ABSTRACT
Traditionally, security is viewed as maintaining the following services [Stallings 1995]:
• Confidentiality: Information should be accessible only to authorized parties. • Authentication: The origin of information is correctly identified. • Integrity: Only authorized parties can modify information. • Nonrepudiation: Neither sender nor receiver can deny the existence of a
message. • Access control: Access to information is controlled and limited. • Availability: Computer assets should be available to authorized users as
needed. The viewpoint taken by this book contains these services as a proper subset, but
considers security from a slightly larger perspective. In our view security is the ability to maintain a system’s correct functionality in response to attacks; this requires understanding the system’s behavior. This chapter explains known attacks.
