Enterprise Level Security 1 And 2.
This is a set, comprising of Enterprise Level Security and Enterprise Level Security 2.Enterprise Level Security: Securing Information Systems in an Uncertain World provides a modern alternative to the fortress approach to security. The new approach is more distributed and has no need for passwords...
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | eBook |
| Language: | Inglés |
| Published: |
Milton :
Taylor & Francis Group
2020.
|
| Subjects: | |
| See on Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009809023806719 |
Table of Contents:
- Cover
- Volume 01
- Cover
- Half Title
- Title Page
- Copyright Page
- Dedication
- Table of Contents
- List of Figures
- List of Tables
- Foreword
- Preface
- Acknowledgments
- Author
- 1 Introduction
- 1.1 Problem Description
- 1.1.1 Success beyond Anticipation
- 1.1.2 But, It Started Long before That
- 1.1.2.1 A Brief History of the Development of the WWW
- 1.1.3 Fast-Forward to Today
- 1.2 What Is Enterprise Level Security?
- 1.3 Distributed versus Centralized Security
- 1.3.1 Case Study: Boat Design
- 1.3.2 Case Study Enterprise Information Technology Environment
- 1.3.3 Security Aspects
- 1.3.3.1 Confidentiality
- 1.3.3.2 Integrity
- 1.3.3.3 Availability
- 1.3.3.4 Authenticity
- 1.3.3.5 Nonrepudiation
- 1.4 Crafting a Security Model
- 1.4.1 The Assumptions
- 1.4.2 Tenets: Digging beneath the Security Aspects
- 1.5 Entities and Claims
- 1.5.1 Credentialing
- 1.6 Robust Assured Information Sharing
- 1.6.1 Security Requirements
- 1.6.2 Security Mechanisms
- 1.6.3 Goals and Assumptions of IA Architecture
- 1.6.4 Assumptions
- 1.6.5 A Framework for Entities in Distributed Systems
- 1.7 Key Concepts
- 1.7.1 ELS-Specific Concepts
- 1.7.2 Mapping between Tenets and Key Concepts
- 1.7.3 Enterprise-Level Derived Requirements
- 1.7.4 Mapping between Key Concepts and Derived Requirements
- 1.8 Two Steps Forward and One Step Back
- 1.9 The Approximate Time-Based Crafting
- 1.10 Summary
- Section I Basics and Philosophy
- 2 Identity
- 2.1 Who Are You?
- 2.2 Naming
- 2.3 Identity and Naming: Case Study
- 2.4 Implications for Information Security
- 2.5 Personas
- 2.6 Identity Summary
- 3 Attributes
- 3.1 Facts and Descriptors
- 3.2 An Attribute Ecosystem
- 3.3 Data Sanitization
- 3.3.1 Guarded and Filtered Inputs
- 3.3.2 Guard Administrator Web Interface
- 3.3.3 Integrity in Attribute Stores.
- 3.3.4 Secure Data Acquisition
- 3.3.5 Integrity at the Source
- 3.4 Temporal Data
- 3.5 Credential Data
- 3.6 Distributed Stores
- 4 Access and Privilege
- 4.1 Access Control
- 4.2 Authorization and Access in General
- 4.3 Access Control List
- 4.3.1 Group Requirements
- 4.3.2 Role Requirements
- 4.3.3 ACRs and ACLs
- 4.3.4 Discretionary Access Control and Mandatory Access Control
- 4.4 Complex Access Control Schemas
- 4.5 Privilege
- 4.6 Concept of Least Privilege
- 4.6.1 Least Privilege Case Study
- 5 Cryptography
- 5.1 Introduction
- 5.2 Cryptographic Keys and Key Management
- 5.2.1 Asymmetric Key Pairs
- 5.2.1.1 RSA Key Generation
- 5.3 Symmetric Keys
- 5.3.1 TLS Mutual Authentication Key Production
- 5.3.2 Other Key Production
- 5.4 Store Keys
- 5.5 Delete Keys
- 5.6 Encryption
- 5.7 Symmetric versus Asymmetric Encryption Algorithms
- 5.7.1 Asymmetric Encryption
- 5.7.2 RSA Asymmetric Encryption
- 5.7.3 Combination of Symmetric and Asymmetric Encryption
- 5.7.4 Symmetric Encryption
- 5.7.4.1 Stream Ciphers
- 5.7.4.2 Block Ciphers
- 5.7.5 AES/Rijndael Encryption
- 5.7.5.1 Description of the AES Cipher
- 5.7.6 Data Encryption Standard
- 5.7.6.1 Triple DES
- 5.7.6.2 Description of the Triple DES Cipher
- 5.8 Decryption
- 5.8.1 Asymmetric Decryption
- 5.8.2 Symmetric Decryption
- 5.9 Hash Function
- 5.9.1 Hash Function Algorithms
- 5.9.2 Hashing with Cryptographic Hash Function
- 5.9.2.1 MD-5
- 5.9.2.2 SHA-3-Defined SHA-512
- 5.10 Signatures
- 5.10.1 XML Signature
- 5.10.2 S/MIME Signature
- 5.10.3 E-Content Signature
- 5.11 A Note on Cryptographic Key Lengths
- 5.11.1 Encryption Key Discovery
- 5.11.2 The High-Performance Dilemma
- 5.11.3 Parallel Decomposition of Key Discovery
- 5.12 Internet Protocol Security
- 5.13 Other Cryptographic Services
- 5.14 The Java Cryptography Extension.
- 5.15 Data at Rest
- 5.16 Data in Motion
- 6 The Cloud
- 6.1 The Promise of Cloud Computing
- 6.2 Benefits of the Cloud
- 6.3 Drawbacks of Cloud Usage
- 6.3.1 Differences from Traditional Data Centers
- 6.3.2 Some Changes in the Threat Scenario
- 6.4 Challenges for the Cloud and High Assurance
- 6.5 Cloud Accountability, Monitoring, and Forensics
- 6.5.1 Accountability
- 6.5.2 Monitoring
- 6.5.3 Knowledge Repository
- 6.5.4 Forensic Tools
- 6.6 Standard Requirements for Cloud Forensics
- 7 The Network
- 7.1 The Network Entities
- 7.1.1 Most Passive Elements
- 7.1.2 Issues of the Most Passive Devices
- 7.1.3 The Convenience Functions
- 7.1.4 Issues for the Convenience Functions
- 7.1.5 Content Analyzers
- 7.1.6 Issues for Content Analyzers
- Section II Technical Details
- 8 Claims-Based Authentication
- 8.1 Authentication and Identity
- 8.2 Credentials in the Enterprise
- 8.3 Authentication in the Enterprise
- 8.3.1 Certificate Credentials
- 8.3.2 Registration
- 8.3.3 Authentication
- 8.4 Infrastructure Security Component Interactions
- 8.4.1 Interactions Triggered by a User Request for Service
- 8.4.2 Interaction Triggered by a Service Request
- 8.5 Compliance Testing
- 8.6 Federated Authentication
- 8.6.1 Naming and Identity
- 8.6.2 Translation of Claims or Identities
- 8.6.3 Data Requirements
- 8.6.4 Other Issues
- 9 Credentials for Access Claims
- 9.1 Security Assertion Markup Language
- 9.2 Access Control Implemented in the Web Service
- 9.3 Establishing Least Privilege
- 9.4 Default Values
- 9.5 Creating an SAML Token
- 9.6 Scaling of the STS for High Assurance Architectures
- 9.7 Rules for Maintaining High Assurance during Scale-Up
- 10 Claims Creation
- 10.1 Access Control Requirements at the Services
- 10.1.1 Discretionary Access Control List
- 10.1.2 Mandatory Access Control.
- 10.1.3 Access Control Logic
- 10.2 Access Control Requirement
- 10.3 Enterprise Service Registry
- 10.4 Claims Engine
- 10.5 Computed Claims Record
- 11 Invoking an Application
- 11.1 Active Entities
- 11.2 Claims-Based Access Control
- 11.2.1 Authorization in the Enterprise Context
- 11.3 Establishing Least Privilege
- 11.4 Authorizing the User to the Web Application
- 11.5 Authorizing a Web Service to a Web Service
- 11.6 Interaction between Security Components
- 11.6.1 Access from within the Enterprise
- 11.6.2 Disconnected, Intermittent, or Limited Environments
- 11.6.2.1 Prioritization of Communications
- 11.6.2.2 Reduction of the Need for Capacity
- 11.6.2.3 Asset Requirements
- 12 Cascading Authorization
- 12.1 Basic Use Case
- 12.2 Standard Communication
- 12.3 Pruning Attributes, Groups, and Roles
- 12.4 Required Escalation of Privilege
- 12.5 Data Requirements for the Pruning of Elements
- 12.6 Saving of the SAML Assertion
- 12.7 SAML Token Modifications for Further Calls
- 12.8 An Annotated Notional Example
- 12.9 Additional Requirements
- 12.10 Service Use Case Summary
- 13 Federation
- 13.1 Federation
- 13.2 Elements of Federated Communication
- 13.2.1 Naming and Identity
- 13.2.2 Credentials
- 13.2.3 PKI-X.509 Certificates
- 13.2.4 Certificate Services
- 13.2.5 Bilateral Authentication
- 13.2.6 Authorization Using SAML Packages
- 13.2.7 Registration of the STS
- 13.2.8 Recognizing STS Signatures
- 13.2.9 Translation of Properties, Roles, and Groups
- 13.2.10 Other Issues
- 13.3 Example Federation Agreement
- 13.4 Access from Outside the Enterprise
- 13.5 Trusted STS Store
- 13.6 Trusted STS Governance
- 14 Content Access Control
- 14.1 Authoritative and Nonauthoritative Content
- 14.2 Content Delivery Digital Rights Management
- 14.3 Mandatory Access Control.
- 14.4 Access Control Content Management System
- 14.5 Enforcing Access Control
- 14.6 Labeling of Content and Information Assets
- 14.7 Conveying Restrictions to the Requester
- 14.8 Enforcing/Obtaining Acknowledgment of Rest
- 14.9 Metadata
- 14.10 Content Management Function
- 14.11 Components of a Stored Information Asset
- 14.11.1 Information Asset, Section A: ACL, MAC, and Data
- 14.11.2 Information Asset, Section B: Information Asset as Labeled
- 14.11.3 Information Asset, Section C: Information Asset Signature(s)
- 14.11.4 Information Asset, Section D: MDE Metacard
- 14.12 Additional Elements for Stored Information Assets
- 14.12.1 Key Words
- 14.12.2 Storage Location(s) of Key Word Metadata
- 14.12.3 Reference Identity and Information Asset Description
- 14.12.4 Information Asset Name
- 14.12.5 Information Asset Description
- 14.13 Key Management Simplification
- 14.13.1 Information Asset
- 14.14 Import or Export of Information Assets
- 15 Delegation
- 15.1 Delegation Service
- 15.2 Service Description for Delegation
- 15.3 Form of Extended Claims Record
- 15.4 Special Delegation Service
- 16 The Enterprise Attribute Ecosystem
- 16.1 User and Data Owner Convenience Functions
- 16.1.1 Self-Registration (Partial)
- 16.1.2 User Attribute Service
- 16.1.3 Service Discovery
- 16.1.4 User Claim Query Service
- 16.1.5 Direct Service/Application Invocation
- 16.1.6 Trusted Delegation Service
- 16.1.7 Special Delegation Service
- 16.2 Attribute Ecosystems Use Cases
- 16.2.1 Process Flows Related to Security for Each Service
- 16.2.2 Updating Claims
- 16.2.3 Adding a New Identity
- 16.2.4 Adding a Service
- 16.2.5 Accessing Services
- 16.2.6 Providing Delegation
- 16.2.7 Providing Special Delegation
- 16.3 Attribute Ecosystem Services
- 16.3.1 Authoritative Content Import Service(s).
- 16.3.2 Manage Import and Aggregation Web Application.
