Abstract
In the field of information security, it is commonly accepted that security belongs at the lowest possible level of the processing stack [1]. If affirmative, one might ask, why is the issue of application security even being considered? Applications, after all, sit at the very top of the stack. The analog of a house built on a firm foundation is well known and easily understood. If he foundation is unsound, no structure will stand on it for too long. What is less well understood is that the converse is equally true. No matter how strong the foundation, where the house erected on the foundation is flimsy, the overall structure is unsound. The same is true with information security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gollmann, D. (1999). Computer security. New York, NY: Wiley.
Lohr, S., & Markoff, J. (2006, March 27) Windows is so slow, but why? The New York Times – Technology.
U.S. Department of Defense. (1985) DoD trusted computer security evaluation criteria (The orange book). DoD 5200.28-STD.
Bell, D., & Lapadula, L. (1996). Secure computer system: MITRE technical report 2547. Journal of Computer Security, 4(2/3), 239–263.
Multics. Retrieved April 5, 2003, from http://wombat.doc.ic.ac.uk/foldoc/foldoc.cgi?Multics
Everett, D. B. (2002, November 7). Trusted computing platforms. Proceedings of the Trusted Computer Masterclass Conference, QE2 Conference Centre, London.
Moglen, E. (2002, August 11). Free software matters: Untrustworthy computing. Columbia University Law School. Retrieved from http://emoglen.law.columbia.edu/publications/lu-22.html
Hulme, G. V. (2002, November 25). Trust this: Microsoft tries to secure Windows. Information Week.
Festa, P. (1999, November 23). Study says ‘buffer overflow’ is most common security bug. CNET News.com.
Bardon Data Systems. (2003, April 5). How secure is the Windows operating system? Retrieved from http://www.bardon.com/wp_windows.htm
Malicious Code: Threats & Responses. Retrieved April 3, 2003, from http://www.infosec.spectria.com/av/malcode.html
Malicious Code. Retrieved April 2, 2003, from http://csrc.nist.gov/publications/nistir/threats/section3_3.html
Wikipedia The Free Encyclopedia. (2003, April 2). Virus. Retrieved from http://www.wikipedia.org/wiki/Virus_(biology)
Buffer Overflow. Retrieved April 2, 2003, from http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci549024,00.html
Delio, M. (2001, March 12). New kit renews e-mail worm scare. Wired News.
Regan, T. (1999, October 7). Putting the dancing pigs in their cyber-pen. Christian Science Monitor.
Stets, D. (2003, April 3). A new browser could let others tap into your bank account. Retrieved from http://www.iks-jena.de/mitarb/lutz/security/activex.pe.phillynews.html
Abreu, E. M. (2001, August 6). The cost is $1.2 billion, so far. Chandigarh, India: The Tribune.
Evers, J. (2001, September 27). Kournikova worm maker sentenced to community service. IDG News Service.
Evers, J. (2001, September 13). Kournikova virus writer stands trial. IDG News Service.
The Back Orifice ‘Backdoor’ Program. Retrieved March 31, 2003, from http://www.nwinternet.com/~pchelp/bo/bo.html
Industry Canada. (2002, August 25). Government of Canada to review lawful access laws. News Release.
Ian Hopper, D. (2002, April 7). FBI finds increasing reluctance to report computer crimes. The Baton Rouge Sunday Advocate, 167(67).
Netgage, Inc. (2003, April 5). Law, investigation, and ethics. Retrieved from http://www.gonetgage.com/CISSP/legal.pdf
KEYKatcher. Retrieved April 2, 2003, from http://www.chatworker.com/surge.htm
KeyKey. Retrieved April 2, 2003, from http://www.cyber-007.com/keykey/screenshots.htm
Rivest, R. (2001). RSA security response to weaknesses in key scheduling algorithm of RC4. Retrieved from http://www.rsa.com/rsalabs/technotes/wep.html
Verton, D. (2001, July 16). Flaws in wireless security detailed. Computerworld.
Retrieved April 5, 2003, from http://www.warchalking.org/
Retrieved from http://www.netstumbler.com
Retrieved from http://www.ethereal.com/
Katz, J. (2000, May 15). Script kiddies – Who are these guys? Time Europe, 155(19).
Computer Security Institute. (2002, April 7). Cybercrime bleeds U.S. corporations, survey shows; financial losses from attacks climb for third year in a row. Retrieved from http://www.gocsi.com/press/20020407.html
CERT Coordination Center. (2001, June 4). Denial of service attacks.
CERT Advisory CA-2000-01. (2000, January 3). Denial-of-service developments.
Distributed Denial of Service (DDoS) Attacks/tools. Retrieved April 3, 2003, from http://staff.washington.edu/dittrich/misc/ddos/
Lyman, J. (2002, August 16). The trouble with software patches. Retrieved from http://www.newsfactor.com/perl/story/19023.html
Munro, N. (2002, January 4). Feds take minimal role in patching holes in cyberspace. National Journal.
Kanish, B. (2003, April 2). An overview of computer viruses and antivirus software. Retrieved from http://www.hicom.net/~oedipus/virus32.html#update
Molly Wood and CNET staff. (2000, July 13). The virus zoo: What’s out there and how to avoid it.
JavaTM Security. Retrieved from http://java.sun.com/security/
Microsoft COM Technologies. (1999, March 30). ActiveX controls. Retrieved from http://www.microsoft.com/com/tech/ActiveX.asp
McLain, F. (2003, April 6). ActiveX, or how to put nuclear bombs in web pages. Retrieved from http://www.halcyon.com/mclain/ActiveX/welcome.html
Network Working Group. (1999, January). RFC 2246, The TLS protocol. Internet Engineering Task Force.
Network Working Group. (1995, August). RFC 1825, security architecture for the Internet protocol. Internet Engineering Task Force.
The Ontario (Canada) Fire Code, §1.2.1.2.
Graham, R. (2000, March 21). FAQ: Network intrusion detection systems. Retrieved from http://www.robertgraham.com/pubs/network-intrusion-detection.html
Virtual Private Network Consortium. Retrieved from http://www.vpnc.org/
The SOS Information Security Policies. Retrieved from http://www.information-security-policies-and-standards.com/infopolicies.htm
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Stanley, R. (2011). Information Security. In: Ghosh, S., Turrini, E. (eds) Cybercrimes: A Multidisciplinary Analysis. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13547-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-13547-7_5
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13546-0
Online ISBN: 978-3-642-13547-7
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)