作 者 简 介

我在信息安全领域已有将近20年的经验了，其中包括在行业中和政府里从事的一些宽泛的工作内容。我的职业经历包括在美国国家安全局(National Security Agency，NSA)的7年多，以及随后在一家硅谷创业公司的两年时间。虽然关于我在NSA的工作，我不能说太多，但是我可以告诉你——我的职业头衔曾经是密码技术数学家。在这个行业当中，我参与设计并开发了一款数字版权管理安全产品。这段现实世界中的工作经历，就像三明治一样被夹在学术性的职业生涯之间。身处学术界时，我的研究兴趣则包含了各式各样广泛的安全主题。

当我于2002年重返学术界时，于我而言，似乎没有一本可用的安全教科书能够与现实世界紧密相连。我觉得我可以撰写一本信息安全方面的书籍，以填补这个空缺，同时还可以在书中包含一些对于处于职业生涯的IT专业人士有所裨益的信息。基于我已经接收到的反馈情况，第1版显然已经获得了成功。

我相信，从既是一本教科书，又可作为专业人员的工作参考这个双重角色来看，第2版将会被证明更具价值，但是因此我也会产生一些偏见。可以说，我以前的很多学生如今都从业于一些领先的硅谷科技公司。他们告诉我，在我的课程中学到的知识曾令他们受益匪浅。于是，我当然就会很希望，当我之前在业界工作时也能有一本类似这样的书籍作为参考，那样我的同事们和我就也能够受惠于此了。

除了信息安全之外，我当然还有自己的生活。我的家人包括我的妻子Melody，两个很棒的儿子Austin(他的名字首字母是AES)和Miles(感谢Melody，他的名字首字母不至于成为DES)。我们热爱户外运动，定期会在附近做一些短途的旅行，从事一些诸如骑自行车、登山远足、露营以及钓鱼之类的活动。此外，我还花了太多的时间，用在我位于Santa Cruz山间的一座待修缮的房子上。

Now updated—your expert guide to twenty-first century information security Information security is a rapidly evolving field. As businesses and consumers become increasingly dependent on complex multinational information systems, it is more imperative than ever to protect the confidentiality and integrity of data. Featuring a wide array of new information on the most current security issues, this fully updated and revised edition of Information Security: Principles and Practice provides the skills and knowledge readers need to tackle any information security challenge. Taking a practical approach to information security by focusing on real-world examples, this book is organized around four major themes: Cryptography: classic cryptosystems, symmetric key cryptography, public key cryptography, hash functions, random numbers, information hiding, and cryptanalysis Access control: authentication and authorization, password-based security, ACLs and capabilities, multilevel security and compartments, covert channels and inference control, security models such as BLP and Biba's model, firewalls, and intrusion detection systems Protocols: simple authentication protocols, session keys, perfect forward secrecy, timestamps, SSH, SSL, IPSec, Kerberos, WEP, and GSM Software: flaws and malware, buffer overflows, viruses and worms, malware detection, software reverse engineering, digital rights management, secure software development, and operating systems security This Second Edition features new discussions of relevant security topics such as the SSH and WEP protocols, practical RSA timing attacks, botnets, and security certification. New background material has been added, including a section on the Enigma cipher and coverage of the classic "orange book" view of security. Also featured are a greatly expanded and upgraded set of homework problems and many new figures, tables, and graphs to illustrate and clarify complex topics and problems. A comprehensive set of classroom-tested PowerPoint slides and a solutions manual are available to assist in course development. Minimizing theory while providing clear, accessible content, Information Security remains the premier text for students and instructors in information technology, computer science, and engineering, as well as for professionals working in these fields.