This book constitutes the refereed proceedings on the 23rd Nordic Conference on Secure IT Systems, NordSec 2018, held in Oslo, Norway, in November 2018. The 29 full papers presented in this volume were carefully reviewed and selected from 81 submissions. They are organized in topical sections named: privacy; cryptography; network and cloud security; cyber security and malware; and security for software and software development.
In modern computing a program is usually distributed among several processes. The fundamental challenge when developing reliable and secure distributed programs is to support the cooperation of processes required to execute a common task, even when some of these processes fail. Failures may range from crashes to adversarial attacks by malicious processes.Cachin, Guerraoui, and Rodrigues present an introductory description of fundamental distributed programming abstractions together with algorithms to implement them in distributed systems, where processes are subject to crashes and malicious attacks. The authors follow an incremental approach by first introducing basic abstractions in simple distributed environments, before moving to more sophisticated abstractions and more challenging environments. Each core chapter is devoted to one topic, covering reliable broadcast, shared memory, consensus, and extensions of consensus. For every topic, many exercises and their solutions enhance the understanding This book represents the second edition of ´´Introduction to Reliable Distributed Programming´´. Its scope has been extended to include security against malicious actions by non-cooperating processes. This important domain has become widely known under the name ´´Byzantine fault-tolerance´´. In modern computing a program is usually distributed among several processes. The fundamental challenge when developing reliable and secure distributed programs is to support the cooperation of processes required to execute a common task, even when some of these processes fail. Failures may range from crashes to adversarial attacks by malicious processes.Cachin, Guerraoui, and Rodrigues present an introductory description of fundamental distributed programming abstractions together with algorithms to implement them in distributed systems, where processes are subject to crashes and malicious attacks. The authors follow an incremental approach by first introducing basic abstractions in simple distributed environments, before moving to more sophisticated abstractions and more challenging environments. Each core chapter is devoted to one topic, covering reliable broadcast, shared memory, consensus, and extensions of consensus. For every topic, many exercises and their solutions enhance the understanding This book represents the second edition of ´´Introduction to Reliable Distributed Programming´´. Its scope has been extended to include security against malicious actions by non-cooperating processes. This important domain has become widely known under the name ´´Byzantine fault-tolerance´´.
Publisher´s Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product. Cutting-edge techniques from leading Oracle security experts This Oracle Press guide demonstrates practical applications of the most compelling methods for developing secure Oracle database and middleware environments. You will find full coverage of the latest and most popular Oracle products, including Oracle Database and Audit Vaults, Oracle Application Express, and secure Business Intelligence applications. Applied Oracle Security demonstrates how to build and assemble the various Oracle technologies required to create the sophisticated applications demanded in today´s IT world. Most technical references only discuss a single product or product suite. As such, there is no roadmap to explain how to get one product, product-family, or suite to work with another. This book fills that void with respect to Oracle Middleware and Database products and the area of security.
Dieses Lehrbuch gibt Ihnen einen Überblick über die Themen der IT-Sicherheit Die Digitalisierung hat Geschäftsmodelle und Verwaltungsprozesse radikal verändert. Dadurch eröffnet der digitale Wandel auf der einen Seite viele neue Möglichkeiten. Auf der anderen Seite haben Hacker jüngst mit Cyber-Angriffen für Aufsehen gesorgt. So gesehen birgt die fortschreitende Digitalisierung auch Gefahren. Für eine erfolgreiche Zukunft unserer Gesellschaft ist es daher entscheidend, eine sichere und vertrauenswürdige IT zu gestalten. Norbert Pohlmann gibt Ihnen mit diesem Lehrbuch eine umfassende Einführung in den Themenkomplex der IT-Sicherheit. Lernen Sie mehr über Mechanismen, Prinzipien, Konzepte und Eigenschaften von Cyber-Sicherheitssystemen. Der Autor vermittelt aber nicht nur theoretisches Fachwissen, sondern versetzt Sie auch in die Lage, die IT-Sicherheit aus der anwendungsorientierten Perspektive zu betrachten. Lesen Sie, auf welche Sicherheitseigenschaften es bei Cyber-Systemen ankommt. So sind Sie mit Hilfe dieses Lehrbuchs in der Lage, die Wirksamkeit von IT-Lösungen mit Blick auf deren Sicherheit zu beurteilen. Grundlegende Aspekte der Cyber-Sicherheit Im einführenden Abschnitt dieses Lehrbuchs vermittelt Ihnen Pohlmann zunächst die Grundlagen der IT-Sicherheit und schärft Ihren Blick für folgende Aspekte: Strategien Motivationen Bedürfnisse Probleme Herausforderungen Wirksamkeitskonzepte Tauchen Sie tiefer in die Materie ein In den darauffolgenden Kapiteln befasst sich Pohlmann mit diesen Teilbereichen der IT-Sicherheit Kryptographie Hardware-Sicherheitsmodule zum Schutz von sicherheitsrelevanten Informationen Digitale Signatur, elektronische Zertifikate sowie PKIs und PKAs Identifikation und Authentifikation Enterprise Identity und Access Management Trusted Computing Cyber-Sicherheit Frühwarn- und Lagebildsysteme Firewall-Systeme E-Mail-Sicherheit Blockchain-Technologie Künstliche Intelligenz und Cyber-Security Social Web Cyber-Sicherheit Zudem erfahren Sie mehr über IPSec-Verschlüsselung, Transport Layer Security (TLS), Secure Socket Layer (SSL) sowie Sicherheitsmaßnahmen gegen DDoS-Angriffe. Anschauliche Grafiken und Tabellen bilden Prozesse und Zusammenhänge verständlich ab. Didaktisch gut aufbereitet, können Sie die Inhalte mit zahlreichen Übungsaufgaben vertiefen. Das Lehrbucht richtet sich speziell an Leser, für die die IT-Sicherheit eine besondere Rolle spielt, etwa: Studierende der Informatik Auszubildende im Bereich Fachinformatik Mitarbeiter und Führungspersonen der IT-Branche
Bitcoin and Cryptocurrency Technologies provides a comprehensive introduction to the revolutionary yet often misunderstood new technologies of digital currency. Whether you are a student, software developer, tech entrepreneur, or researcher in computer science, this authoritative and self-contained book tells you everything you need to know about the new global money for the Internet age. How do Bitcoin and its block chain actually work? How secure are your bitcoins? How anonymous are their users? Can cryptocurrencies be regulated? These are some of the many questions this book answers. It begins by tracing the history and development of Bitcoin and cryptocurrencies, and then gives the conceptual and practical foundations you need to engineer secure software that interacts with the Bitcoin network as well as to integrate ideas from Bitcoin into your own projects. Topics include decentralization, mining, the politics of Bitcoin, altcoins and the cryptocurrency ecosystem, the future of Bitcoin, and more.
Secure and manage your Azure cloud infrastructure, Office 365, and SaaS-based applications and devices. This book focuses on security in the Azure cloud, covering aspects such as identity protection in Azure AD, network security, storage security, unified security management through Azure Security Center, and many more. Beginning Security with Microsoft Technologies begins with an introduction to some common security challenges and then discusses options for addressing them. You will learn about Office Advanced Threat Protection (ATP), the importance of device-level security, and about various products such as Device Guard, Intune, Windows Defender, and Credential Guard. As part of this discussion you´ll cover how secure boot can help an enterprise with pre-breach scenarios. Next, you will learn how to set up Office 365 to address phishing and spam, and you will gain an understanding of how to protect your company´s Windows devices. Further, you will also work on enterprise-level protection, including how advanced threat analytics aids in protection at the enterprise level. Finally, you´ll see that there are a variety of ways in which you can protect your information. After reading this book you will be able to understand the security components involved in your infrastructure and apply methods to implement security solutions. What You Will Learn Keep corporate data and user identities safe and secure Identify various levels and stages of attacks Safeguard information using Azure Information Protection, MCAS, and Windows Information Protection, regardless of your location Use advanced threat analytics, Azure Security Center, and Azure ATP Who This Book Is For Administrators who want to build secure infrastructure at multiple levels such as email security, device security, cloud infrastructure security, and more.
The Manga Guide to Cryptography breaks down how ciphers work, what makes them secure or insecure, and how to decode them. Comic illustrations make it easy to learn about classic substitution, polyalphabetic, and transposition ciphers; symmetric-key algorithms like block and DES (Data Encryption Standard) ciphers; how to use public key encryption technology to generate public/private keys and cryptograms; practical applications of encryption such as digital signatures, identity fraud countermeasures, and ´man in the middle´ attack countermeasures.
This book is an essential desktop reference for the CERT C coding standard. The CERT C Coding Standard is an indispensable collection of expert information. The standard itemizes those coding errors that are the root causes of software vulnerabilities in C and prioritizes them by severity, likelihood of exploitation, and remediation costs. Each guideline provides examples of insecure code as well as secure, alternative implementations. If uniformly applied, these guidelines will eliminate the critical coding errors that lead to buffer overflows, format string vulnerabilities, integer overflow, and other common software vulnerabilities.
This book provides a comprehensive overview of the key concerns as well as research challenges in designing secure and resilient Industrial Control Systems (ICS). It will discuss today´s state of the art security architectures and couple it with near and long term research needs that compare to the baseline. It will also establish all discussions to generic reference architecture for ICS that reflects and protects high consequence scenarios. Significant strides have been made in making industrial control systems secure. However, increasing connectivity of ICS systems with commodity IT devices and significant human interaction of ICS systems during its operation regularly introduces newer threats to these systems resulting in ICS security defenses always playing catch-up. There is an emerging consensus that it is very important for ICS missions to survive cyber-attacks as well as failures and continue to maintain a certain level and quality of service. Such resilient ICS design requires one to be proactive in understanding and reasoning about evolving threats to ICS components, their potential effects on the ICS mission´s survivability goals, and identify ways to design secure resilient ICS systems. This book targets primarily educators and researchers working in the area of ICS and Supervisory Control And Data Acquisition (SCADA) systems security and resiliency. Practitioners responsible for security deployment, management and governance in ICS and SCADA systems would also find this book useful. Graduate students will find this book to be a good starting point for research in this area and a reference source.