IT安全与隐私

作者简介

Invasion of privacy and misuse of personal data are among the most obvious negative effects of today's information and communication technologies. Besides technical issues from a variety of fields, privacy legislation, depending on national activities and often lacking behind technical progress, plays an important role in designing, implementing, and using privacy-enhancing systems. Taking into account technical aspects from IT security, this book presents in detail a formal task-based privacy model which can be used to technically enforce legal privacy requirements. Furthermore, the author specifies how the privacy model policy has been implemented together with other security policies in accordance with the Generalized Framework for Access Control (GFAC). This book will appeal equally to R&D professionals and practitioners active in IT security and privacy, advanced students, and IT managers.

书籍目录

1.Introduction2.Privacy in the Global Information Society  2.1 Definition of Privacy and Data Protection  2.2 Historical Perspective on Data Protection Legislation  2.3 Privacy Principles of the German Census Decision  2.4 Basic Privacy Principles  2.5 The EU Directive on Data Protection  2.6 German Data Protection Legislation    2.6.1 The German Federal Data Protection Act (Bundesdatenschutzgesetz)    2.6.2 Data Protection Regulations for Information and Telecommunication Services  2.7 Threats to Privacy in the Global Networked Society    2.7.1 Privacy Threats at Application Level    2.7.2 Privacy Threats at Communication Level    2.7.3 Insecure Technologies  2.8 Problems of an International Harmonisation of Privacy Legislation  2.9 The Need for Privacy Enhancing Technologies  2.10 The Importance of Privacy Education  2.11 Conclusions3.IT-Security  3.1 Definition  3.2 Security Models    3.2.1 Harrison-Ruzzo-Ullman Model    3.2.2 Bell LaPadula Model    3.2.3 Unix System V/MLS Security Policy    3.2.4 Biba Model    3.2.5 Lattice Model of Information Flow    3.2.6 Noninterference Security Model    3.2.7 Clark-Wilson Model    3.2.8 Chinese Wall Model    3.2.9 Role-Based Access Control Models    3.2.10 Task-Based Authorisation Models for Workflow      3.2.10.1 Workflow Authorisation Model (WAM)      3.2.10.2 Task-Based Authorisation Controls (TBAC)    3.2.11 Security Models for Object-Oriented Information Systems      3.2.11.1 The Authorisation Model by Fernandez et al      3.2.11.2 The Orion Authorisation Model      3.2.11.3 The DORIS Personal Model of Data      3.2.11.4 Further Relevant Research    3.2.12 Resource Allocation Model for Denial of Service Protection    3.2.13 Multiple Security Policies Modelling Approaches      3.2.13.1 The Generalised Framework for Access Control (GFAC)      3.2.13.2 The Multipolicy Paradigm and Multipolicy Systems  3.3 Basic Security Functions and Security Mechanisms    3.3.1 Identification and User Authentication    3.3.2 Access Control    3.3.3 Auditing    3.3.4 Intrusion Detection Systems    3.3.5 Object Reuse Protection    3.3.6 Trusted Path    3.3.7 Cryptography      3.3.7.1 Foundations      3.3.7.2 Symmetric Algorithms      3.3.7.3 Asymmetric Algorithms      3.3.7.4 Hash Functions      3.3.7.5 Certificates  3.4 Security Evaluation Criteria    3.4.1 The Rainbow Series (Orange Book et al.)    3.4.2 European Initiatives      3.4.2.1 Overview      3.4.2.2 The German Green Book      3.4.2.3 The Information Technology Security Evaluation Criteria (ITSEC)    3.4.3 North American Initiatives      3.4.3.1 CTCPEC      3.4.3.2 MSFR      3.4.3.3 Federal Criteria    3.4.4 International Harmonisation      3.4.4.1 ISO Initiatives (ISO/IEC-ECITS)      3.4.4.2 The Common Criteria      3.4.5 Shortcomings of IT Security Evaluation Criteria  3.5 Conflict between IT Security and Privacy    3.5.1 Privacy Implications of IT Security Mechanisms　　……4.Privacy-Enhancing Technologies5.A Task-Based Privacy Model6.Specification and Implementation of the Privacy Policy Following the Generalised Framework for Access Control-Approach7.Concluding RemarksAppendix A:Formal Mathematical Privacy ModelAppdndix B:Implementation of a Hospital Scenario as a Demonstration ExampleReferences

媒体关注与评论

From the reviews: "The book offers a comprehensive view to the relation between IT security and privacy and to the privacy enhancing technologies. It represents useful reading for all IT professionals." (Jozef Vyskoc, Zentralblatt MATH, Vol. 980, 2002)

图书封面

---

 IT安全与隐私下载

---