ABSTRACT
This book is about access control, security, and trust. We wrote this book for people who specify, design, build, or certify computer and information systems that must be trustworthy and secure. Most every information system or computer has some security requirement. Common examples include computers handling sensitive information such as financial information, health records, or military secrets. If you are responsible for designing, building, testing, or certifying systems that have security concerns, then you are concerned with the following:
• who or what can access protected resources, • how to protect the confidentiality, integrity, and availability of those resources, • who or what is trusted or believed, and • compelling reasons to conclude a system is worthy of trust.
