书籍详情
IT安全与隐私:强化隐私保密机构的设计与应用IT-security and privacy
作者:Simone Fischer-Hübner 著
出版社:湖南文艺出版社
出版时间:2001-12-01
ISBN:9783540421429
定价:¥564.44
购买这本书可以去
内容简介
Invasion of privacy and misuse of personal data are among the most obvious negative effects of today's information and communication technologies. Besides technical issues from a variety of fields, privacy legislation, depending on national activities and often lacking behind technical progress, plays an important role in designing, implementing, and using privacy-enhancing systems.Taking into account technical aspects from IT security, this book presents in detail a formal task-based privacy model which can be used to technically enforce legal privacy requirements. Furthermore, the author specifies how the privacy model policy has been implemented together with other security policies in accordance with the Generalized Framework for Access Control (GFAC).This book will appeal equally to R&D professionals and practitioners active in IT security and privacy, advanced students, and IT managers.
作者简介
暂缺《IT安全与隐私:强化隐私保密机构的设计与应用IT-security and privacy》作者简介
目录
1.Introduction
2.Privacy in the Global Information Society
2.1 Definition of Privacy and Data Protection
2.2 Historical Perspective on Data Protection Legislation
2.3 Privacy Principles of the German Census Decision
2.4 Basic Privacy Principles
2.5 The EU Directive on Data Protection
2.6 German Data Protection Legislation
2.6.1 The German Federal Data Protection Act (Bundesdatenschutzgesetz)
2.6.2 Data Protection Regulations for Information and Telecommunication Services
2.7 Threats to Privacy in the Global Networked Society
2.7.1 Privacy Threats at Application Level
2.7.2 Privacy Threats at Communication Level
2.7.3 Insecure Technologies
2.8 Problems of an International Harmonisation of Privacy Legislation
2.9 The Need for Privacy Enhancing Technologies
2.10 The Importance of Privacy Education
2.11 Conclusions
3.IT-Security
3.1 Definition
3.2 Security Models
3.2.1 Harrison-Ruzzo-Ullman Model
3.2.2 Bell LaPadula Model
3.2.3 Unix System V/MLS Security Policy
3.2.4 Biba Model
3.2.5 Lattice Model of Information Flow
3.2.6 Noninterference Security Model
3.2.7 Clark-Wilson Model
3.2.8 Chinese Wall Model
3.2.9 Role-Based Access Control Models
3.2.10 Task-Based Authorisation Models for Workflow
3.2.10.1 Workflow Authorisation Model (WAM)
3.2.10.2 Task-Based Authorisation Controls (TBAC)
3.2.11 Security Models for Object-Oriented Information Systems
3.2.11.1 The Authorisation Model by Fernandez et al
3.2.11.2 The Orion Authorisation Model
3.2.11.3 The DORIS Personal Model of Data
3.2.11.4 Further Relevant Research
3.2.12 Resource Allocation Model for Denial of Service Protection
3.2.13 Multiple Security Policies Modelling Approaches
3.2.13.1 The Generalised Framework for Access Control (GFAC)
3.2.13.2 The Multipolicy Paradigm and Multipolicy Systems
3.3 Basic Security Functions and Security Mechanisms
3.3.1 Identification and User Authentication
3.3.2 Access Control
3.3.3 Auditing
3.3.4 Intrusion Detection Systems
3.3.5 Object Reuse Protection
3.3.6 Trusted Path
3.3.7 Cryptography
3.3.7.1 Foundations
3.3.7.2 Symmetric Algorithms
3.3.7.3 Asymmetric Algorithms
3.3.7.4 Hash Functions
3.3.7.5 Certificates
3.4 Security Evaluation Criteria
3.4.1 The Rainbow Series (Orange Book et al.)
3.4.2 European Initiatives
3.4.2.1 Overview
3.4.2.2 The German Green Book
3.4.2.3 The Information Technology Security Evaluation Criteria (ITSEC)
3.4.3 North American Initiatives
3.4.3.1 CTCPEC
3.4.3.2 MSFR
3.4.3.3 Federal Criteria
3.4.4 International Harmonisation
3.4.4.1 ISO Initiatives (ISO/IEC-ECITS)
3.4.4.2 The Common Criteria
3.4.5 Shortcomings of IT Security Evaluation Criteria
3.5 Conflict between IT Security and Privacy
3.5.1 Privacy Implications of IT Security Mechanisms
……
4.Privacy-Enhancing Technologies
5.A Task-Based Privacy Model
6.Specification and Implementation of the Privacy Policy Following the Generalised Framework for Access Control-Approach
7.Concluding Remarks
Appendix A:Formal Mathematical Privacy Model
Appdndix B:Implementation of a Hospital Scenario as a Demonstration Example
References
2.Privacy in the Global Information Society
2.1 Definition of Privacy and Data Protection
2.2 Historical Perspective on Data Protection Legislation
2.3 Privacy Principles of the German Census Decision
2.4 Basic Privacy Principles
2.5 The EU Directive on Data Protection
2.6 German Data Protection Legislation
2.6.1 The German Federal Data Protection Act (Bundesdatenschutzgesetz)
2.6.2 Data Protection Regulations for Information and Telecommunication Services
2.7 Threats to Privacy in the Global Networked Society
2.7.1 Privacy Threats at Application Level
2.7.2 Privacy Threats at Communication Level
2.7.3 Insecure Technologies
2.8 Problems of an International Harmonisation of Privacy Legislation
2.9 The Need for Privacy Enhancing Technologies
2.10 The Importance of Privacy Education
2.11 Conclusions
3.IT-Security
3.1 Definition
3.2 Security Models
3.2.1 Harrison-Ruzzo-Ullman Model
3.2.2 Bell LaPadula Model
3.2.3 Unix System V/MLS Security Policy
3.2.4 Biba Model
3.2.5 Lattice Model of Information Flow
3.2.6 Noninterference Security Model
3.2.7 Clark-Wilson Model
3.2.8 Chinese Wall Model
3.2.9 Role-Based Access Control Models
3.2.10 Task-Based Authorisation Models for Workflow
3.2.10.1 Workflow Authorisation Model (WAM)
3.2.10.2 Task-Based Authorisation Controls (TBAC)
3.2.11 Security Models for Object-Oriented Information Systems
3.2.11.1 The Authorisation Model by Fernandez et al
3.2.11.2 The Orion Authorisation Model
3.2.11.3 The DORIS Personal Model of Data
3.2.11.4 Further Relevant Research
3.2.12 Resource Allocation Model for Denial of Service Protection
3.2.13 Multiple Security Policies Modelling Approaches
3.2.13.1 The Generalised Framework for Access Control (GFAC)
3.2.13.2 The Multipolicy Paradigm and Multipolicy Systems
3.3 Basic Security Functions and Security Mechanisms
3.3.1 Identification and User Authentication
3.3.2 Access Control
3.3.3 Auditing
3.3.4 Intrusion Detection Systems
3.3.5 Object Reuse Protection
3.3.6 Trusted Path
3.3.7 Cryptography
3.3.7.1 Foundations
3.3.7.2 Symmetric Algorithms
3.3.7.3 Asymmetric Algorithms
3.3.7.4 Hash Functions
3.3.7.5 Certificates
3.4 Security Evaluation Criteria
3.4.1 The Rainbow Series (Orange Book et al.)
3.4.2 European Initiatives
3.4.2.1 Overview
3.4.2.2 The German Green Book
3.4.2.3 The Information Technology Security Evaluation Criteria (ITSEC)
3.4.3 North American Initiatives
3.4.3.1 CTCPEC
3.4.3.2 MSFR
3.4.3.3 Federal Criteria
3.4.4 International Harmonisation
3.4.4.1 ISO Initiatives (ISO/IEC-ECITS)
3.4.4.2 The Common Criteria
3.4.5 Shortcomings of IT Security Evaluation Criteria
3.5 Conflict between IT Security and Privacy
3.5.1 Privacy Implications of IT Security Mechanisms
……
4.Privacy-Enhancing Technologies
5.A Task-Based Privacy Model
6.Specification and Implementation of the Privacy Policy Following the Generalised Framework for Access Control-Approach
7.Concluding Remarks
Appendix A:Formal Mathematical Privacy Model
Appdndix B:Implementation of a Hospital Scenario as a Demonstration Example
References
猜您喜欢