PREFACE 1 PSYCHOLOGICAL SECURITY TRAPS by Pelter "Mudge" Zatko Learned Helplessness and NaTvete Confirmation Traps Functional Fixation Summary
2 WIRELESS NETWORKING: FERTILE GROUND FOR SOCIAL ENGINEERING by Jim Stikley Easy Money Wireless Gone Wild Still, Wireless Is the Future
3 BEAUTIFUL SECURITY METRICS by Elizabeth A. Nichols Security Metrics by Analogy: Health Security Metrics by Example Summary
4 THE UNDERGROUND ECONOMY OF SECURITY BREACHES by Chenxi Wang The Makeup and Infrastructure of the Cyber Underground The Payoff How Can We Combat This Growing Underground Economy? Summary
5 BEAUTIFUL TRADE: RETHINKING E-COMMERCE SECURITY by Ed Bellis Deconstructing Commerce Weak Amelioration Attempts E-Commerce Redone: A New Security Model The New Model
6 SECURING ONLINE ADVERTISING: RUSTLERS AND SHERIFFS IN THE NEW WILD WEST by Benjamin Edelman Attacks on Users Advertisers As Victims Creating Accountability in Online Advertising
7 THE EVOLUTION OF PGP'S WEB OF TRUST by Phil Zimmermann and Jon Callas PGP and OpenPGP Trust, Validity, and Authority PGP and Crypto History Enhancements to the Original Web of Trust Model Interesting Areas for Further Research References
8 OPEN SOURCE HONEYCLIENT: PROACTIVE DETECTION OF CLIENT-SIDE EXPLOITS by Kathy Wang Enter Honeyclients Introducing the World's First Open Source Honeyclient Second-Generation Honeyclients Honeyclient Operational Results Analysis of Exploits Limitations of the Current Honeyclient Implementation Related Work The Future of Honeyclients
9 TOMORROW'S SECURITY COGS AND LEVERS by Mark Curphey Cloud Computing and Web Services: The Single Machine Is Here Connecting People, Process, and Technology: The Potential for Business Process Management Social Networking: When People Start Communicating, Big Things Change Information Security Economics: Supercrunching and the New Rules of the G rid Platforms of the Long-Tail Variety: Why the Future Will Be Different for Us All Conclusion Acknowledgments
10 SECURITY BY DESIGN by John McManus Metrics with No Meaning Time to Market or Time to Quality? How a Disciplined System Development Lifecycle Can Help Conclusion: Beautiful Security Is an Attribute of Beautiful Systems
11 FORCING FIRMS TO FOCUS: IS SECURE SOFTWARE IN YOUR FUTURE? by,lira Routh Implicit Requirements Can Still Be Powerful How One Firm Came to Demand Secure Software Enforcing Security in Off-the-Shelf Software Analysis: How to Make the World's Software More Secure
12 OH NO, HERE COME THE INFOSECURITY LAWYERS! by Randy V. Sabett Culture Balance Communication Doing the Right Thing
13 BEAUTIFUL LOG HANDLING by Anton Chuuakin Logs in Security Laws and Standards Focus on Logs When Logs Are Invaluable Challenges with Logs Case Study: Behind a Trashed Server Future Logging Conclusions
14 INCIDENT DETECTION: FINDING THE OTHER 68% by Grant Geyer and Brian Dunphy A Common Starting Point Improving Detection with Context Improving Perspective with Host Logging Summary
15 DOING REAL WORK WITHOUT REAL DATA by Peter Wayner How Data Translucency Works A Real-Life Example Personal Data Stored As a Convenience Trade-offs Going Deeper References
16 CASTING SPELLS: PC SECURITY THEATER by Michael Wood and Fernando Francisco Growing Attacks, Defenses in Retreat The Illusion Revealed Better Practices for Desktop Security Conclusion CONTRIBUTORS INDEX
摘要
In a flat world, workforces are decentralized. Instead of being physically connected in officesor factories as in the industrial revolution, teams are combined onto projects, and in manycases individuals combined into teams, over the Internet.
Many security principles are based on the notion of a physical office or a physical or logicalnetwork. Some technologies (such as popular file-sharing protocols such as Common InternetFile System [CIFS] and LAN-based synchronization protocols such as Address ResolutionProtocol [ARP]) take this local environment for granted. But those foundations becomeirrelevant as tasks, messages, and data travel a mesh of loosely coupled nodes.
The effect is similar to the effects of global commerce, which takes away the advantage ofrenting storefront property on your town's busy Main Street or opening a bank office near abusy seaport or railway station. Tasks are routed by sophisticated business rules engines thatdetermine whether a call center message should be routed to India or China, or whether thecheapest supplier for a particular good has the inventory in stock.
BPM software changes the very composition of supply chains, providing the ability todynamically reconfigure a supply chain based on dynamic business conditions. Businesstransactions take place across many companies under conditions ranging from microsecondsto many years. Business processes are commonly dehydrated and rehydrated as technologiesevolve to automatically discover new services. The complexity and impact of this way ofworking will only increase. ……
