Skip to main content

Security Concepts and Principles

  • 1098 Accesses

Part of the Information Security and Cryptography book series (ISC)

Abstract

Our subject area is computer and Internet security—the security of software, computers and computer networks, and of information transmitted over them and files stored on them. We first consider the primary objectives or fundamental goals of computer security. Many of these can be viewed as security services provided to users and other system components. Later in this chapter we consider a longer list of design principles for security, useful in building systems that deliver such services.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-83411-1_1
  • Chapter length: 28 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   59.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-83411-1
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Hardcover Book
USD   79.99
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. G. A. Akerlof. The market for “lemons”: Quality uncertainty and the market mechanism. The Quarterly Journal of Economics, 84(3):488–500, August 1970.

    Google Scholar 

  2. E. Amoroso. Fundamentals of Computer Security Technology. Prentice Hall, 1994. Includes author’s list of 25 Greatest Works in Computer Security.

    Google Scholar 

  3. A. Avizienis, J. Laprie, B. Randell, and C. E. Landwehr. Basic concepts and taxonomy of dependable and secure computing. ACM Trans. Inf. Systems and Security, 1(1):11–33, 2004.

    Google Scholar 

  4. R. G. Bace. Intrusion Detection. Macmillan, 2000.

    Google Scholar 

  5. R. W. Baldwin. Rule Based Analysis of Computer Security. PhD thesis, MIT, Cambridge, MA, June 1987. Describes security checkers called Kuang systems, and in particular one built for Unix.

    Google Scholar 

  6. D. Basin, P. Schiller, and M. Schläpfer. Applied Information Security. Springer, 2011.

    Google Scholar 

  7. D. Gollmann. Computer Security (3rd edition). John Wiley, 2011.

    Google Scholar 

  8. M. Howard and D. LeBlanc. Writing Secure Code (2nd edition). Microsoft Press, 2002.

    Google Scholar 

  9. A. Jaquith. Security Metrics: Replacing Fear, Uncertainty, and Doubt. Addison-Wesley, 2007.

    Google Scholar 

  10. B. Kordy, S. Mauw, S. Radomirovic, and P. Schweitzer. Foundations of attack-defense trees. In Formal Aspects in Security and Trust 2010, pages 80–95. Springer LNCS 6561 (2011).

    Google Scholar 

  11. J. Lowry, R. Valdez, and B. Wood. Adversary modeling to develop forensic observables. In Digital Forensics Research Workshop (DFRWS), 2004.

    Google Scholar 

  12. S. Mauw and M. Oostdijk. Foundations of attack trees. In Information Security and Cryptology (ICISC 2005), pages 186–198. Springer LNCS 3935 (2006).

    Google Scholar 

  13. NIST. Special Pub 800-30 rev 1: Guide for Conducting Risk Assessments. U.S. Dept. of Commerce,September 2012.

    Google Scholar 

  14. D. B. Parker. Risks of risk-based security. Comm. ACM, 50(3):120–120, March 2007.

    Google Scholar 

  15. C. P. Pfleeger and S. L. Pfleeger. Security in Computing (4th edition). Prentice Hall, 2006.

    Google Scholar 

  16. E. Rescorla. SSL and TLS: Designing and Building Secure Systems. Addison-Wesley, 2001.

    Google Scholar 

  17. J. H. Saltzer and M. F. Kaashoek. Principles of Computer System Design. Morgan Kaufmann, 2010.

    Google Scholar 

  18. J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278–1308, September 1975.

    Google Scholar 

  19. A. Shostack. Threat Modeling: Designing for Security. John Wiley and Sons, 2014.

    Google Scholar 

  20. R. E. Smith. A contemporary look at Saltzer and Schroeder’s 1975 design principles. IEEE Security & Privacy, 10(6):20–25, 2012.

    Google Scholar 

  21. W. Stallings and L. Brown. Computer Security: Principles and Practice (3rd edition). Pearson, 2015.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 The Author(s)

About this chapter

Verify currency and authenticity via CrossMark

Cite this chapter

van Oorschot, P.C. (2021). Security Concepts and Principles. In: Computer Security and the Internet. Information Security and Cryptography. Springer, Cham. https://doi.org/10.1007/978-3-030-83411-1_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-83411-1_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-83410-4

  • Online ISBN: 978-3-030-83411-1

  • eBook Packages: Computer ScienceComputer Science (R0)