Books Authored by CERIAS Faculty
Access Control for Databases
E. Bertino, G. Ghinita, A. Kamra
2011, Now PublishersToday’s organizations rely on database systems as the key data management technology for a large variety of tasks, ranging from day-to-day operations to critical decision making. Such widespread use of database systems make them the main target of many security attacks aimed at corrupting or exfiltrating data outside the organization. On the other hand, data cannot be strictly segregated and need to be readily available for users who have legitimate authorizations to use them. Access Control for Databases - Concepts and Systems provides a comprehensive survey of the foundational models and recent research trends in access control models and mechanisms for database management systems. In addition to surveying the foundational work in the area, it presents extensive case studies covering advanced features of current database management systems, such as the support for fine-grained and context-based access control, the support for mandatory access control, and approaches for protecting the data from insider threats. It also covers novel approaches, based on cryptographic techniques, to enforce access control and surveys access control models for object-databases and XML data. For the reader not familiar with basic notions concerning access control and cryptography, it includes a tutorial presentation on these notions. The discussion is complemented by an analysis of access control functions provided by selected commercial products. It concludes with a discussion on current challenges for database access control and security, and preliminary approaches addressing some of these challenges.
Cryptanalysis of Number Theoretic Ciphers
2002, Chapman&Hall/CRCAt the heart of modern cryptographic algorithms lies computational number theory. Whether you’re encrypting or decrypting ciphers, a solid background in number theory is essential for success. Written by a number theorist and practicing cryptographer, Cryptanalysis of Number Theoretic Ciphers takes you from basic number theory, through the inner workings of ciphers and protocols, to their strengths and weaknesses.
Cultural Factors in Systems Design
2011, CRC PressCultural factors, in both the narrow sense of different national, racial, and ethnic groups, and in the broader sense of different groups of any type, play major roles in individual and group decisions. Written by an international, interdisciplinary group of experts, Cultural Factors in Systems Design: Decision Making and Action explores innovations in the understanding of how cultural differences influence decision making and action. Reflecting the diverse interests and viewpoints that characterize the current state of decision making and cultural research, the chapter authors represent a variety of disciplines and specialize in areas ranging from basic decision processes of individuals, to decisions made in teams and large organizations, to cultural influences on behavior.
Cyberstalking and Cyberbullying (Cybersafety)
Encyclopedia of Information Assurance
Rebecca Herold, Marcus K. Rogers
2010, Auerbach Publications
Charged with ensuring the confidentiality, integrity, availability, and delivery of all forms of an entity’s information, Information Assurance (IA) professionals require a fundamental understanding of a wide range of specializations, including digital forensics, fraud examination, systems engineering, security risk management, privacy, and compliance. Establishing this understanding and keeping it up to date requires a resource with coverage as diverse as the field it covers.
Filling this need, the Encyclopedia of Information Assurance presents an up-to-date collection of peer-reviewed articles and references written by authorities in their fields. From risk management and privacy to auditing and compliance, the encyclopedia’s four volumes provide comprehensive coverage of the key topics related to information assurance. This complete IA resource:
- Supplies the understanding needed to help prevent the misuse of sensitive information
- Explains how to maintain the integrity of critical systems
- Details effective tools, techniques, and methods for protecting personal and corporate data against the latest threats
- Provides valuable examples, case studies, and discussions on how to address common and emerging IA challenges
Placing the wisdom of leading researchers and practitioners at your fingertips, this authoritative reference provides the knowledge and insight needed to avoid common pitfalls and stay one step ahead of evolving threats.
Ethics and Information Technology: A Case-Based Approach to a Health Care System in Transition
James G. Anderson and Kenneth Goodman
2002, Springer VerlagThis book presents 130 case studies illustrating ethical and social issues that arise from the increasing use of computers in medicine, nursing, psychology, pharmacy, and the allied health professions. The rapid development of health informatics offers a rich array of issues and challenges to academics, clinicians, and system developers. These issues involve threats to privacy and confidentiality, misuse of clinical and genetic information, risks to patients of bias and discrimination, erosion of the practitioner-patient relationship, threats to the autonomy of the health professional, and compromises to the quality of care provided. The use of case studies is well known in medicine, nursing, public health, epidemiology, and other health education programs. This book presents selected cases with annotation and commentaries that illustrate ethical concerns and social problems in the use of computers in medicine.
Identity Management: Concepts, Technologies, and Systems
E. Bertino, K. Takahashi
2010, Artech HouseDigital identity can be defined as the digital representation of the information known about a specific individual or organization. Digital identity management technology is an essential function in customizing and enhancing the network user experience, protecting privacy, underpinning accountability in transactions and interactions, and complying with regulatory controls. This practical resource offers an in-depth understanding of how to design, deploy and assess identity management solutions. It provides a comprehensive overview of current trends and future directions in identity management, including best practices, the standardization landscape, and the latest research finding.
Identity Theft (Cybersafety)
Information Assurance and Security Ethics in Complex Systems: Interdisciplinary Perspectives
2010, IGI Global
The problems encountered in ensuring that modern computing systems are used appropriately cannot be solved with technology alone, nor can they be addressed independent of the underlying computational fabric. Instead, they require an informed, multidisciplinary approach, especially when considering issues of security, privacy, assurance, and crime.
Information Assurance and Security Ethics in Complex Systems: Interdisciplinary Perspectives offers insight into social and ethical challenges presented by modern technology. Aimed at students and practitioners in the rapidly growing field of information assurance and security, this book address issues of privacy, access, safety, liability and reliability in a manner that asks readers to think about how the social context is shaping technology and how technology is shaping social context and, in so doing, to rethink conceptual boundaries.
Internet Addiction and Online Gaming (Cybersafety)
Living With the Internet (Cybersafety)
Practical UNIX and Internet Security, Third Edition
Simson Garfinkel, Gene Spafford, Alan Schwartz
2003, O’Reilly MediaThis edition of Practical Unix and Internet Security provides detailed coverage of today’s increasingly important security and networking issues. Focusing on the four most popular Unix variants today—Solaris, Mac OS X, Linux, and FreeBSD—this book contains new information on PAM (Pluggable Authentication Modules), LDAP, SMB/Samba, anti-theft technologies, embedded systems, wireless and laptop issues, forensics, intrusion detection, chroot jails, telephone scanners and firewalls, virtual and cryptographic filesystems, WebNFS, kernel security levels, outsourcing, legal issues, new Internet protocols and cryptographic algorithms, and much more.
Privacy Preserving Data Mining
Jaideep Vaidya, Christopher W. Clifton, Yu Michael Zhu
2002, SpringerData mining has emerged as a significant technology for gaining knowledge from vast quantities of data. However, concerns are growing that use of this technology can violate individual privacy. These concerns have led to a backlash against the technology, for example, a “Data-Mining Moratorium Act” introduced in the U.S. Senate that would have banned all data-mining programs (including research and development) by the U.S. Department of Defense. Privacy Preserving Data Mining provides a comprehensive overview of available approaches, techniques and open problems in privacy preserving data mining. This book demonstrates how these approaches can achieve data mining, while operating within legal and commercial restrictions that forbid release of data. Furthermore, this research crystallizes much of the underlying foundation, and inspires further research in the area.
Secure Group Communications Over Data Networks
Xukai Zou, Byrav Ramamurthy, and Spyros S. Magliveras
2005, SpringerThis book provides a concise survey of principles and state-of-the-art techniques for secure group communications (SGC) over data networks. It offers an overview of secure algorithms and protocols for group communication linking areas such as applied cryptography and computer networking. Also included is a coverage of challenges in deploying secure group communication-based applications over wireless networks. These challenges include the limited computational power of mobile devices, susceptibility of wireless networks to intrusion and unauthorized access and mobility of nodes in a wireless ad-hoc network environment. Secure Group Communications Over Data Networks provides a wealth of information for network architects, IT Professionals, computer scientists, and advanced students of computer science and computer engineering in the fields of networking, computer security and software applications development.
Secure Neighbor Discovery in Wireless Networks: Through Overhearing
Srikanth Hariharan, Ness B. Shroff, Saurabh Bagchi
2011, LAP LAMBERT Academic PublishingWireless ad-hoc networks, especially sensor networks, are increasingly being used for data monitoring in commercial, industrial, and military applications. Security is of great concern from many different viewpoints: ensuring that sensitive data does not fall into wrong hands; ensuring that the received data has not been doctored; and ensuring that the network is resilient to denial of service attacks. This book studies the fundamental problem of secure neighbor discovery, which is critical to protecting the network against a number of different forms of attacks. In wireless ad-hoc and sensor networks, neighbor discovery is one of the first steps performed by a node upon deployment and disrupting it adversely affects a number of routing, MAC, topology discovery and intrusion detection protocols. It is especially harmful when an adversary can convince nodes that it is a legitimate neighbor, which it can do easily and without the use of cryptographic primitives. This book discusses a secure neighbor discovery protocol, SEDINE, for static multihop wireless networks, and extensively analyze its performance.
Security for Web Services and Service-Oriented Architectures
E. Bertino, L.Martino, A. Squicciarini, F. Paci
2009, SpringerWeb services based on the eXtensible Markup Language (XML), the Simple Object Access Protocol (SOAP), and related standards, and deployed in Service-Oriented Architectures (SOA), are the key to Web-based interoperability for applications within and across organizations. It is crucial that the security of services and their interactions with users is ensured if Web services technology is to live up to its promise. However, the very features that make it attractive – such as greater and ubiquitous access to data and other resources, dynamic application configuration and reconfiguration through workflows, and relative autonomy – conflict with conventional security models and mechanisms. Elisa Bertino and her coauthors provide a comprehensive guide to security for Web services and SOA. They cover in detail all recent standards that address Web service security, including XML Encryption, XML Signature, WS-Security, and WS-SecureConversation, as well as recent research on access control for simple and conversation-based Web services, advanced digital identity management techniques, and access control for Web-based workflows. They explain how these implement means for identification, authentication, and authorization with respect to security aspects such as integrity, confidentiality, and availability.
The Joy of Factoring
2014, Amer Mathematical SocietyThis book is about the theory and practice of integer factorization presented in a historic perspective. It describes about twenty algorithms for factoring and a dozen other number theory algorithms that support the factoring algorithms. Most algorithms are described both in words and in pseudocode to satisfy both number theorists and computer scientists. Each of the ten chapters begins with a concise summary of its contents.
The book starts with a general explanation of why factoring integers is important. The next two chapters present number theory results that are relevant to factoring. Further on there is a chapter discussing, in particular, mechanical and electronic devices for factoring, as well as factoring using quantum physics and DNA molecules. Another chapter applies factoring to breaking certain cryptographic algorithms. Yet another chapter is devoted to practical vs. theoretical aspects of factoring. The book contains more than 100 examples illustrating various algorithms and theorems. It also contains more than 100 interesting exercises to test the reader's understanding. Hints or answers are given for about a third of the exercises. The book concludes with a dozen suggestions of possible new methods for factoring integers.
This book is written for readers who want to learn more about the best methods of factoring integers, many reasons for factoring, and some history of this fascinating subject. It can be read by anyone who has taken a first course in number theory.
Trust and Security in Collaborative Computing
Xukai Zou, Yuan-Shun Dai, and Yi Pan
2008, World ScientificComputer networks are compromised by various unpredictable factors, such as hackers, viruses, spam, faults, and system failures, hindering the full utilization of computer systems for collaborative computing — one of the objectives for the next generation of the Internet. It includes the functions of data communication, resource sharing, group cooperation, and task allocation. One popular example of collaborative computing is grid computing. This monograph considers the latest efforts to develop a trusted environment with the high security and reliability needed for collaborative computing. The important modules treated include secure group communication, access control, dependability, grid computing, key management, intrusion detection, and trace back. In addition, a real project for developing a nationwide medical information system with high dependability and security is described.
Virtual Sociability: From Community to Communitas
Sorin Adam Matei, Brian Britt
2011, CreateSpaceHow do virtual communities come together? What makes them strong? What social theories can be used for explaining them? What rules and policies can be used to make virtual communities last? The book is the product of the Online Interaction Seminar, Purdue University. It includes 2d codes, which facilitate connecting the print version of the book to online resources.
Web Security, Privacy & Commerce, Second Edition
Simson Garfinkel, Gene Spafford
2001, O’Reilly MediaThis much expanded new edition explores web security risks and how to minimize them. Aimed at web users, administrators, and content providers, Web Security, Privacy & Commerce covers cryptography, SSL, the Public Key Infrastructure, digital signatures, digital certificates, privacy threats (cookies, log files, web logs, web bugs), hostile mobile code, and web publishing (intellectual property, P3P, digital payments, client-side digital signatures, code signing, PICS).