面临的挑战,策略与安全的关系,密码学的角色与应用,策略实现机制,保障技术和方法学,脆弱性分析和入侵检测等。同时把计算机系统、网络、人为因素和密码学等概念融为一体,本书可作为信息安全、计算机等相关专业本科生、研究生的教科书和学习参考书,也可作为维护网络和计算机系统安全的管理人员、信息安全技术开发人员的工具书和参考书。
The importance of computer security has increased dramatically during the past few years. Bishop provides a monumental reference for the theory and practice of computer security. This is a textbook intended for use at the advanced undergraduate and introductory graduate levels, non-University training courses, as well as reference and self-study for security professionals. Comprehensive in scope, this covers applied and practical elements, theory, and the reasons for the design of applications and security techniques. Bishop treats the management and engineering issues of computer. Excellent examples of ideas and mechanisms show how disparate techniques and principles are combined (or not) in widely-used systems. Features a distillation of a vast number of conference papers, dissertations and books that have appeared over the years, providing a valuable synthesis. This book is acclaimed for its scope, clear and lucid writing, and its combination of formal and theoretical aspects with real systems, technologies, techniques, and policies.
Preface
Goals
Philosophy
Organization
Roadmap
Dependencies
Background
UndergraduateLevel
GraduateLevel
Practitioners
SpecialAcknowledgment
Acknowledgments
PART1:INTRODUCTION
ChapterIAnOverviewofComputerSecurity
1.1TheBasicComponents
1.2Threats
1.3PolicyandMechanism
1.4AssumptionsandTrust
1.5Assurance
1.6OperationalIssues
1.7HumanIssues
1.8TyingItAllTogether
1.9Summary
1.10ResearchIssues
1.11FurtherReading
1.12Exercises
PART2:FOUNDATIONS
Chapter2AccessControlMatrix
2.1ProtectionState
2.2AccessControlMatrixModel
2.3ProtectionStateTransitions
2.4Copying,Owning,andtheAttenuationofPrivilege
2.5Summary
2.6ResearchIssues
2.7FurtherReading
2.8Exercises
Chapter3FoundationalResults
3.1TheGeneralQuestion
3.2BasicResults
3.3TheTake-GrantProtectionModel
3.4ClosingtheGap
3.5ExpressivePowerandtheModels
3.6Summary
3.7ResearchIssues
3.8FurtherReading
3.9Exercises
PART3:POLICY
Chapter4SecurityPolicies
4.1SecurityPolicies
4.2TypesofSecurityPolicies
4.3TheRoleofTrust
4.4TypesofAccessControl
4.5PolicyLanguages
4.6Example:AcademicComputerSecurityPolicy
4.7SecurityandPrecision
4.8Summary
4.9ResearchIssues
4.10FurtherReading
4.11Exercises
Chapter5ConfidentialityPolicies
5.1GoalsofConfidentialityPolicies
5.2TheBell-LaPadulaModel
5.3Tranquility
5.4TheControversyovertheBell-LaPadulaModel
5.5Summary
5.6ResearchIssues
5.7FurtherReading
5.8Exercises
Chapter6IntegrityPolicies
6.1Goals
6.2BibaIntegrityModel
6.3Lipner'sIntegrityMatrixModel
6.4Clark-WilsonIntegrityModel
6.5Summary
6.6ResearchIssues
6.7FurtherReading
6.8Exercises
Chapter7HybridPolicies
7.1ChineseWallModel
7.2ClinicalInformationSystemsSecurityPolicy
7.3OriginatorControlledAccessControl
7.4Role-BasedAccessControl
7.5Summary
7.6ResearchIssues
7.7FurtherReading
7.8Exercises
Chapter8NoninterferenceandPolicyComposition
8.1TheProblem
8.2DeterministicNoninterference
8.3Nondeducibility
8.4GeneralizedNoninterference
8.5Restrictiveness
8.6Summary
8.7ResearchIssues
8.8FurtherReading
8.9Exercises
PART4:IMPLEMENTATIONI:CRYPTOGRAPHY
Chapter9BasicCryptography
9.1WhatIsCryptography?
9.2ClassicalCryptosystems
9.3PublicKeyCryptography
9.4CryptographicChecksums
9.5Summary
9.6ResearchIssues
9.7FurtherReading
9.8Exercises
Chapter10KeyManagement
10.1SessionandInterchangeKeys
10.2KeyExchange
10.3KeyGeneration
10.4CryptographicKeyInfrastructures
10.5StoringandRevokingKeys
10.6DigitalSignatures
10.7Summary
10.8ResearchIssues
10.9FurtherReading
10.10Exercises
Chapter11CipherTechniques
11.1Problems
11.2StreamandBlockCiphers
11.3NetworksandCryptography
11.4ExampleProtocols
11.5Summary
11.6ResearchIssues
11.7FurtherReading
11.8Exercises
Chapter12Authentication
12.1AuthenticationBasics
12.2Passwords
12.3Challenge-Response
12.4Biometrics
12.5Location
12.6MultipleMethods
12.7Summary
12.8ResearchIssues
12.9FurtherReading
12.10Exercises
PART5:IMPLEMENTATIONII:SYSTEMS
Chapter13DesignPrinciples
13.1Overview
13.2DesignPrinciples
13.3Summary
13.4ResearchIssues
13.5FurtherReading
13.6Exercises
Chapter14RepresentingIdentity
14.1WhatIsIdentity?
14.2FilesandObjects
14.3Users
14.4GroupsandRoles
14.5NamingandCertificates
14.6IdentityontheWeb
14.7Summary
14.8ResearchIssues
14.9FurtherReading
14.10Exercises
Chapter15AccessControlMechanisms
15.1AccessControlLists
15.2Capabilities
15.3LocksandKeys
15.4Ring-BasedAccessControl
15.5PropagatedAccessControlLists
15.6Summary
15.7ResearchIssues
15.8FurtherReading
15.9Exercises
Chapter16InformationFlow
16.1BasicsandBackground
16.2NonlatticeInformationFlowPolicies
16.3Compiler-BasedMechanisms
16.4Execution-BasedMechanisms
16.5ExampleInformationFlowControls
16.6Summary
16.7ResearchIssues
16.8FurtherReading
16.9Exercises
Chapter17ConfinementProblem
17.1TheConfinementProblem
17.2Isolation
17.3CovertChannels
17.4Summary
17.5ResearchIssues
17.6FurtherReading
17.7Exercises
PART6:ASSURANCEContributedbyElisabethSullivan
Chapter18IntroductiontoAssurance
18.1AssuranceandTrust
18.2BuildingSecureandTrustedSystems
18.3Summary
18.4ResearchIssues
18.5FurtherReading
18.6Exercises
Chapter19BuildingSystemswithAssurance
19.1AssuranceinRequirementsDefinitionandAnalysis
19.2AssuranceDuringSystemandSoftwareDesign
19.3AssuranceinImplementationandIntegration
19.4AssuranceDuringOperationandMaintenance
19.5Summary
19.6ResearchIssues
19.7FurtherReading
19.8Exercises
Chapter20FormalMethods
20.1FormalVerificationTechniques
20.2FormalSpecification
20.3EarlyFormalVerificationTechniques
20.4CurrentVerificationSystems
20.5Summary
20.6ResearchIssues
20.7FurtherReading
20.8Exercises
Chapter21EvaluatingSystems
21.1GoalsofFormalEvaluation
21.2TCSEC:1983-1999
21.3InternationalEffortsandtheITSEC:1991-2001
21.4CommercialInternationalSecurityRequirements:1991
21.5OtherCommercialEfforts:Early1990s
21.6TheFederalCriteria:1992
21.7FIPS140:1994-Present
21.8TheCommonCriteria:1998-Present
21.9SSE-CMM:1997-Present
21.10Summary
21.11ResearchIssues
21.12FurtherReading
21.13Exercises
PART7:SPECIALTOPICS
Chapter22MaliciousLogic
22.1Introduction
22.2TrojanHorses
22.3ComputerViruses
22.4ComputerWorms
22.5OtherFormsofMaliciousLogic
22.6TheoryofMaliciousLogic
22.7Defenses
22.8Summary
22.9ResearchIssues
22.10FurtherReading
22.11Exercises
Chapter23VulnerabilityAnalysis
23.1Introduction
23.2PenetrationStudies
23.3VulnerabilityClassification
23.4Frameworks
23.5GuptaandGligor'sTheoryofPenetrationAnalysis
23.6Summary
23.7ResearchIssues
23.8FurtherReading
23.9Exercises
Chapter24Auditing
24.1Definitions
24.2AnatomyofanAuditingSystem
24.3DesigninganAuditingSystem
24.4APosterioriDesign
24.5AuditingMechanisms
24.6Examples:AuditingFileSystems
24.7AuditBrowsing
24.8Summary
24.9ResearchIssues
24.10FurtherReading
24.11Exercises
Chapter25IntrusionDetection
25.1Principles
25.2BasicIntrusionDetection
25.3Models
25.4Architecture
25.5OrganizationofIntrusionDetectionSystems
25.6IntrusionResponse
25.7Summary
25.8ResearchIssues
25.9FurtherReading
25.10Exercises
PART8:PRACTICUM
Chapter26NetworkSecurity
26.1Introduction
26.2PolicyDevelopment
26.3NetworkOrganization
26.4AvailabilityandNetworkFlooding
26.5AnticipatingAttacks
26.6Summary
26.7ResearchIssues
26.8FurtherReading
26.9Exercises
Chapter27SystemSecurity
27.1Introduction
27.2Policy
27.3Networks
27.4Users
27.5Authentication
27.6Processes
27.7Files
27.8Retrospective
27.9Summary
27.10ResearchIssues
27.11FurtherReading
27.12Exercises
Chapter28UserSecurity
28.1Policy
28.2Access
28.3FilesandDevices
28.4Processes
28.5ElectronicCommunications
28.6Summary
28.7ResearchIssues
28.8FurtherReading
28.9Exercises
Chapter29ProgramSecurity
29.1Introduction
29.2RequirementsandPolicy
29.3Design
29.4RefinementandImplementation
29.5CommonSecurity-RelatedProgrammingProblems
29.6Testing,Maintenance,andOperation
29.7Distribution
29.8Conclusion
29.9Summary
29.10ResearchIssues
29.11FurtherReading
29.12Exercises
PART9:ENDMATTER
Chapter30Lattices
30.1Basics
30.2Lattices
30.3Exercises
Chapter31TheExtendedEuclideanAlgorithm
31.1TheEuclideanAlgorithm
31.2TheExtendedEuclideanAlgorithm
31.3Solvingaxmodn=1
31.4Solvingaxmodn=b
31.5Exercises
Chapter32EntropyandUncertainty
32.1ConditionalandJointProbability
32.2EntropyandUncertainty
32.3JointandConditionalEntropy
32.4Exercises
Chapter33VirtualMachines
33.1VirtualMachineStructure
33.2VirtualMachineMonitor
33.3Exercises
Chapter34SymbolicLogic
34.1PropositionalLogic
34.2PredicateLogic
34.3TemporalLogicSystems
34.4Exercises
Chapter35ExampleAcademicSecurityPolicy
35.1UniversityofCaliforniaE-mailPolicy
35.2TheAcceptableUsePolicyfortheUniversityofCalifomia,Davis
Bibliography
Index
2014-03-02
疯狂Android讲义源码
疯狂Android讲义目录结构:
第2章、Android应用程序界面设计,即View
2.2、布局管理(Layout):LinearLayout、TableLayout、FrameLayout、RelativeLayout;
2.3、基本界面组件:TextView、EditText; Button、ImageButton; 9Patch; RadioButton、CheckBox;
ToggleButton;AnalogClock、DigitalClock; ImageView;
2.4、高级界面组件:AutoCompleteTextView; Spinner; DatePicker、TimePicker; ProgressBar;
SeekBar; RatingBar; TabHost; ScrollView; ListView、ListActivity;
ExpandableListView; GridView、ImageSwitcher; Gallery;
2.5、对话框:AlertDialog; PopupWindow; DatePickerDialog、TimePickerDialog; ProgressDialog;
2.6、消息提示:Toast; Notification;
2.7、菜单:OptionMenu、SubMenu; ContextMenu;
第3章、Android事件处理,包括按键响应机制和消息传递机制
3.2、基于监听器的事件处理:
3.3、基于回调的事件的处理:
3.4、响应系统设置的事件:
3.5、Handler消息传递机制:
第4章、深入理解Activity
4.1、建立、配置和使用Activity:
4.2、Activity的回调机制:
4.3、Activity的生命周期:
第5章、使用Intent和IntentFilter进行通信
5.1、Intent对象详解:
5.2、Intent的属性及intent-filter配置:Component属性; Action、Category属性与intent-filter配置;
Data、Type属性与intent-filter配置; Extra属性;
5.3、使用Intent创建Tab页面:
第6章、Android应用的资源
6.1、资源的类型及存储方式:
6.2、使用字符串、颜色、尺寸资源:
6.3、数组资源:
6.4、使用Drawable资源:图片资源; StateListDrawable资源; LayerDrawable资源; ShapeDrawable资源;
ClipDrawable资源; AnimationDrawable资源;
6.5、使用原始XML资源:
6.6、使用Layout资源:
6.7、使用菜单(Menu)资源:
6.8、样式(Style)和主题(Theme)资源:
6.9、属性(Attribute)资源:
6.10、使用原始资源:
6.11、国际化和资源自适应:
第7章、图形与图像处理
7.1、使用简单图片:Drawable; Bitmap、BitmapFactory;
7.2、绘图:Canvas; Paint; Path;
7.3、图形特效处理:使用Matrix控制变换; 使用drawBitmapMesh扭曲图像; 使用Shader填充图形;
7.4、逐帧(Frame)动画:AnimationDrawable;
7.5、补间(Tween)动画:Interpolator; 位置、大小、旋转度、透明度;
7.6、使用SurfaceView实现动画:
第8章、Android的数据存储和IO
8.1、使用SharedPreferences:SharedPreferences; Editor;
8.2、File存储:openFileOutput和openFileInput; 读写SD卡文件;
8.3、SQLite数据库:SQL语句; SQLiteDatabase; SQLiteOpenHelper; sqlite3 tools;
8.4、手势(Gesture):
8.5、自动朗读(TTS):
8.6、网络存储:
第9章、使用ContentProvider实现数据共享
9.1、数据共享标准:ContentProvider; Uri; ContentResolver;
9.2、操作系统的ContentProvider:使用ContentProvider管理联系人和多媒体;
9.3、实现ContentProvider:创建ContentProvider的步骤;
9.4、监听ContentProvider的数据:ContentObserver;
第10章、Service与BroadcastReceiver
10.1、Service:Service的创建、配置、启动、停止、绑定和通信; Service的生命周期;
10.2、跨进程调用Service(AIDL服务):创建AIDL文件; 将接口暴露给客户端; 客户端访问AIDLService;
10.3、电话管理器:TelephoneManager;
10.4、短信管理器:SmsManager;
10.5、音频管理器:AudioManager;
10.6、振动器:Vibrator;
10.7、手机闹钟服务:AlarmManager;
10.8、接受广播信息:BroadcastReceiver;
10.9、接受系统广播消息:
第11章、多媒体应用开发
11.1、音频和视频的播放:MediaPlayer; SoundPool; VideoView;
11.2、使用MediaRecorder录制音频:
11.3、控制摄像头拍照:Camera;
第12章、OpenGL与3D应用开发
12.2、OpenGL ES基础:
12.3、绘制2D图形:
12.4、绘制3D图形:
第13章、Android的网络应用
13.1、基于TCP协议的网络通信(套接字Socket):Socket; ServerSocket;
13.2、使用URL访问网络资源:URL; URLConnection;
13.3、使用HTTP访问网络:HttpURLConnection; HttpClient;
13.4、使用WebView视图显示网页:
13.5、使用WebService进行网络编程:
第14章、管理Android手机桌面
14.1、管理手机桌面:
14.2、改变手机壁纸:
14.3、桌面快捷方式:
14.4、管理桌面小控件:
14.5、实时文件夹(LiveFolder):
第15章、传感器应用开发
15.2、Android的常用传感器:方向传感器Orientation; 磁场传感器Magnetic Field;
温度传感器Temperature; 光传感器Light; 压力传感器Pressure;
第16章、GPS应用开发
16.1、支持GPS的核心API:
16.2、获取LocationProvider:
16.3、获取定位信息:
16.4、临近警告:
第17章、使用Google Map服务
17.1、调用Google Map的准备:
17.2、根据GPS信息在地图上定位:
17.3、GPS导航:
17.4、根据地址定位:
第18章、疯狂连连看
第19章、电子拍卖系统
2014-03-02
疯狂Java讲义第二版配套光盘源码
疯狂Java讲义第二版配套光盘中的源码。
-------------------------------------------
《疯狂Java讲义》
配书光盘
版权所有,侵权必究
2011年12月
_______________________________________________________________________
一、光盘内容
本光盘是《疯狂Java讲义》一书的配书光盘,书中的代码按章、按节存放,
即第3章第1节所使用的代码放在codes文件夹的03\3.1文件夹下,依此类推。
另:书中每份源代码也给出与光盘源文件的对应关系,方便读者查找。
本光盘codes目录下有18个文件夹,其内容和含义说明如下:
(1) 01~18文件夹名对应于《疯狂Java讲义》中的章名,
即第3章所使用的代码放在codes文件夹的03件夹下,依此类推。
(2) 本书所有代码都是IDE工具无关的程序,读者既可以在命令行窗口直接编译、
运行这些代码,也可以导入Eclipse、NetBeans等IDE工具来运行它们。
(3) 本书第12章第11节的TestTableModel.java程序,以及第13章绝大部分程序
都需要连接数据库,所以读者需要先导入*.sql文件中的数据库脚本,并修改
mysql.ini文件中的数据库连接信息。连接数据库时所用的驱动程序JAR文件
为mysql-connector-java-3.1.10-bin.jar文件。这些需要连接数据库的程序
里还提供了一个*.cmd文件,该文件是一个批处理文件,运行该文件可以运行
相应的Java程序,例如DatabaseMetaDataTest.java对应的*.cmd文件为
runDatabaseMetaDataTest.cmd。
(4) 光盘根目录下提供了一个“Java设计模式(疯狂Java联盟版).chm”文件,这是一份
关于设计模式的电子教材,由疯狂Java联盟的杨恩雄亲自编写、制作,他同意广
大读者阅读、传播这份开源文档。
(5) 因为本书第1版有些读者提出关于《疯狂Java讲义》课后习题标准答案的问题,
因此本书光盘根目录下包含一个project_codes文件夹,该文件夹里包含了疯狂
Java联盟的杨恩雄编写的《疯狂Java实战演义》一书的光盘内容,该光盘中包
含了大量实战性很强的项目,这些项目基本覆盖了《疯狂Java讲义》课后习题
的要求,读者可以参考相关案例来完成《疯狂Java讲义》的课后习题。
二、运行环境
本书中的程序在以下环境调试通过:
(1) 安装jdk-7-windows-i586.exe,安装完成后,添加CLASSPATH环境变量,该环境变量
的值为.;%JAVA_HOME%/lib/tools.jar;%JAVA_HOME%/lib/dt.jar。如果为了可以编译和
运行Java程序,还应该在PATH环境变量中增加%JAVA_HOME%/bin。其中JAVA_HOME代表
JDK(不是JRE)的安装路径。 如何安装上面工具,请参考本书的第1章。
(2) 安装MySQL 5.5或更高版本,安装MySQL时选择GBK编码方式(按第13章介绍的方式安装)。
三、注意事项
(1) 代码中有大量代码需要连接数据库,读者应修改数据库URL以及用户名、密码,
让这些代码与读者运行环境一致。如果项目下有SQL脚本,则导入SQL脚本即可;如果
没有SQL脚本,系统将在运行时自动建表,读者只需创建对应的数据库即可。
(2) 在使用本光盘的程序时,请将程序拷贝到硬盘上,并去除文件的只读属性。
四、技术支持
如果您使用本光盘中遇到不懂的技术问题,您可以登录如下网站与作者联系:
http://www.crazyit.org
2014-03-02
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人