The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Books Authored by CERIAS Faculty

Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us

Eugene Spafford (Author), Leigh Metcalf (Author), Josiah Dykstra (Author)

2023, Addison-Wesley Professional;

Cybersecurity is fraught with hidden and unsuspected dangers and difficulties. Despite our best intentions, there are common and avoidable mistakes that arise from folk wisdom, faulty assumptions about the world, and our own human biases. Cybersecurity implementations, investigations, and research all suffer as a result. Many of the bad practices sound logical, especially to people new to the field of cybersecurity, and that means they get adopted and repeated despite not being correct. For instance, why isn’t the user the weakest link?

In Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us, three cybersecurity pioneers don't just deliver the first comprehensive collection of falsehoods that derails security from the frontlines to the boardroom; they offer expert practical advice for avoiding or overcoming each myth.

Whatever your cybersecurity role or experience, Eugene H. Spafford, Leigh Metcalf, and Josiah Dykstra will help you surface hidden dangers, prevent avoidable errors, eliminate faulty assumptions, and resist deeply human cognitive biases that compromise prevention, investigation, and research. Throughout the book, you'll find examples drawn from actual cybersecurity events, detailed techniques for recognizing and overcoming security fallacies, and recommended mitigations for building more secure products and businesses.

The Joy of Factoring

Samuel S. Wagstaff, Jr.

2014, Amer Mathematical Society

This book is about the theory and practice of integer factorization presented in a historic perspective. It describes about twenty algorithms for factoring and a dozen other number theory algorithms that support the factoring algorithms. Most algorithms are described both in words and in pseudocode to satisfy both number theorists and computer scientists. Each of the ten chapters begins with a concise summary of its contents.

The book starts with a general explanation of why factoring integers is important. The next two chapters present number theory results that are relevant to factoring. Further on there is a chapter discussing, in particular, mechanical and electronic devices for factoring, as well as factoring using quantum physics and DNA molecules. Another chapter applies factoring to breaking certain cryptographic algorithms. Yet another chapter is devoted to practical vs. theoretical aspects of factoring. The book contains more than 100 examples illustrating various algorithms and theorems. It also contains more than 100 interesting exercises to test the reader's understanding. Hints or answers are given for about a third of the exercises. The book concludes with a dozen suggestions of possible new methods for factoring integers.

This book is written for readers who want to learn more about the best methods of factoring integers, many reasons for factoring, and some history of this fascinating subject. It can be read by anyone who has taken a first course in number theory.

Identification of Space Debris

Carolin Früh

2011, Shaker Verlag

This work addresses the difficulty to identify space objects in geostationary (GEO) and high eccentricity orbits (HEO) regimes by means of ground based optical observations. The identification is understood here in the widest sense, the aim is to collect information related to an object by investigating all data, which is available via optical observations, including orbit and object properties. Single observation frames are investigated, which contain, apart from the unresolved imaged of space debris objects, stars, hot pixels and so-called cosmic ray events. Cosmic filters operating on the single observation frames are introduced and tested. A new algorithm is introduced and tested to link the possibly many unresolved single object images of unknown newly detected objects in an observation series without apriori information. The accuracy of the Two Une Element (TLE) catalog provided by the US Strategic Command are investigated in GEO and HEO by means of high accuracy optical observations. A new algorithm for catalog correlation has been developed, powerful enough to even correlate observations of GEO objects in clusters. Orbit determination using only very sparse optical observations have been investigated and the prediction accuracy of such orbits are evaluated. The orbital evolution of objects with high area-to-mass ratio has been investigated using a normalized orbit determination setup. Variations in the area-to-mass ratio can be observed. The possibilities for supplementing an orbital element catalogue with light curve measurements are investigated and the light curves of objects with high and low area-to-mass ratio are compared. All algorithms are tested with observations of the ESA Space Debris Telescope (ESASDT), located on Tenerife, Spain, and the Zimmerwald Laser and Astrometry Telescope (ZIMLAT) located close to Bern, Switzerland.

Cultural Factors in Systems Design

Edited by: Robert W. Proctor; Shimon Y. Nof; Yuehwern Yih, Contributor: Fariborz Farahmand

2011, CRC Press

Cultural factors, in both the narrow sense of different national, racial, and ethnic groups, and in the broader sense of different groups of any type, play major roles in individual and group decisions. Written by an international, interdisciplinary group of experts, Cultural Factors in Systems Design: Decision Making and Action explores innovations in the understanding of how cultural differences influence decision making and action. Reflecting the diverse interests and viewpoints that characterize the current state of decision making and cultural research, the chapter authors represent a variety of disciplines and specialize in areas ranging from basic decision processes of individuals, to decisions made in teams and large organizations, to cultural influences on behavior.

Virtual Sociability: From Community to Communitas

Sorin Adam Matei, Brian Britt

2011, CreateSpace

How do virtual communities come together? What makes them strong? What social theories can be used for explaining them? What rules and policies can be used to make virtual communities last? The book is the product of the Online Interaction Seminar, Purdue University. It includes 2d codes, which facilitate connecting the print version of the book to online resources.

Identity Theft (Cybersafety)

Marcus K. Rogers, John R. Vacca

2011, Chelsea House Pub


Cyberpredators (Cybersafety)

James P. Colt (Editor), Marcus K. Rogers (Editor)

2011, Chelsea House Pub


Cyberpiracy (Cybersafety)

Nathan Fisk and Marcus K. Rogers (editor)

2011, Chelsea House Pub


Living With the Internet (Cybersafety)

Samuel Mcquade, Marcus K. Rogers

2011, Chelsea House Pub


Internet Addiction and Online Gaming (Cybersafety)

Samuel Mcquade, Marcus K. Rogers

2011, Chelsea House Pub


Secure Neighbor Discovery in Wireless Networks: Through Overhearing

Srikanth Hariharan, Ness B. Shroff, Saurabh Bagchi

2011, LAP LAMBERT Academic Publishing

Wireless ad-hoc networks, especially sensor networks, are increasingly being used for data monitoring in commercial, industrial, and military applications. Security is of great concern from many different viewpoints: ensuring that sensitive data does not fall into wrong hands; ensuring that the received data has not been doctored; and ensuring that the network is resilient to denial of service attacks. This book studies the fundamental problem of secure neighbor discovery, which is critical to protecting the network against a number of different forms of attacks. In wireless ad-hoc and sensor networks, neighbor discovery is one of the first steps performed by a node upon deployment and disrupting it adversely affects a number of routing, MAC, topology discovery and intrusion detection protocols. It is especially harmful when an adversary can convince nodes that it is a legitimate neighbor, which it can do easily and without the use of cryptographic primitives. This book discusses a secure neighbor discovery protocol, SEDINE, for static multihop wireless networks, and extensively analyze its performance.

Cyberstalking and Cyberbullying (Cybersafety)

Samuel Mcquade, Marcus K. Rogers

2011, Chelsea House Pub


Access Control for Databases

E. Bertino, G. Ghinita, A. Kamra

2011, Now Publishers

Today’s organizations rely on database systems as the key data management technology for a large variety of tasks, ranging from day-to-day operations to critical decision making. Such widespread use of database systems make them the main target of many security attacks aimed at corrupting or exfiltrating data outside the organization. On the other hand, data cannot be strictly segregated and need to be readily available for users who have legitimate authorizations to use them. Access Control for Databases - Concepts and Systems provides a comprehensive survey of the foundational models and recent research trends in access control models and mechanisms for database management systems. In addition to surveying the foundational work in the area, it presents extensive case studies covering advanced features of current database management systems, such as the support for fine-grained and context-based access control, the support for mandatory access control, and approaches for protecting the data from insider threats. It also covers novel approaches, based on cryptographic techniques, to enforce access control and surveys access control models for object-databases and XML data. For the reader not familiar with basic notions concerning access control and cryptography, it includes a tutorial presentation on these notions. The discussion is complemented by an analysis of access control functions provided by selected commercial products. It concludes with a discussion on current challenges for database access control and security, and preliminary approaches addressing some of these challenges.

Information Assurance and Security Ethics in Complex Systems: Interdisciplinary Perspectives

Melissa Jane Dark

2010, IGI Global

The problems encountered in ensuring that modern computing systems are used appropriately cannot be solved with technology alone, nor can they be addressed independent of the underlying computational fabric. Instead, they require an informed, multidisciplinary approach, especially when considering issues of security, privacy, assurance, and crime.

Information Assurance and Security Ethics in Complex Systems: Interdisciplinary Perspectives offers insight into social and ethical challenges presented by modern technology. Aimed at students and practitioners in the rapidly growing field of information assurance and security, this book address issues of privacy, access, safety, liability and reliability in a manner that asks readers to think about how the social context is shaping technology and how technology is shaping social context and, in so doing, to rethink conceptual boundaries.


Identity Management: Concepts, Technologies, and Systems

E. Bertino, K. Takahashi

2010, Artech House

Digital identity can be defined as the digital representation of the information known about a specific individual or organization. Digital identity management technology is an essential function in customizing and enhancing the network user experience, protecting privacy, underpinning accountability in transactions and interactions, and complying with regulatory controls. This practical resource offers an in-depth understanding of how to design, deploy and assess identity management solutions. It provides a comprehensive overview of current trends and future directions in identity management, including best practices, the standardization landscape, and the latest research finding.

Encyclopedia of Information Assurance

Rebecca Herold, Marcus K. Rogers

2010, Auerbach Publications

Charged with ensuring the confidentiality, integrity, availability, and delivery of all forms of an entity’s information, Information Assurance (IA) professionals require a fundamental understanding of a wide range of specializations, including digital forensics, fraud examination, systems engineering, security risk management, privacy, and compliance. Establishing this understanding and keeping it up to date requires a resource with coverage as diverse as the field it covers.

Filling this need, the Encyclopedia of Information Assurance presents an up-to-date collection of peer-reviewed articles and references written by authorities in their fields. From risk management and privacy to auditing and compliance, the encyclopedia’s four volumes provide comprehensive coverage of the key topics related to information assurance. This complete IA resource:

  • Supplies the understanding needed to help prevent the misuse of sensitive information
  • Explains how to maintain the integrity of critical systems
  • Details effective tools, techniques, and methods for protecting personal and corporate data against the latest threats
  • Provides valuable examples, case studies, and discussions on how to address common and emerging IA challenges

Placing the wisdom of leading researchers and practitioners at your fingertips, this authoritative reference provides the knowledge and insight needed to avoid common pitfalls and stay one step ahead of evolving threats.


Security for Web Services and Service-Oriented Architectures

E. Bertino, L.Martino, A. Squicciarini, F. Paci

2009, Springer

Web services based on the eXtensible Markup Language (XML), the Simple Object Access Protocol (SOAP), and related standards, and deployed in Service-Oriented Architectures (SOA), are the key to Web-based interoperability for applications within and across organizations. It is crucial that the security of services and their interactions with users is ensured if Web services technology is to live up to its promise. However, the very features that make it attractive – such as greater and ubiquitous access to data and other resources, dynamic application configuration and reconfiguration through workflows, and relative autonomy – conflict with conventional security models and mechanisms. Elisa Bertino and her coauthors provide a comprehensive guide to security for Web services and SOA. They cover in detail all recent standards that address Web service security, including XML Encryption, XML Signature, WS-Security, and WS-SecureConversation, as well as recent research on access control for simple and conversation-based Web services, advanced digital identity management techniques, and access control for Web-based workflows. They explain how these implement means for identification, authentication, and authorization with respect to security aspects such as integrity, confidentiality, and availability.

Trust and Security in Collaborative Computing

Xukai Zou, Yuan-Shun Dai, and Yi Pan

2008, World Scientific

Computer networks are compromised by various unpredictable factors, such as hackers, viruses, spam, faults, and system failures, hindering the full utilization of computer systems for collaborative computing — one of the objectives for the next generation of the Internet. It includes the functions of data communication, resource sharing, group cooperation, and task allocation. One popular example of collaborative computing is grid computing. This monograph considers the latest efforts to develop a trusted environment with the high security and reliability needed for collaborative computing. The important modules treated include secure group communication, access control, dependability, grid computing, key management, intrusion detection, and trace back. In addition, a real project for developing a nationwide medical information system with high dependability and security is described.

Secure Group Communications Over Data Networks

Xukai Zou, Byrav Ramamurthy, and Spyros S. Magliveras

2005, Springer

This book provides a concise survey of principles and state-of-the-art techniques for secure group communications (SGC) over data networks. It offers an overview of secure algorithms and protocols for group communication linking areas such as applied cryptography and computer networking. Also included is a coverage of challenges in deploying secure group communication-based applications over wireless networks. These challenges include the limited computational power of mobile devices, susceptibility of wireless networks to intrusion and unauthorized access and mobility of nodes in a wireless ad-hoc network environment. Secure Group Communications Over Data Networks provides a wealth of information for network architects, IT Professionals, computer scientists, and advanced students of computer science and computer engineering in the fields of networking, computer security and software applications development.

Practical UNIX and Internet Security, Third Edition

Simson Garfinkel, Gene Spafford, Alan Schwartz

2003, O’Reilly Media

This edition of Practical Unix and Internet Security provides detailed coverage of today’s increasingly important security and networking issues. Focusing on the four most popular Unix variants today—Solaris, Mac OS X, Linux, and FreeBSD—this book contains new information on PAM (Pluggable Authentication Modules), LDAP, SMB/Samba, anti-theft technologies, embedded systems, wireless and laptop issues, forensics, intrusion detection, chroot jails, telephone scanners and firewalls, virtual and cryptographic filesystems, WebNFS, kernel security levels, outsourcing, legal issues, new Internet protocols and cryptographic algorithms, and much more.

Privacy Preserving Data Mining

Jaideep Vaidya, Christopher W. Clifton, Yu Michael Zhu

2002, Springer

Data mining has emerged as a significant technology for gaining knowledge from vast quantities of data. However, concerns are growing that use of this technology can violate individual privacy. These concerns have led to a backlash against the technology, for example, a “Data-Mining Moratorium Act” introduced in the U.S. Senate that would have banned all data-mining programs (including research and development) by the U.S. Department of Defense. Privacy Preserving Data Mining provides a comprehensive overview of available approaches, techniques and open problems in privacy preserving data mining. This book demonstrates how these approaches can achieve data mining, while operating within legal and commercial restrictions that forbid release of data. Furthermore, this research crystallizes much of the underlying foundation, and inspires further research in the area.

Ethics and Information Technology: A Case-Based Approach to a Health Care System in Transition

James G. Anderson and Kenneth Goodman

2002, Springer Verlag

This book presents 130 case studies illustrating ethical and social issues that arise from the increasing use of computers in medicine, nursing, psychology, pharmacy, and the allied health professions. The rapid development of health informatics offers a rich array of issues and challenges to academics, clinicians, and system developers. These issues involve threats to privacy and confidentiality, misuse of clinical and genetic information, risks to patients of bias and discrimination, erosion of the practitioner-patient relationship, threats to the autonomy of the health professional, and compromises to the quality of care provided. The use of case studies is well known in medicine, nursing, public health, epidemiology, and other health education programs. This book presents selected cases with annotation and commentaries that illustrate ethical concerns and social problems in the use of computers in medicine.

Cryptanalysis of Number Theoretic Ciphers

Samuel S. Wagstaff

2002, Chapman&Hall/CRC

At the heart of modern cryptographic algorithms lies computational number theory. Whether you’re encrypting or decrypting ciphers, a solid background in number theory is essential for success. Written by a number theorist and practicing cryptographer, Cryptanalysis of Number Theoretic Ciphers takes you from basic number theory, through the inner workings of ciphers and protocols, to their strengths and weaknesses.

Web Security, Privacy & Commerce, Second Edition

Simson Garfinkel, Gene Spafford

2001, O’Reilly Media

This much expanded new edition explores web security risks and how to minimize them. Aimed at web users, administrators, and content providers, Web Security, Privacy & Commerce covers cryptography, SSL, the Public Key Infrastructure, digital signatures, digital certificates, privacy threats (cookies, log files, web logs, web bugs), hostile mobile code, and web publishing (intellectual property, P3P, digital payments, client-side digital signatures, code signing, PICS).

Get Your Degree with CERIAS