图书简介
Cyber threats are ever increasing. Adversaries are getting more sophisticated and cyber criminals are infiltrating companies in a variety of sectors. In today’s landscape, organizations need to acquire and develop effective security tools and mechanisms - not only to keep up with cyber criminals, but also to stay one step ahead. Cyber-Vigilance and Digital Trust develops cyber security disciplines that serve this double objective, dealing with cyber security threats in a unique way. Specifically, the book reviews recent advances in cyber threat intelligence, trust management and risk analysis, and gives a formal and technical approach based on a data tainting mechanism to avoid data leakage in Android systems
Introduction ix Wiem TOUNSI Chapter 1. What Is Cyber Threat Intelligence and How Is It Evolving? 1 Wiem TOUNSI 1.1. Introduction 1 1.2. Background 3 1.2.1. New Generation Threats 3 1.2.2. Analytical Frameworks 6 1.3. Cyber Threat Intelligence 9 1.3.1. Cyber Threat Intelligence Sources 9 1.3.2. Cyber Threat Intelligence Sub-Domains 11 1.3.3. Technical Threat Intelligence (TTI) 13 1.4. Related Work 14 1.5. Technical Threat Intelligence Sharing Problems 16 1.5.1. Benefits of CTI Sharing for Collective Learning 16 1.5.2. Reasons for Not Sharing 17 1.6. Technical Threat Intelligence Limitations 21 1.6.1. Quantity Over Quality 21 1.6.2. IOC-Specific Limitations 22 1.7. Cyber Threat Intelligent Libraries or Platforms 25 1.7.1. Benefits of CTI Libraries Based In the Cloud 26 1.7.2. Reluctance to Use Cloud Services 26 1.8. Discussion 27 1.8.1. Sharing Faster Is Not Sufficient 27 1.8.2. Reducing the Quantity of Threat Feeds 28 1.8.3. Trust to Share Threat Data and to Save Reputation Concerns 30 1.8.4. Standards for CTI Representation and Sharing 31 1.8.5. Cloud-Based CTI Libraries for Collective Knowledge and Immunity 34 1.9. Evaluation of Technical Threat Intelligence Tools 36 1.9.1. Presentation of Selected Tools 37 1.9.2. Comparative Discussion 38 1.10. Conclusion and Future Work 39 1.11. References 40 Chapter 2. Trust Management Systems: A Retrospective Study on Digital Trust 51 Reda YAICH 2.1. Introduction 51 2.2. What Is Trust? 52 2.3. Genesis of Trust Management Systems 54 2.3.1. Access Control Model 54 2.3.2. Identity-Based Access Control 55 2.3.3. Lattice-Based Access Control 57 2.3.4. Role-Based Access Control 58 2.3.5. Organization-Based Access Control 59 2.3.6. Attribute-Based Access Control 61 2.4. Trust Management 62 2.4.1. Definition 62 2.4.2. Trust Management System 64 2.4.3. Foundations 65 2.4.4. Automated Trust Negotiation 70 2.5. Classification of Trust Management Systems 72 2.5.1. Authorization-Based TMSs 73 2.5.2. Automated Trust Negotiation Systems 81 2.6. Trust Management In Cloud Infrastructures 90 2.6.1. Credentials-Based Trust Models 90 2.6.2. SLA-Based Trust Models 90 2.6.3. Feedback-Based Trust Models 91 2.6.4. Prediction-Based Trust Models 92 2.7. Conclusion 93 2.8. References 94 Chapter 3. Risk Analysis Linked to Network Attacks 105 Kamel KAROUI 3.1. Introduction 105 3.2. Risk Theory 107 3.2.1. Risk Analysis Terminology 107 3.2.2. Presentation of the Main Risk Methods 109 3.2.3. Comparison of the Main Methods 116 3.3. Analysis of IS Risk In the Context of IT Networks 120 3.3.1. Setting the Context 120 3.3.2. Risk Assessment 127 3.3.3. Risk Treatment 133 3.3.4. Acceptance of Risks 136 3.3.5. Risk Communication 137 3.3.6. Risk Monitoring 138 3.4. Conclusion 138 3.5. References 138 Chapter 4. Analytical Overview on Secure Information Flow In Android Systems: Protecting Private Data Used By Smartphone Applications 141 Mariem GRAA 4.1. Introduction 142 4.2. Information Flow 143 4.2.1. Explicit Flows 143 4.2.2. Implicit Flows 143 4.2.3. Covert Channels 144 4.3. Data Tainting 145 4.3.1. Interpreter Approach 145 4.3.2. Architecture-Based Approach 146 4.3.3. Static Taint Analysis 146 4.3.4. Dynamic Taint Analysis 147 4.4. Protecting Private Data In Android Systems 149 4.4.1. Access Control Approach 149 4.4.2. Preventing Private Data Leakage Approach 153 4.4.3. Native Libraries Approaches 157 4.5. Detecting Control Flow 160 4.5.1. Technical Control Flow Approaches 160 4.5.2. Formal Control Flow Approaches 162 4.6. Handling Explicit and Control Flows In Java and Native Android Apps? Code 164 4.6.1. Formal Specification of the Under-Tainting Problem 164 4.6.2. Formal Under-Tainting Solution 166 4.6.3. System Design 175 4.6.4. Handling Explicit and Control Flows In Java Android Apps? Code 176 4.6.5. Handling Explicit and Control Flows In Native Android Apps? Code 180 4.6.6. Evaluation 184 4.6.7. Discussion 187 4.7. Protection Against Code Obfuscation Attacks Based on Control Dependencies In Android Systems 188 4.7.1. Code Obfuscation Definition 188 4.7.2. Types of Program Obfuscations 189 4.7.3. Obfuscation Techniques 189 4.7.4. Code Obfuscation In Android System 190 4.7.5. Attack Model 191 4.7.6. Code Obfuscation Attacks 192 4.7.7. Detection of Code Obfuscation Attacks 194 4.7.8. Obfuscation Code Attack Tests 195 4.8. Detection of Side Channel Attacks Based on Data Tainting In Android Systems 198 4.8.1. Target Threat Model 199 4.8.2. Side Channel Attacks 200 4.8.3. Propagation Rules for Detecting Side Channel Attacks 203 4.8.4. Implementation 205 4.8.5. Evaluation 207 4.9. Tracking Information Flow In Android Systems Approaches Comparison: Summary 210 4.10. Conclusion and Highlights 215 4.11. References 216 List of Authors 227 Index 229
Trade Policy 买家须知
- 关于产品:
- ● 正版保障:本网站隶属于中国国际图书贸易集团公司,确保所有图书都是100%正版。
- ● 环保纸张:进口图书大多使用的都是环保轻型张,颜色偏黄,重量比较轻。
- ● 毛边版:即书翻页的地方,故意做成了参差不齐的样子,一般为精装版,更具收藏价值。
关于退换货:
- 由于预订产品的特殊性,采购订单正式发订后,买方不得无故取消全部或部分产品的订购。
- 由于进口图书的特殊性,发生以下情况的,请直接拒收货物,由快递返回:
- ● 外包装破损/发错货/少发货/图书外观破损/图书配件不全(例如:光盘等)
并请在工作日通过电话400-008-1110联系我们。
- 签收后,如发生以下情况,请在签收后的5个工作日内联系客服办理退换货:
- ● 缺页/错页/错印/脱线
关于发货时间:
- 一般情况下:
- ●【现货】 下单后48小时内由北京(库房)发出快递。
- ●【预订】【预售】下单后国外发货,到货时间预计5-8周左右,店铺默认中通快递,如需顺丰快递邮费到付。
- ● 需要开具发票的客户,发货时间可能在上述基础上再延后1-2个工作日(紧急发票需求,请联系010-68433105/3213);
- ● 如遇其他特殊原因,对发货时间有影响的,我们会第一时间在网站公告,敬请留意。
关于到货时间:
- 由于进口图书入境入库后,都是委托第三方快递发货,所以我们只能保证在规定时间内发出,但无法为您保证确切的到货时间。
- ● 主要城市一般2-4天
- ● 偏远地区一般4-7天
关于接听咨询电话的时间:
- 010-68433105/3213正常接听咨询电话的时间为:周一至周五上午8:30~下午5:00,周六、日及法定节假日休息,将无法接听来电,敬请谅解。
- 其它时间您也可以通过邮件联系我们:customer@readgo.cn,工作日会优先处理。
关于快递:
- ● 已付款订单:主要由中通、宅急送负责派送,订单进度查询请拨打010-68433105/3213。
本书暂无推荐
本书暂无推荐