Errata to the First Printing (November 2018)

This is the errata for the first printing. I have added the name of the first person to report each problem.

Chapter 2, “Access Control Matrix”

Section 2.2.2, “Access Control by History”, p. 37 [author]

In the example, the variable file in the lines
    file = helper_proc()
    sys_delete_file(file)
should be tmp_file.

Section 2.3, “Protection State Transitions”, pp. 38–39 [author]

In the preconditions for item 1, create subject s, replace each a′ with A′.
In the preconditions for item 2, create object s, replace each a′ with A′.
In the primitive command for item 3, enter r into a[s,o], replace a[s,o] with A[s,o].
In the preconditions for item 3, replace each a with A and a′ with A′.
In the last paragraph of item 3, replace each a[s,o] with A[s,o].
In the primitive command for item 4, delete r from a[s,o], replace a[s,o] with A[s,o].
In the preconditions for item 4, replace each a with A and a′ with A′.
In the last paragraph of item 4, replace each a[s,o] with A[s,o].
In the preconditions for item 5, delete subject s, replace each a′ with A′.
In the preconditions for item 6, delete object s, replace each a′ with A′.

Chapter 3, “Foundational Results”

Section 3.4, “The Schematic Protection Model”, p. 79 [author]

In Definition 3–21, the last part of the definition of σ(X), the minus sign “−” should be a hyphen “-”.

Chapter 5, “Confidentiality Policies”

Section 5.2.2, “Example: Trusted Solaris”, p. 147 [author]

In the third bullet item of the first bulleted list, “write” should be “read” and in the last bullet item of that list, “read” should be “write”.

Section 5.2.3.1, “Basic Security Theorem”, p. 154 [Michael Papadopoulos]

In the induction step of the proof, in line 5, b_t−1 should be b_t−1.

Chapter 6, “Integrity Policies”

Section 6.2.3, “Biba’s Model (Strict Integrity Policy)”, p. 178 [Habib M. Ammari]

In the example, the phrase “risk level that starts out set to the highest credibility level” should read “risk level that starts out set to the lowest credibility level”. The word “highest” in the phrase should be “lowest”.

Section 6.4.1, “The Model”, p. 185–186 [author]

Just after Enforcement rule 1, “(CR1)” should be “(ER1)”.
Just after Enforcement rule 2, “(CR2)” should be “(ER2)”.
Just after Enforcement rule 3, “(CR3)” should be “(ER3)”.
Just after Enforcement rule 4, “(CR4)” should be “(ER4)”.

Section 6.4.1, “The Model”, p. 186 [Habib M. Ammari]

The paragraph just after Enforcement rule 4, that begins “This rule requires”, should come after Certification rule 5.

Section 6.5.1, “Policy-Based Trust Management”, p. 193 [author]

In the credential assertion at the bottom of the page, “_MAX_TRUST” should be “Approve”.

Section 6.5.2, “Reputation-Based Trust Management”, p. 195 [author]

In the last line of the first paragraph of the example, change “Bob” to “Boris”.

Section 6.5.2, “Reputation-Based Trust Management”, p. 196 [author]

In the third line of the first paragraph of the example, change “p(v,t)” to “p(u,t)”.

In the last equation of the example, change “S(v,i)” to “S(v,t)”.

Chapter 7, “Availability Policies”

Section 7.3.1.1, “User Agreement”, p. 206 [author]

In line 10, replace “p_i^*(c)” with “o_i^*(c)”.

Section 7.3.1.3, “Service Specification”, p. 209 [author]

In lines 3 and 4 of the resource constraints in the example, both “acquire” and “release” should be italicized. In line 4, the part before the ⇒ should be “(∀ id) (own[id] = M)”

Section 7.3.2.1, “Model of a Resource Allocation System”, p. 211 [author]

In line 3, “Q^S_p(p, r)” should be “Q^S_p(r)”.

Section 7.3.2.2, “Denial of Service Protection Base”, p. 214 [author]

For clarity, in line 3, after “(∀i)” should be a “[” and before the “⇒” should be a “]”.

Section 7.4.1, “Analysis”, p. 216 [author]

In the second paragraph, the second sentence should read “The key observation is that the waiting time policy has a maximum wait time, which is the time that the receiving process at the destination will wait for an ACK message from the sending process at the source.”

Chapter 8, “Hybrid Policies”

Section 8.1.2, “Formal Model”, p. 232 [author]

Replace “s ≠ S” with “s ∈ S” and “o ≠ O” with “o ∈ O”.

Chapter 9, “Noninterference and Policy Composition”

Section 9.2, “Deterministic Noninterference”, p. 260 [author]

In the line just before the first equation on the page, “T* : C* × S → S” should be “T* : C* × Σ → Σ”.

In the second line below the first equation on the page, “P* : C* × S → O” should be “P* : C* × Σ → O”.

Section 9.2, “Deterministic Noninterference”, p. 262 [author]

In the third line, “π_Holly(cs)” should be “π_Holly(c_s)”.

Section 9.2.1, “Unwinding Theorem”, p. 265 [author]

In the first equation, “T(c_n+1, T * (π′(cs), sb))” should be “T(c_n+1, T^*(π′(c_s), σ_b))”.

In the third equation, “T * (π′_d(c_sc_n+1), σ_b)” should be “T^*(π′_d(c_sc_n+1), σ_b)”.

Section 9.2.2, “Access Control Matrix Interpretation”, p. 267 [author]

In the second line of the second paragraph of the proof of Theorem 9.2, “(dom(c), d) ∈ r” should be “(dom(c), d) ∉ r”.

In the paragraph following item 5, the first “read” should be “write”.

Section 9.2.3, “Security Policies That Change over Time”, p. 269 [author]

In the second line, “cs” should be “c_s”.

Section 9.4.1, “Composition of Generalized Noninterference Systems”, p. 275 [author]

In Figure 9–5, the bottom arrow should be reversed and the “0 or 1” should be “stop_count”.

Section 9.10, “Exercises”, p. 285 [anonymous student]

In exercise 4 parts a and b, “still non-interference-secure” should be simply “noninterference-secure”. The composition in sectin 9.2.4 is not noninterference-secure.

Chapter 10, “Basic Cryptography”

Section 10.3.1, “El Gamal”, p. 307 [author]

In the third line of the example at the bottom of the page, “public” should be “private”.

Section 10.3.3, “Elliptic Curve Ciphers”, p. 314 [author]

In the example, change the second sentence to “They use y² = x³ + 4x + 14 mod 2503 and the point P = (1002, 493)”.

Section 10.5.2.2, “El Gamal Digital Signature”, p. 322 [author]

In the fourth line of the example, change the result of “p − 1” from “262643” to “262642”.

Chapter 11, “Key Management”

Section 11.2.1.2, “Otway-Rees Protocol”, p. 335 [Phillip Nico]

In the third message of the exchange in this protocol, the first r₂ should be r₁.

Section 11.2.1.3, “Bellare-Rogaway Protocol”, p. 336 [author]

In the third message of the exchange in this protocol, r₁ should be r₂. In the first line of the next paragraph, “When Bob receives the first message,” should be “When Bob receives the message from Cathy,”, and in the second line, r₁ should be r₂.

Section 11.4.3.1, “The Internet X.509 PKI”, p. 352 [author]

In line 6, change “key identifiers” to “key usage”.

Section 11.5.1.3, “The Yaksha Security System”, p. 357 [author]

In the third (last) equation, a_Alice should be n_Alice.

Chapter 12, “Cipher Techniques”

Section 12.2.1.1, “Synchronous Stream Ciphers”, p. 372 [author]

The fourth line of the example should be:
1001    1    f(1, 0, 0, 1) = (1 and 0) or 1 = 1    1100
and the next two registers should be 0110 and 0011.

Section 12.3.1, “Counter with CBC-MAC Mode”, p. 378 [author]

At the beginning of the description of Phase 2, in the middle of the page, change b₀ to A_i.

Section 12.3.2, “Galois Counter Mode”, p. 380 [author]

In line 1 of the program in Figure 12–5, in the comment, “X and X” should be “X and Y”. In line 2 of the caption, “V₁₂₇ is the leftmost bit” should be “V₁₂₇ is the rightmost bit”.

Section 12.5.2.2, “Session Setup and Initial Message”, p. 391 [author]

In the first line of the last equation, the first encryption should be “ECDH(IKprivAlice, SPKpubBob)”. The text has a spurious parenthesis “)” after the IK.

Section 12.5.2.3, “Sending Messages”, p. 392 [author]

In the second line after the first equation, “AEC” should be “AES”.

Section 12.5.3.1, “Supporting Cryptographic Mechanisms”, p. 395 [author]

In the definitions of P_hash and PRF, replace x with secret.

Section 12.5.4.1, “IPsec Architecture”, p. 405 [author]

In the eighth line, change “and the packet such as remote IP addresses” to “and packet attributes such as remote IP addresses”.

Section 12.5.4.3, “Encapsulating Security Payload Protocol”, p. 409 [author]

In the first line of the seventh paragraph, “ICV” should be “IVC” and in the next-to-last and last lines, “classical” should be “symmetric”.

Chapter 17, “Information Flow”

Section 17.4.1, “Fenton’s Data Mark Machine”, p. 564 [author]

In the last two lines on the page, change “x” to “z”. Also, move “PC ≤ y” up one line.

Section 17.4.1, “Fenton’s Data Mark Machine”, p. 565 [author]

In the second and third lines on the page, change “x” to “z”.

Chapter 18, “Confinement Problem”

Section 18.3.1.4, “Covert Flow Trees”, p. 604 [author]

Delete the second line of the first comment, and the type “boolean” from the declaration of the procedure “Lockfile”. Procedures do not return any values.

Section 18.3.1.4, “Covert Flow Trees”, p. 610 [author]

In the last 2 sentences of the example, change “(a 0 bit)” to “(a 1 bit)” and “(a 1 bit)” to “(a 0 bit)”.

Chapter 20, “Building Systems With Assurance”

Section 20.3.3.1, “Security Testing”, p. 690 [author]

In Figure 20–3, delete the lower “Build test suite” (the one outside the boxes near the bottom box).

Chapter 21, “Formal Methods”

Section 21.2, “Formal Specification”, p. 704 [author]

In the definition of “give-access” in the example, on the line with “VFUN access_matrix ()”, the “Accesses” should be “Access”.

Section 21.6, “Formally Verified Products”, pp. 722–723 [author]

In the example, “__soaap_var_read("decrypt")” should be “__soaap_var_read("decipher")” in both the program and the line underneath the program. In the second line under the program, “decrypt” should be “decipher”. Near the end of that paragraph (on p. 723), “__soaap_var_read("decrypt")” should be “__soaap_var_read("decipher")”.

Chapter 24, “Vulnerabilities Analysis”

Section 24.4.3.1, “The Flaw Classes”, p. 857 [author]

In Figure 24–8, the lower “Replicating” (on the path “Intentional>Nonmalicious>Covert channel>Replicating”) should be “Timing”.

Section 24.5.2, “Common Weaknesses and Exposures (CWE)”, p. 867 [author]

In the last line, “memory” should be ” Memory”.

Section 24.5.2, “Common Weaknesses and Exposures (CWE)”, p. 868 [author]

In the last paragraph of the example, “(CWE-275)” should be “(CWE-732)” and “(CWE-3856)” should be “(CWE-386)”.

Section 24.6.1, “The Flow-Based Model of Penetration Analysis”, p. 870 [author]

In Figure 24–11, in the lower rectangle, change “stcstr” to “srcstr”. In the oval at the bottom, change “srcdir” to “srcstr” and “destdir” to “deststr”.

Chapter 26, “Intrusion Detection”

Section 26.3.1.4, “Machine Learning”, p. 925 [author]

In the example, change every occurrence of “KDD-CUPS-99” to “KDD-CUP-99”.

Section 26.3.1.7, “Self-Organizing Maps”, p. 929 [author]

At the end of the second line from the bottom, “training set” to “input”.

Chapter 27, “Attacks and Responses”

Section 27.2.2, “The Requires/Provides Model”, p. 966 [author]

In Figure 27–2, the numbers “1” and “2” need to be exchanged. The numbers of the steps in the caption are correct.

Section 27.2.2, “The Requires/Provides Model”, p. 967 [author]

In line 8 of the non-example paragraph, change “is is” to “is”.

Section 27.2.3, “Attack Graphs”, p. 970 [author]

In the next to last line of the second paragraph of the example, change “P_i” to “p_i”.

Section 27.2.3, “Attack Graphs”, p. 970 [author]

In Figure 27–3(d), change “p₂” to “p₁”.

Section 27.3, “Intrusion Response”, p. 973 [author]

In the third line from the bottom, change both occurrences of Lτ to L_τ.

Section 27.4, “Digital Forensics”, p. 991 [author]

In the next to last line of the page, change “at at” to “at”.

Appendix E, “Symbolic Logic”

Section E.3.2, “Semantics of CTL”, p. 1187 [author]

In the third bullet item, the sentence that begins “This says that . . .” should begin on the next line.

Section E.4, “Exercises”, p. 1189 [Mark Heckman]

In the formula in exercise 3, “(n + 2)” should be “(2n + 1)”.

Appendix F, “The Encryption Standards”

Section F.2.2.3, “MixColumns”, p. 1198 [author]

In the third equation from the bottom: “s_2c” should be “s_2,c”.

Section F.2.3, “Encryption”, p. 1199 [author]

This section should be Section F.2.2.5.

In Figure F-10, the variable named “in” (on lines 1 and 5) should not be in bold (i.e., “in”), and the type “word” (in line 1) should be in bold (i.e., “word”).

Section F.2.3.1, “AES Decryption”, p. 1200 [author]

This section should be Section F.2.3.

Section F.2.3.2, “InvSubBytes”, p. 1200 [author]

This section should be Section F.2.3.1.

Section F.2.3.3, “InvShiftRows”, p. 1200 [author]

This section should be Section F.2.3.2.

Section F.2.3.4, “InvMixColumns”, p. 1201 [author]

This section should be Section F.2.3.3.

Section F.2.3.5, “Decryption”, p. 1201 [author]

This section should be Section F.2.3.4.

Section F.2.3.5, “Decryption”, p. 1202 [author]

In Figure F-13, the routine should be “decrypt” rather than “ encrypt” (line 1); the variable named “in” (on lines 1 and 5) should not be in bold (i.e., “in”), and the type “word” (in line 1) should be in bold (i.e., “word”). Also, the “SubBytes” and “ShiftRows” in lines 16 and 17 should be “InvSubBytes” and “InvShiftRows”, respectively.

Section F.2.4.4, “Round Key Schedule Generation”, p. 1203 [author]

In Figure F-15, the type “word” (in line 1) should be in bold (i.e., “word”); the operator “xor” (in lines 14 and 17) should be in bold (i.e., “xor”); and the operator “and” (in line 15) should be in bold (i.e., “and”).

Section F.2.5, “Equivalent Inverse Cipher Implementation”, p. 1204 [author]

In Figure F-17, the type “word” (in line 1) should be in bold (i.e., “word”).

References

• Reference 97, p. 1255 [author]: “Zieliński” should be “P. Zieliński”.
• Reference 103, p. 1255 [author]: “Computer Viruses and Malware 22” should be “Computer Viruses and Malware (Advances in Information Security 22)”.
• Reference 130, p. 1256 [author]: Change the book title to Handbook of Satisfiability.
• Reference 275, p. 1262 [author]: Change the book title to Insider Threats in Cyber Security.
• Reference 341, p. 1264 [author]: “Sstems” should be “Systems”.
• Reference 355, p. 1265 [author]: “Macmillan and Co.” should not be italicized.
• Reference 376, p. 1266 [author]: Change the paper title to “Security Strategies for SCADA Networks”.
• Reference 377, p. 1266 [author]: Insert “41(3)” after “ACM Computing Surveys”.
• Reference 609, p. 1275 [author]: Change “RFC 2538” to “RFC 2539”.
• Reference 631, p. 1276 [author]: Add “pp. 67–76” after “Proceedings of the Sixth USENIX UNIX Security Symposium”.
• Reference 669, p. 1278 [author]: Change “Secrity” to “Security”
• Reference 670, p. 1278 [author]: Change “719–729” to “49–61”
• Reference 834, p. 1284 [author]: Add “pp. 2–16” after “Proceedings of the 1996 Symposium on Network and Distributed System Security”
• Reference 968, p. 1290 [author]: Add “pp. 3–12” after “Proceedings of the 22nd Computer Security Foundations Workshop”
• Reference 1181, p. 1298 [author]: Add “pp. 3027–3028” after “Proceedings of the 2007 IEEE International Conference on Systems, Man and Cybernetics”
• Reference 1195, p. 1299 [author]: Add “2 pp. 12–26” after “Proceedings of the 2000 DARPA Information Survivability Conference and Exposition”
• Reference 1210, p. 1299 [author]: Change the book title to “Information Security Practices”
• Reference 1234, p. 1300 [author]: Add “Dayton, OH, USA” after “Braughler Books”
• Reference 1247, p. 1301 [author]: Add “pp. 326–340” after “Proceedings of the 20th Computer Security Foundations Workshop”
• Reference 1275, p. 1302 [author]: Add “pp. 259–270” after “Proceedings of the 1993 Winter USENIX Conference”
• Reference 1279, p. 1302 [author]: Add “Property” after “Hook-Up” in the paper title
• Reference 1290, p. 1302 [author]: Add “3348” after “Lecture Notes in Computer Science”
• Reference 1360, p. 1305 [author]: Add “pp. 201–216” after “Proceedings of the Seventh USENIX UNIX Security Symposium”
• Reference 1445, p. 1308 [author]: Change “4223” to “422”
• Reference 1484, p. 1310 [author]: Change “ed” to “eds”
• Reference 1561, p. 1313 [author]: Change the paper title to “Social Engineering and Low-Tech Attacks” and the book title to “Computer Security Handbook”
• Reference 1667, p. 1317 [author]: Change “PP(99)” to “11(2)”
• Reference 1668, p. 1317 [author]: Add “pp. 563–570” after “Proceedings of the First International Conference on Availability, Reliability and Security”
• Reference 1673, p. 1317 [author]: Change “specpub” to “Special Publication”
• Reference 1679, p. 1318 [author]: Add “pp. 199–208” after “Proceedings of the 18th Annual Computer Security Applications Conference”
• Reference 1839, p. 1324 [author]: Add “pp. 165–180” after “Proceedings of the Fourth Symposium on Operating System Design & Implementation”
• Reference 1845, p. 1324 [author]: Italicize the “k” in “k-Anonymity”
• Reference 1912, p. 1327 [author]: Change “ALERT” to “Alert” and “Pittsburg” to “Pittsburgh”
• Reference 1955, p. 1328 [author]: Change “68” to “(Student Mathematical Library 68)”
• Reference 1974, p. 1329 [author]: Add “pp. 170–176” after “Proceedings of the 25th IEEE International Conference on Distributed Computing Systems Workshops”
• Reference 2120, p. 1335 [author]: Change “Pittsburg” to “Pittsburgh”
• Reference 2121, p. 1335 [author]: Change “Pittsburg” to “Pittsburgh”
• Reference 2140, p. 1335 [author]: Add “Part” before “Number”
• Reference 2149, p. 1336 [author]: Change “Pittsburg” to “Pittsburgh”
• Reference 2153, p. 1336 [author]: Change “Pittsburg” to “Pittsburgh”
• Reference 2182, p. 1337 [author]: Change “Pittsburg” to “Pittsburgh”
• Reference 2190, p. 1337 [author]: Change “Pittsburg” to “Pittsburgh”
• Reference 2208, p. 1338 [author]: Change “Pittsburg” to “Pittsburgh”
• Reference 2209, p. 1338 [author]: Change “Pittsburg” to “Pittsburgh”
• Reference 2214, p. 1338 [author]: Change “FIPS 180-3” to “FIPS 180-4”
• Reference 2217, p. 1338 [author]: Change “FIPOS” to “FIPS”
• Reference 2219, p. 1338 [author]: Change “Pittsburg” to “Pittsburgh”
• Reference 2220, p. 1338 [author]: Change “Pittsburg” to “Pittsburgh”
• Reference 2222, p. 1338 [author]: Change “Pittsburg” to “Pittsburgh”
• Reference 2223, p. 1338 [author]: Change “Pittsburg” to “Pittsburgh”
• Reference 2224, p. 1338 [author]: Change “Pittsburg” to “Pittsburgh”
• Reference 2225, p. 1338 [author]: Change “Pittsburg” to “Pittsburgh” and insert a space between “PA,” and “USA”
• Reference 2232, p. 1338 [author]: Change “Pittsburg” to “Pittsburgh”
• Reference 2238, p. 1339 [author]: Change “Pittsburg” to “Pittsburgh”
• Reference 2239, p. 1339 [author]: Add “Washington, DC, USA” after “Department of Defense”
• Reference 2241, p. 1339 [author]: Add “Part” before “Number”
• Reference 2247, p. 1339 [author]: Change “Pittsburg” to “Pittsburgh”
• Reference 2254, p. 1339 [author]: Change “Pittsburg” to “Pittsburgh”

“An expert is a man who has made all the mistakes which can be made in a very narrow field.”
            —Niels Bohr

Last updated on Tuesday, November 6, 2018 at 7:15:05 PM