Security in Computing 6th Edition

Pfleeger
Visit to download the full and correct content document:
https://textbookfull.com/product/security-in-computing-6th-edition-pfleeger/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Security in Computing: 5th Edition Charles P. Pfleeger

And Shari Lawrence Pfleeger

https://textbookfull.com/product/security-in-computing-5th-
edition-charles-p-pfleeger-and-shari-lawrence-pfleeger/

Ubiquitous Computing and Computing Security of IoT N.

Jeyanthi

https://textbookfull.com/product/ubiquitous-computing-and-
computing-security-of-iot-n-jeyanthi/

Principles of Information Security 6th Edition Whitman

https://textbookfull.com/product/principles-of-information-
security-6th-edition-whitman/

The Complete Cloud Computing Manual 6th Edition Coll.

https://textbookfull.com/product/the-complete-cloud-computing-
manual-6th-edition-coll/
Management of Information Security 6th Edition Michael
E. Whitman

https://textbookfull.com/product/management-of-information-
security-6th-edition-michael-e-whitman/

Network Security Essentials Applications and Standards

6th Edition William Stallings

https://textbookfull.com/product/network-security-essentials-
applications-and-standards-6th-edition-william-stallings/

Mobile cloud computing models implementation and

security 1st Edition Keke Gai

https://textbookfull.com/product/mobile-cloud-computing-models-
implementation-and-security-1st-edition-keke-gai/

Advanced Computing and Systems for Security Volume

Seven Rituparna Chaki

https://textbookfull.com/product/advanced-computing-and-systems-
for-security-volume-seven-rituparna-chaki/

Advanced Computing and Systems for Security Volume Nine

Rituparna Chaki

https://textbookfull.com/product/advanced-computing-and-systems-
for-security-volume-nine-rituparna-chaki/
Security
in Computing
SIXTH EDITION
This page intentionally left blank
 Security
in Computing
SIXTH EDITION

Charles P. Pfleeger
Shari Lawrence Pfleeger
Lizzie Coles-Kemp

Boston • Columbus • New York • San Francisco • Amsterdam • Cape Town

Dubai • London • Madrid • Milan • Munich • Paris • Montreal • Toronto • Delhi • Mexico City
São Paulo • Sydney • Hong Kong • Seoul • Singapore • Taipei • Tokyo
Cover images: binary digits, best_vector/Shutterstock; person, Bits And Splits/Shutterstock
Figure 4-8: Screen capture, Mozilla Foundation
Figures 4-10, 4-11, 4-17, 6-59: Screen captures, Microsoft
Figures 6-41, 6-44: Screen captures, Yahoo

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where
those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been
printed with initial capital letters or in all capitals.

The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty
of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential
damages in connection with or arising out of the use of the information or programs contained herein.

For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic
versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding
interests), please contact our corporate sales department at corpsales@pearsoned.com or (800) 382-3419.

For government sales inquiries, please contact governmentsales@pearsoned.com.

For questions about sales outside the U.S., please contact intlcs@pearson.com.

Visit us on the Web: informit.com/aw

Library of Congress Control Number: 2023933248

Copyright © 2024 Pearson Education, Inc.

All rights reserved. This publication is protected by copyright, and permission must be obtained from the publisher prior
to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic,
mechanical, photocopying, recording, or likewise. For information regarding permissions, request forms and the
appropriate contacts within the Pearson Education Global Rights & Permissions Department, please visit www.pearson
.com/permissions.

ISBN-13: 978-0-13-789121-4
ISBN-10: 0-13-789121-0

ScoutAutomatedPrintCode
PEARSON’S COMMITMENT TO DIVERSITY, EQUITY, AND INCLUSION
Pearson is dedicated to creating bias-free content that reflects the diversity of all learners. We
embrace the many dimensions of diversity, including but not limited to race, ethnicity, gender,
socioeconomic status, ability, age, sexual orientation, and religious or political beliefs.
Education is a powerful force for equity and change in our world. It has the potential to deliver
opportunities that improve lives and enable economic mobility. As we work with authors to create
content for every product and service, we acknowledge our responsibility to demonstrate inclusivity
and incorporate diverse scholarship so that everyone can achieve their potential through learning.
As the world’s leading learning company, we have a duty to help drive change and live up to our
purpose to help more people create a better life for themselves and to create a better world.
Our ambition is to purposefully contribute to a world where:
• Everyone has an equitable and lifelong opportunity to succeed through learning.
• Our educational products and services are inclusive and represent the rich diversity of
learners.
• Our educational content accurately reflects the histories and experiences of the learners
we serve.
• Our educational content prompts deeper discussions with learners and motivates them to
expand their own learning (and worldview).
While we work hard to present unbiased content, we want to hear from you about any concerns
or needs with this Pearson product so that we can investigate and address them.
• Please contact us with concerns about any potential bias at https://www.pearson.com/
report-bias.html.
This page intentionally left blank
 Contents

Foreword xix

Preface xxv

Acknowledgments xxxi

About the Authors xxxiii

Chapter 1 Introduction 1
1.1 What Is Computer Security? 3
Values of Assets 4
The Vulnerability–Threat–Control Paradigm 5
1.2 Threats 6
Confidentiality 8
Integrity 10
Availability 11
Types of Threats 13
Types of Attackers 17
1.3 Harm 24
Risk and Common Sense 25
Method–Opportunity–Motive 28
1.4 Vulnerabilities 30
1.5 Controls 30
1.6 Conclusion 33
1.7 What’s Next? 34
1.8 Exercises 36

vii
viii Contents

Chapter 2 Toolbox: Authentication, Access Control,

and Cryptography 38
2.1 Authentication 40
Identification vs. Authentication 40
Authentication Based on Phrases and Facts:
Something You Know 42
Authentication Based on Biometrics: Something You Are 57
Authentication Based on Tokens: Something You Have 69
Federated Identity Management 72
Multifactor Authentication 74
Fitting Authentication to the Situation 76
2.2 Access Control 78
Access Policies 78
Implementing Access Control 82
Procedure-Oriented Access Control 92
Role-Based Access Control 92
2.3 Cryptography 93
Problems Addressed by Encryption 94
Terms and Concepts 94
DES: The Data Encryption Standard 104
AES: Advanced Encryption System 106
Public Key Cryptography 108
Using Public Key Cryptography to Exchange Secret Keys 112
Error Detecting Codes 117
Signatures 122
Trust 126
Certificates: Trustable Identities and Public Keys 130
Digital Signatures—All the Pieces 134
2.4 Conclusion 137
2.5 Exercises 138

Chapter 3 Programs and Programming 141

3.1 Unintentional (Nonmalicious) Programming Oversights 143
Buffer Overflow 144
Incomplete Mediation 163
Time-of-Check to Time-of-Use 166
Undocumented Access Point 168
Off-by-One Error 171
Integer Overflow 172
 Contents ix

Unterminated Null-Terminated String 173

Parameter Length, Type, and Number 174
Unsafe Utility Program 174
Race Condition 175
Unsynchronized Activity 175
3.2 Malicious Code—Malware 178
Malware—Viruses, Worms, and Trojan Horses 179
Technical Details: Malicious Code 188
3.3 Countermeasures 211
Countermeasures for Users 212
Countermeasures for Developers 217
Countermeasure Specifically for Security 232
Countermeasures That Don’t Work 241
3.4 Conclusion 245
3.5 Exercises 245

Chapter 4 The Internet—User Side 248

4.1 Browser Attacks 251
Browser Attack Types 251
How Browser Attacks Succeed: Failed Identification and
Authentication 258
4.2 Attacks Targeting Users 265
False or Misleading Content 265
Malicious Web Content 273
Protecting Against Malicious Webpages 279
4.3 Obtaining User or Website Data 280
Code Within Data 281
Website Data: A User’s Problem Too 285
Ransomware 287
Foiling Data Attacks 288
4.4 Mobile Apps 289
Apps and Security 289
Threats to Mobile Computing 293
Vulnerabilities from Using Apps 294
Why Apps Have Flaws 300
Finding Secure Apps 303
Protecting Yourself After Installing an App 305
Developing Secure Apps 307
x Contents

4.5 Email and Message Attacks 310

Fake Email 310
Fake Email Messages as Spam 311
Fake (Inaccurate) Email Header Data 316
Phishing 317
Protecting Against Email Attacks 319
4.6 Conclusion 320
4.7 Exercises 321

Chapter 5 Operating Systems 323

5.1 Security in Operating Systems 323
Background: Operating System Structure 324
Security Features of Ordinary Operating Systems 325
A Bit of History 327
Protected Objects 329
Operating System Tools to Implement Security Functions 334
5.2 Security in the Design of Operating Systems 351
Simplicity of Design 352
Layered Design 353
Kernelized Design 355
Reference Monitor 356
Correctness and Completeness 357
Secure Design Principles 358
Trusted Systems 359
5.3 Rootkits 371
Example: Phone Rootkits 371
Rootkit Characteristics 372
Rootkit Case Studies 378
Nonmalicious Rootkits 381
5.4 Conclusion 382
5.5 Exercises 382

Chapter 6 Networks 385

6.1 Network Concepts 386
Background: Network Transmission Media 387
Background: Protocol Layers 395
Background: Addressing and Routing 396

Part I—War on Networks: Network Security Attacks 399

6.2 Threats to Network Communications 400
Interception: Eavesdropping and Wiretapping 400
 Contents xi

Modification: Data Corruption 406

Interruption: Loss of Service 411
Port Scanning 415
Network Vulnerability Summary 420
6.3 Wireless Network Security 421
WiFi Background 421
Vulnerabilities in Wireless Networks 428
Failed Countermeasure: WEP (Wired Equivalent Privacy) 434
Stronger Protocol Suite: WPA (WiFi Protected Access) 438
6.4 Denial of Service 443
Example: Massive Estonian Web Failure 443
How Service Is Denied 445
Flooding (Capacity) Attacks in Detail 449
Network Flooding Caused by Malicious Code 450
Network Flooding by Resource Exhaustion 454
Denial of Service by Addressing Failures 455
Traffic Redirection 460
DNS Attacks 460
Exploiting Known Vulnerabilities 466
Physical Disconnection 467
6.5 Distributed Denial of Service 468
Scripted Denial-of-Service Attacks 471
Bots 472
Botnets 472
Malicious Autonomous Mobile Agents 477
Autonomous Mobile Protective Agents 477

Part II—Strategic Defenses: Security Countermeasures 479

6.6 Cryptography in Network Security 479
Network Encryption 479
Browser Encryption 484
Onion Routing 489
IP Security Protocol Suite (IPsec) 491
Virtual Private Networks 494
6.7 Firewalls 497
System Architecture 498
What Is a Firewall? 499
Design of Firewalls 501
Types of Firewalls 503
Personal Firewalls 514
Comparison of Firewall Types 516
xii Contents

Examples of Firewall Configurations 516

Network Address Translation (NAT) 521
6.8 Intrusion Detection and Prevention Systems 522
Types of IDSs 524
Goals for Intrusion Detection Systems 530
IDS Strengths and Limitations 531
Intrusion Prevention Systems 532
Intrusion Response 533
6.9 Network Management 536
Management to Ensure Service 537
Security Information and Event Management 540
All-of-the-Above Products or Families 542
6.10 Conclusion 545
6.11 Exercises 545

Chapter 7 Data and Databases 549

7.1 Introduction to Databases 550
Concept of a Database 550
Components of Databases 550
Advantages of Using Databases 554
7.2 Security Requirements of Databases 555
Integrity of the Database 555
Element Integrity 556
Auditability 559
Access Control 559
User Authentication 560
Availability 560
Integrity/Confidentiality/Availability 561
7.3 Reliability and Integrity 561
Protection Features from the Operating System 562
Two-Phase Update 562
Redundancy/Internal Consistency 565
Recovery 565
Concurrency/Consistency 565
7.4 Database Disclosure 566
Sensitive Data 567
Types of Disclosures 568
Preventing Disclosure: Data Suppression and Modification 578
Security versus Precision 580
 Contents xiii

7.5 Data Mining and Big Data 585

Data Mining 585
Big Data 591
7.6 Conclusion 599
7.7 Exercises 599

Chapter 8 New Territory 601

8.1 Introduction 601
Cloud Computing 603
The Internet of Things 604
Embedded Systems 605
8.2 Cloud Architectures and Their Security 605
Essential Characteristics 606
Service Models 608
Deployment Models 611
Security in Cloud Computing 611
Identity Management in the Cloud 618
8.3 IoT and Embedded Devices 627
IoT and Security 630
8.4 Cloud, IoT, and Embedded Devices—The Smart Home 638
Securing Smart Homes 640
Security Practices and Controls in the Smart Home 642
8.5 Smart Cities, IoT, Embedded Devices, and Cloud 643
Smart City Digital Architecture 645
Security and the Smart City 647
8.6 Cloud, IoT, and Critical Services 648
Healthcare 648
Security and the Internet of Medical Things 650
Utilities—Electricity and Water 652
8.7 Conclusion 657
8.8 Exercises 658

Chapter 9 Privacy 659

9.1 Privacy Concepts 660
Aspects of Information Privacy 660
Computer-Related Privacy Problems 664
9.2 Privacy Principles and Policies 671
Fair Information Practices 671
U.S. Privacy Laws 672
xiv Contents

Controls on U.S. Government Websites 675

Controls on Commercial Websites 676
Non-U.S. Privacy Principles 679
Individual Actions to Protect Privacy 682
Governments and Privacy 684
Identity Theft 687
9.3 Authentication and Privacy 688
What Authentication Means 689
Conclusions 693
9.4 Data Mining 694
Government Data Mining 695
Privacy-Preserving Data Mining 696
9.5 Privacy on the Internet 698
Understanding the Online Environment 698
Payments on the Internet 701
Site and Portal Registrations 703
Whose Page Is This? 704
Precautions for Web Surfing 705
Spyware 709
Shopping on the Internet 712
9.6 Email and Message Security 713
Where Does Email Go, and Who Can Access It? 713
Monitoring Email 714
Anonymous, Pseudonymous, and Disappearing Email 714
Spoofing and Spamming 716
Summary 716
9.7 Privacy Impacts of Newer Technologies 717
Radio Frequency Identification 717
Electronic Voting 721
Privacy in the Cloud 722
Conclusions on Newer Technologies 723
9.8 Conclusion 724
9.9 Exercises 725

Chapter 10 Management and Incidents 727

10.1 Security Planning 727
Organizations and Security Plans 729
Contents of a Security Plan 729
 Contents xv

Security Planning Team Members 736

Assuring Commitment to a Security Plan 737
10.2 Business Continuity Planning 738
Assess Business Impact 740
Develop Strategy 740
Develop the Plan 741
10.3 Handling Incidents 742
Incident Response Plans 742
Incident Response Teams 745
10.4 Risk Analysis 749
The Nature of Risk 750
Steps of a Risk Analysis 751
Arguments For and Against Risk Analysis 765
10.5 Physical Threats to Systems 767
Natural Disasters 767
Human Vandals 769
Contingency Planning 772
Physical Security Recap 776
10.6 New Frontiers in Security Management 776
10.7 Conclusion 778
10.8 Exercises 779

Chapter 11 Legal Issues and Ethics 781

11.1 Protecting Programs and Data 783
Copyrights 783
Patents 792
Trade Secrets 796
Special Cases 798
11.2 Information and the Law 800
Information as an Object 800
The Legal System 802
Summary of Protection for Computer Artifacts 805
11.3 Rights of Employees and Employers 805
Control of Products 805
Employment Contracts 808
11.4 Redress for Software Failures 808
Selling Correct Software 809
Reporting Software Flaws 811
xvi Contents

11.5 Computer Crime 814

Examples of Statutes 815
International Dimensions 818
Why Computer Criminals Are Hard to Catch 820
What Computer Crime Statutes Do Not Address 821
Summary of Legal Issues in Computer Security 821
11.6 Ethical Issues in Computer Security 822
Differences Between the Law and Ethics 822
Studying Ethics 824
Ethical Reasoning 825
11.7 An Ethical Dive into Artificial Intelligence 828
AI’s Meaning and Concerns 828
IBM: A Study in How to Approach Ethical AI 829
11.8 Incident Analyses with Ethics 830
Situation I: Use of Computer Services 832
Situation II: Privacy Rights 833
Situation III: Denial of Service 835
Situation IV: Ownership of Programs 836
Situation V: Proprietary Resources 838
Situation VI: Fraud 838
Situation VII: Accuracy of Information 840
Situation VIII: Ethics of Hacking or Cracking 841
Situation IX: True Representation 844
Conclusion of Computer Ethics 845
11.9 Conclusion 846
11.10 Exercises 847

Chapter 12 Details of Cryptography 850

12.1 Cryptology 851
Cryptanalysis 851
Cryptographic Primitives 856
One-Time Pads 857
Statistical Analysis 859
What Makes a “Secure” Encryption Algorithm? 860
12.2 Symmetric Encryption Algorithms 863
DES 863
Attacking Ciphertext 871
AES 874
Other Symmetric Algorithms 876
 Contents xvii

12.3 Asymmetric Encryption 877

The RSA Algorithm 877
Strength of the RSA Algorithm 878
Elliptic Curve Cryptosystems 881
Digression: Diffie–Hellman Key Exchange 882
12.4 Message Digests 883
Hash Functions 883
One-Way Hash Functions 883
Message Digests 884
Authenticated Encryption 886
12.5 Digital Signatures 888
12.6 Quantum Key Distribution 889
Key Distribution 889
Quantum Physics 890
Implementation 893
12.7 Conclusion 894

Chapter 13 Emerging Topics 895

13.1 AI and Cybersecurity 896
AI-Based Decision Making 897
AI-Driven Security Management 898
Adversarial AI 903
Responsible AI 905
Open Questions 906
13.2 Blockchains and Cryptocurrencies 908
What Is a Blockchain? 908
Commerce and Trust 910
What Is Cryptocurrency? 912
Cryptocurrency in the World Context 915
Is the Implementation of Cryptocurrencies Secure? 921
Open Questions 924
13.3 Offensive Cyber and Cyberwarfare 924
What Is Cyberwarfare? 924
Possible Examples of Cyberwarfare 926
Cyberwar or Offensive Cyber? 929
Critical Issues 932
xviii Contents

13.4 Quantum Computing and Computer Security 936

Quantum Computers 936
Quantum-Resistant Cryptography 937
13.5 Conclusion 937

Bibliography 939

Index 963
Foreword

From the authors: Willis Ware kindly wrote this Foreword, which was published in the
third, fourth, and fifth editions of Security in Computing. In his Foreword he covers
some of the early days of computer security, describing concerns that are as valid today
as they were in those earlier days.
Willis chose to sublimate his name and efforts to the greater good of the projects he
worked on. In fact, his thoughtful analysis and persuasive leadership contributed much
to the final outcome of these activities. Few people recognize Willis’s name today;
more people are familiar with the European Union Data Protection Directive that is a
direct descendant of the report [WAR73a] from his committee for the U.S. Department
of Human Services. Willis would have wanted it that way: the emphasis on the ideas
and not on his name.
Unfortunately, Willis died in November 2013 at age 93. We think the lessons he
wrote about in his Foreword are still important to our readers. Thus, with both respect
and gratitude, we republish his words here.

I
n the 1950s and 1960s, the prominent conference gathering places for practitioners
and users of computer technology were the twice yearly Joint Computer Confer-
ences (JCCs)—initially called the Eastern and Western JCCs, but later renamed the
Spring and Fall JCCs and even later, the annual National (AFIPS) Computer Confer-
ence. From this milieu, the topic of computer security—later to be called information
system security and currently also referred to as “protection of the national information
infrastructure”—moved from the world of classified defense interests into public view.
A few people—Robert L. Patrick, John P. Haverty, and myself among others—all
then at The RAND Corporation (as its name was then known) had been talking about
the growing dependence of the country and its institutions on computer technology.
It concerned us that the installed systems might not be able to protect themselves and
their data against intrusive and destructive attacks. We decided that it was time to bring
the security aspect of computer systems to the attention of the technology and user
communities.

xix
xx Foreword

The enabling event was the development within the National Security Agency (NSA)
of a remote-access time-sharing system with a full set of security access controls, run-
ning on a Univac 494 machine, and serving terminals and users not only within the
headquarters building at Fort George G. Meade, Maryland, but also worldwide. Fortu-
itously, I knew details of the system.
Persuading two others from RAND to help—Dr. Harold Peterson and Dr. Rein
Turn—plus Bernard Peters of NSA, I organized a group of papers and presented it
to the SJCC conference management as a ready-made additional paper session to be
chaired by me. [1] The conference accepted the offer, and the session was presented at
the Atlantic City (NJ) Convention Hall in 1967.
Soon thereafter and driven by a request from a defense contractor to include both
defense classified and business applications concurrently in a single mainframe machine
functioning in a remote-access mode, the Department of Defense, acting through the
Advanced Research Projects Agency (ARPA) and later the Defense Science Board
(DSB), organized a committee, which I chaired, to study the issue of security controls
for computer systems. The intent was to produce a document that could be the basis for
formulating a DoD policy position on the matter.
The report of the committee was initially published as a classified document and was
formally presented to the sponsor (the DSB) in January 1970. It was later declassified
and republished (by The RAND Corporation) in October 1979. [2] It was widely circu-
lated and became nicknamed “the Ware report.” The report and a historical introduction
are available on the RAND website. [3]
Subsequently, the United States Air Force (USAF) sponsored another committee
chaired by James P. Anderson. [4] Its report, published in 1972, recommended a 6-year
R&D security program totaling some $8M. [5] The USAF responded and funded sev-
eral projects, three of which were to design and implement an operating system with
security controls for a specific computer.
Eventually these activities led to the “Criteria and Evaluation” program sponsored
by the NSA. It culminated in the “Orange Book” [6] in 1983 and subsequently its sup-
porting array of documents, which were nicknamed “the rainbow series.” [7] Later, in
the 1980s and on into the 1990s, the subject became an international one leading to the
ISO standard known as the “Common Criteria.” [8]
It is important to understand the context in which system security was studied in the
early decades. The defense establishment had a long history of protecting classified
information in document form. It had evolved a very elaborate scheme for compart-
menting material into groups, sub-groups and super-groups, each requiring a specific
personnel clearance and need-to-know as the basis for access. [9] It also had a centuries-
long legacy of encryption technology and experience for protecting classified informa-
tion in transit. Finally, it understood the personnel problem and the need to establish the
trustworthiness of its people. And it certainly understood the physical security matter.
Thus, the computer security issue, as it was understood in the 1960s and even later,
was how to create in a computer system a group of access controls that would imple-
ment or emulate the processes of the prior paper world, plus the associated issues of
protecting such software against unauthorized change, subversion and illicit use, and
of embedding the entire system in a secure physical environment with appropriate
 Foreword xxi

management oversights and operational doctrine and procedures. The poorly under-
stood aspect of security was primarily the software issue with, however, a collateral
hardware aspect; namely, the risk that it might malfunction—or be penetrated—and
subvert the proper behavior of software. For the related aspects of communications,
personnel, and physical security, there was a plethora of rules, regulations, doctrine and
experience to cover them. It was largely a matter of merging all of it with the hardware/
software aspects to yield an overall secure system and operating environment.
However, the world has now changed and in essential ways. The desk-top com-
puter and workstation have appeared and proliferated widely. The Internet is flourishing
and the reality of a World Wide Web is in place. Networking has exploded and com-
munication among computer systems is the rule, not the exception. Many commercial
transactions are now web-based; many commercial communities—the financial one in
particular—have moved into a web posture. The “user” of any computer system can
literally be anyone in the world. Networking among computer systems is ubiquitous;
information-system outreach is the goal.
The net effect of all of this has been to expose the computer-based information system—
its hardware, its software, its software processes, its databases, its communications—to
an environment over which no one—not end-user, not network administrator or system
owner, not even government—has control. What must be done is to provide appropriate
technical, procedural, operational and environmental safeguards against threats as they
might appear or be imagined, embedded in a societally acceptable legal framework.
And appear threats did—from individuals and organizations, national and interna-
tional. The motivations to penetrate systems for evil purpose or to create malicious
software—generally with an offensive or damaging consequence—vary from personal
intellectual satisfaction to espionage, to financial reward, to revenge, to civil disobe-
dience, and to other reasons. Information-system security has moved from a largely
self-contained bounded environment interacting with a generally known and disciplined
user community to one of worldwide scope with a body of users that may not be known
and are not necessarily trusted. Importantly, security controls now must deal with
circumstances over which there is largely no control or expectation of avoiding their
impact. Computer security, as it has evolved, shares a similarity with liability insurance;
they each face a threat environment that is known in a very general way and can gener-
ate attacks over a broad spectrum of possibilities; but the exact details or even time or
certainty of an attack is unknown until an event has occurred.
On the other hand, the modern world thrives on information and its flows; the
contemporary world, society and institutions cannot function without their computer-
communication-based information systems. Hence, these systems must be protected in
all dimensions—technical, procedural, operational, environmental. The system owner
and its staff have become responsible for protecting the organization’s information
assets.
Progress has been slow, in large part because the threat has not been perceived as
real or as damaging enough; but also in part because the perceived cost of comprehen-
sive information system security is seen as too high compared to the risks—especially
the financial consequences—of not doing it. Managements, whose support with appro-
priate funding is essential, have been slow to be convinced.
xxii Foreword

This book addresses the broad sweep of issues above: the nature of the threat
and system vulnerabilities (Chapter 1); cryptography (Chapters 2 and 12); software vul-
nerabilities (Chapter 3); the Common Criteria (Chapter 5); the World Wide Web and
Internet (Chapters 4 and 6); managing risk (Chapter 10); and legal, ethical and privacy
issues (Chapters 9 and 11). The book also describes security controls that are currently
available such as encryption protocols, software development practices, firewalls, and
intrusion-detection systems. Overall, this book provides a broad and sound foundation
for the information-system specialist who is charged with planning and/or organizing
and/or managing and/or implementing a comprehensive information-system security
program.
Yet to be solved are many technical aspects of information security—R&D for hard-
ware, software, systems, and architecture; and the corresponding products. Notwith-
standing, technology per se is not the long pole in the tent of progress. Organizational
and management motivation and commitment to get the security job done is. Today, the
collective information infrastructure of the country and of the world is slowly moving
up the learning curve; every mischievous or malicious event helps to push it along. The
terrorism-based events of recent times are helping to drive it. Is it far enough up the
curve to have reached an appropriate balance between system safety and threat? Almost
certainly, the answer is “no, not yet; there is a long way to go.” [10]

—Willis H. Ware
RAND
Santa Monica, California
 Foreword xxiii

Citations
1. “Security and Privacy in Computer Systems,” Willis H. Ware; RAND, Santa Mon-
ica, CA; P-3544, April 1967. Also published in Proceedings of the 1967 Spring Joint
Computer Conference (later renamed to AFIPS Conference Proceedings), pp 279 seq,
Vol. 30, 1967.
“Security Considerations in a Multi-Programmed Computer System,” Bernard Peters;
Proceedings of the 1967 Spring Joint Computer Conference (later renamed to AFIPS
Conference Proceedings), pp 283 seq, vol 30, 1967.
“Practical Solutions to the Privacy Problem,” Willis H. Ware; RAND, Santa Monica, CA;
P-3544, April 1967. Also published in Proceedings of the 1967 Spring Joint Computer
Conference (later renamed to AFIPS Conference Proceedings), pp 301 seq, Vol. 30, 1967.
“System Implications of Information Privacy,” Harold E. Peterson and Rein Turn;
RAND, Santa Monica, CA; P-3504, April 1967. Also published in Proceedings of the
1967 Spring Joint Computer Conference (later renamed to AFIPS Conference Proceed-
ings), pp 305 seq, vol. 30, 1967.
2. “Security Controls for Computer Systems,” (Report of the Defense Science Board Task
Force on Computer Security), RAND, R-609-1-PR. Initially published in January 1970
as a classified document. Subsequently, declassified and republished October 1979.
3. http://rand.org/publications/R/R609.1/R609.1.html, “Security Controls for Computer
Systems”; R-609.1, RAND, 1979 http://rand.org/publications/R/R609.1/intro.html,
Historical setting for R-609.1
4. “Computer Security Technology Planning Study,” James P. Anderson; ESD-TR-73-51,
ESD/AFSC, Hanscom AFB, Bedford, MA; October 1972.
5. All of these documents are cited in the bibliography of this book. For images of these
historical papers on a CDROM, see the “History of Computer Security Project, Early
Papers Part 1,” Professor Matt Bishop; Department of Computer Science, University of
California at Davis. http://seclab.cs.ucdavis.edu/projects/history
6. “DoD Trusted Computer System Evaluation Criteria,” DoD Computer Security Cen-
ter, National Security Agency, Ft George G. Meade, Maryland; CSC-STD-001-83;
Aug 15, 1983.
7. So named because the cover of each document in the series had a unique and distinctively
colored cover page. For example, the “Red Book” is “Trusted Network Interpretation,”
National Computer Security Center, National Security Agency, Ft. George G. Meade,
Maryland; NCSC-TG-005, July 31, 1987. USGPO Stock number 008-000-00486-2.
8. “A Retrospective on the Criteria Movement,” Willis H. Ware; RAND, Santa Monica,
CA; P-7949, 1995. http://rand.org/pubs/papers/P7949/
9. This scheme is nowhere, to my knowledge, documented explicitly. However, its com-
plexity can be inferred by a study of Appendices A and B of R-609.1 (item [2] above).
10. “The Cyberposture of the National Information Infrastructure,” Willis H. Ware; RAND,
Santa Monica, CA; MR-976-OSTP, 1998. Available online at: http://www.rand.org/
publications/MR/MR976/mr976.html.
This page intentionally left blank
Preface

T
ablets, smartphones, TV set-top boxes, GPS navigation devices, watches,
doorbells, exercise monitors, home security stations, even washers and dryers
come with internet connections by which data from and about you go to places
over which you have little visibility or control. At the same time, the list of retailers
suffering massive losses of customer data continues to grow: Home Depot, Target, T.J.
Maxx, P.F. Chang’s, Sally Beauty, Equifax. The scope of the breaches is likewise grow-
ing: In September 2022, Facebook announced the compromise of login information for
as many as 1 million users, and a separate incident for Australian telecommunications
provider Optus may have involved 10 million customers. On the one hand, people want
the convenience and benefits that added connectivity brings, while on the other hand,
people are worried about, and some are seriously harmed by, the impact of such inci-
dents. Computer security brings these two threads together as technology races forward
with smart products whose designers often omit the basic controls that can prevent or
limit catastrophes.
To some extent, people sigh and expect security failures in basic products and com-
plex systems. But these failures do not have to occur. Every computer professional can
learn how such problems arise and how to counter them. Computer security has been
around as a formal field of study since the 1960s, producing excellent research results
that lead to a good understanding of threats and how to manage them.
But many people have difficulty focusing on how to understand and counter threats.
One factor that turns them off is language: Complicated phrases such as polymorphic
virus, advanced persistent threat, distributed denial-of-service attack, inference and
aggregation, multifactor authentication, quantum key exchange protocol, and intrusion
detection system do not exactly roll off the tongue or have intuitive meaning. Other
terms sound intriguing or cute but can be opaque, such as worm, botnet, rootkit, man-in-
the-browser, honeynet, sandbox, and script kiddie. The use of language from advanced
mathematics or microbiology is no less confounding, and the use of Latin terminology
from medicine and law separates those who know it from those who do not. But, in fact,
once explained with appropriate definitions and examples, the terms and concepts of
computer security can be easy to understand and apply.
The premise of computer security is quite simple: Vulnerabilities are weaknesses
in products, systems, protocols, algorithms, programs, interfaces, and designs. A

xxv
xxvi Preface

threat is a condition that could exercise a vulnerability to unwelcome effect. An

incident occurs when a threat exploits a vulnerability, causing harm. Finally, people
add controls or countermeasures to prevent, deflect, diminish, detect, diagnose, and
respond to threats. All of computer security is built from that simple framework.
In this book we explore the
two key aspects of computer Vulnerability: weakness
security: how bad things can Threat: condition that exercises vulnerability
happen and how we can pro- Incident: vulnerability + threat
tect our data, activities, and Control: reduction of threat or vulnerablity
selves.

WHY READ THIS BOOK?

Admit it. You know computing entails serious risks to the privacy and integrity of your
personal data and communications or the operation of your devices. But risk is a fact
of life in much that we do, not just those activities involving computers. For instance,
crossing the street is risky, perhaps more so in some places than others, but you still
cross the street. As a child you learned to stop and look both ways before crossing. As
you became older you learned to gauge the speed of oncoming traffic and determine
whether you had the time to cross. At some point you developed a sense of whether an
oncoming car would slow down or yield. We hope you never had to practice this, but
sometimes you have to decide whether darting into the street without looking is the best
means of escaping danger. The point is that all these matters depend on both knowledge
and experience. Understanding the concepts and examples in this book will help you
develop similar knowledge and experience with respect to the risks of computing.
You will learn about the role of computer security in everything from personal
devices to complex commercial systems: You start with a few basic terms, principles,
and concepts. Then you learn their relevance by seeing those basics reappear in numer-
ous situations, including programs, operating systems, networks, and cloud computing.
You will discover how to use a few fundamental tools, such as authentication, access
control, and encryption, and you will see how you can apply them to develop defense
strategies. You will start to think like an attacker, predicting the weaknesses that could
be exploited, enabling you to select defenses to counter those attacks. This last stage of
playing both offense and defense makes computer security a creative and challenging
activity.
Throughout this book we take an interdisciplinary approach, looking at topics not
only through a technical lens but also from the perspectives of people and organiza-
tions. In the sidebars and in the emerging topics set out in Chapter 13, we also consider
computer security in wider political and geopolitical contexts. This interdisciplinary
approach reflects the fact that many security problems are multifaceted and difficult to
solve without the input from a range of perspectives, so security teams are made up of
people with a range of skills and professional and educational backgrounds. Increas-
ingly, the study of security has been enriched by insights of people examining the issues
from different viewpoints, and we have reflected this in the range of disciplines we cite
 Preface xxvii

throughout this book. We hope this book will further encourage interdisciplinary study
and encourage you, the reader, to consider a broad range of perspectives when working
on computer security problems.

USES AND USERS OF THIS BOOK

This book is intended for people who want to learn about computer security; if you have
read this far you may well be such a person. Three groups of people may benefit from
the book’s content: school, college, and university students; computing professionals
and managers; and users of all kinds of computer-based systems. All want to know the
same two things: the risks involved in using computers and the ways to address them
using the principles of computer security. But you may differ in how much information
you need about particular topics: Some readers want a broad survey, while others want
to focus on particular topics, such as networks or program development.
This book should provide the breadth and depth that most readers want. It is orga-
nized by general area of computing, so readers with particular interests can find infor-
mation easily.

ORGANIZATION OF THIS BOOK

This book’s chapters progress in an orderly manner, from general security concerns to
the particular needs of specialized applications, and then to overarching management
and legal issues. Thus, this book progresses through six key areas of interest:
1. introduction: threats, vulnerabilities, and controls
2. the security practitioner’s “toolbox”: identification and authentication, access
control, and encryption
3. application areas of computer security practice: programs, user–internet inter-
action, operating systems, networks, data and databases, and cloud computing
4. cross-cutting disciplines: privacy, management, law, and ethics
5. details of cryptography
6. emerging topics of concern
The first chapter begins like many other expositions: by laying groundwork for the
rest of the book. In Chapter 1 we introduce terms and definitions, and we give some
examples to justify how these terms are used. In Chapter 2 we dig deeper by introducing
three concepts that form the basis of many defenses in computer security: identification
and authentication, access control, and encryption. We describe different ways to imple-
ment each of them, explore strengths and weaknesses, and tell of some recent advances
in these technologies.
Then we advance through computing domains, from the individual user outward.
In Chapter 3 we begin with individual programs, both those you might write and those
you use. Both kinds are subject to potential attacks, and we examine the nature of these
attacks to help us see how they could have been prevented. In Chapter 4 we move on
xxviii Preface

to the internet and programs people use to access it, especially browsers and apps. The
majority of attacks today are remote, carried out by a distant attacker across the internet.
Thus, it makes sense to study internet-borne malicious code. But this chapter’s focus is
on harm launched remotely, not on the network infrastructure by which it travels; we
defer the network concepts to Chapter 6. In Chapter 5 we consider operating systems,
a strong line of defense between a user and attackers. We also consider ways to under-
mine the strength of the operating system itself. Chapter 6 returns to networks, but this
time we look at architecture and technology, including denial-of-service attacks that
happen primarily in a network. Data, their collection and protection, form the focus of
Chapter 7, in which we look at database management systems and big data applications.
Finally, in Chapter 8 we explore cloud computing and the Internet of Things, relatively
recent additions to the computing landscape, but ones that bring their own vulnerabili-
ties and protections.
In Chapters 9 through 11 we address what we have termed the intersecting disci-
plines: First, in Chapter 9 we explore privacy, a familiar topic that relates to most of the
six domains from programs to clouds. Then Chapter 10 takes us to the organizational
side of computer security: how management plans for and addresses computer security
problems. Finally, Chapter 11 explores how laws and ethics help us control computer
misbehavior.
We introduce cryptography in Chapter 2. But the field of cryptography spans entire
books, courses, conferences, journals, and postgraduate programs of study. Because
this book needs to cover many important topics in addition to cryptography, we limit
our cryptography coverage in two ways. First, we treat cryptography as a tool, not as
a field of study. An automobile mechanic does not study the design of cars, weigh-
ing such factors as aerodynamics, fuel consumption, interior appointment, and crash
resistance; rather, a mechanic accepts a car as a given and learns how to find and fix
faults with the engine and other mechanical parts. Similarly, we want our readers to be
able to use cryptography to address security problems quickly; hence we briefly visit
and highlight the popular uses of cryptography in Chapter 2, postponing a deeper dive
into cryptography until later in Chapter 12 where we can explain cryptographic work
in more detail, with pointers to resources that interested readers can use to find richer
material elsewhere.
Our final chapter detours to four areas rife with significant computer security haz-
ards or that have bearing on how we make decisions about computer security: AI-driven
security, cryptocurrency and blockchains, offensive cyberwarfare, and the impact of
quantum computing on cryptography. In these emerging areas researchers are making
important progress, but these areas are still very much in transition. Thus, we identify
the topics and briefly describe some important work that is underway.

HOW TO READ THIS BOOK

What background should you have to appreciate this book? The only assumption we
make is that you have an understanding of programming and computer systems. Some-
one who is an advanced undergraduate or graduate student in computing certainly has
that background, as does a professional designer or developer of computer systems.
Another random document with
no related content on Scribd:
 Fig. 23.—Skeleton of the Perch.

Fig. 24.—Skeleton of a Perch’s Skull.

Fig. 25.—Hyoid arch, branchial apparatus, and scapulary arch of the Perch.
Fig. 26.—Lower view of Skull of Perch.
 Fig. 27.—Hyoid bone of the Perch.
The formation of the posterior part of the side of the skull is completed by the
mastoid and parietal bones. The former (12) projects outwards and backwards
farther than the paroccipital, forming the outer strong process of the side of the
cranium. This process lodges on its upper surface one of the main ducts of the
muciferous system, and affords the base of articulation to a part of the
hyomandibular. Its extremity gives attachment to the strong tendon of the dorso-
lateral muscles of the trunk. The parietals (7) are flat bones, of comparatively
much smaller extent than in higher Vertebrates, and separated from each other
by the anterior prolongation of the supraoccipital.
The anterior wall of the brain-capsule (or the posterior of the orbit) is formed
by the orbitosphenoids (14), between which, superiorly, the olfactory nerves, and
inferiorly, the optic, pass out of the cranium. In addition to this paired bone, the
Perch and many other fishes possess another single bone (15),—the os
sphenoideum anterius of Cuvier, ethmoid of Owen, and basisphenoid of Huxley; it
is Y-shaped, each lateral branch being connected with an orbito-sphenoid, whilst
the lower branch rests upon the long basal bone.
A cartilage, the substance of which is thickest above the vomer, and which
extends as a narrow stripe along the interorbital septum, represents the ethmoid
of higher Vertebrata; the olfactory nerves run along, and finally perforate it.
There remain, finally, the bones distinguishable on the upper surface of the
skull; the largest, extending from the nasal cavities to the occipital, are the frontal
bones (1), which also form the upper margin of the orbit. The postfrontals (4) are
small bones placed on the supero-posterior angle of the orbit, and serving as the
point from which the infraorbital ring is suspended. The pre-frontals (2), also
small, occupy the anterior margin of the orbit. A pair of small tubiform bones (20),
the turbinals, occupy the foremost part of the snout, in front of the frontals, and
are separated from each other by intervening cartilage.
After removal of the gill-cover and mandibulary suspensorium, the hyoid arch,
which encloses the branchial apparatus, and farther behind, the humeral arch are
laid open to view (Fig. 25). These parts can be readily separated from the
cranium proper.
The hyoid arch is suspended by a slender styliform bone, the stylohyal (29),
from the hyomandibulars; it consists of three segments, the epihyal (37),
ceratohyal (38), which is the longest and strongest piece, and the basihyal, which
is formed by two juxtaposed pieces (39, 40). Between the latter there is a median
styliform ossicle (41), extending forwards into the substance of the tongue, called
glossohyal or os linguale; and below the junction of the two hyoid branches there
is a vertical single bone (42), expanded along its lower edge, which, connected
by ligament with the anterior extremity of the humeral arch, forms the isthmus
separating the two gill-openings. This bone is called the urohyal. Articulated or
attached by ligaments to the epihyal and ceratohyal are a number of sword-
shaped bones or rays (43), the branchiostegals, between which the
branchiostegal membrane is extended.
The branchial arches (Figs. 25 and 27) are enclosed within the hyoid arch,
with which they are closely connected at the base. They are five in number, of
which four bear gills, whilst the fifth (56) remains dwarfed, is beset with teeth, and
called the lower pharyngeal bone. The arches adhere by their lower extremities to
a chain of ossicles (53, 54, 55), basibranchials, and, curving as they ascend,
nearly meet at the base of the cranium, to which they are attached by a layer of
ligamentous and cellular tissue. Each of the first three branchial arches consists
of four pieces movably connected with one another. The lowest is the
hypobranchial (57), the next much longer one (58) the cerato-branchial, and,
above this, a slender and a short irregularly-shaped epibranchial (61). In the
fourth arch the hypobranchial is absent. The uppermost of these segments (62),
especially of the fourth arch, are dilated, and more or less confluent; they are
beset with fine teeth, and generally distinguished as the upper pharyngeal bones.
Only the cerato-branchial is represented in the fifth arch or lower pharyngeal. On
their outer convex side the branchial segments are grooved for the reception of
large blood-vessels and nerves; on the inner side they support horny processes
(63), called the gill-rakers, which do not form part of the skeleton.
The scapular or humeral arch is suspended from the skull by the
(suprascapula) post-temporal (46), which, in the Perch, is attached by a triple
prong to the occipital and mastoid bones. Then follows the (scapula)
supraclavicula (47), and the arch is completed below by the union of the large
(coracoid) clavicula (48) with its fellow. Two flat bones (51, 52), each with a
vacuity, attached to the clavicle have been determined as the (radius and ulna)
coracoid and scapula of higher vertebrates, and the two series of small bones
(53) intervening between the forearm and the fin as carpals and metacarpals. A
two-jointed appendage the (epicoracoid) postclavicula, is attached to the clavicle:
its upper piece (49) is broad and lamelliform, its lower (50) styliform and pointed.
The ventral fins are articulated to a pair of flat triangular bones, the pubic
bones (80).
The bones of the skull of the fish have received so many different
interpretations that no two accounts agree in their nomenclature, so that their
study is a matter of considerable difficulty to the beginner. The following
synonymic table will tend to overcome difficulties arising from this cause; it
contains the terms used by Cuvier, those introduced by Owen, and finally the
nomenclature of Stannius, Huxley, and Parker. Those adopted in the present
work are printed in italics. The numbers refer to the figures in the accompanying
woodcuts (Figs. 23–27).
Cuvier. Owen. Stannius. Huxley, Parker, etc.
1. Frontal principal Frontal Os frontale
2. Frontal Prefrontal Os frontale Lateral ethmoid
antérieur anterius (Parker)
3. Ethmoid Nasal Os ethmoideum
4. Frontal Postfrontal Os frontale Sphenotic (Parker)
postérieur posterius
5. Basilaire Basioccipital Os basilare
6. Sphénoide Basisphenoid Os sphenoideum Sometimes referred
basilare to as “Basal”
7. Pariétal Parietal Os parietale
8. Interpariétal or Supraoccipital Os occipitale
occipital superius
supérieure
9. Occipital Paroccipital Os occipitale Epioticum (Huxley)
externe externum
10. Occipital lateral Exoccipital Os occipitale
laterale
11. Grande aile du Alisphenoid Ala temporalis Prooticum (Huxley)
sphénoide
12. Mastoidien Mastoid Os mastoideum + Opisthoticum[5]
 os +Squamosal
extrascapulare (Huxley)
13. Rocher Petrosal and Oberflächliche
Otosteal Knochen-
lamelle
14. Aile orbitaire Orbitosphenoid Ala orbitalis Alisphenoid (Huxley)
15. Sphenoide Ethmoid and Os sphenoideum Basisphenoid
antérieur Ethmoturbinal anterius (Huxley)
16. Vomer Vomer Vomer
17. Intermaxillaire Inter- or Pre- Os intermaxillare
maxillary
18. Maxillaire Maxillary Os maxillare
supérieur
19. Sousorbitaires Infraorbital ring Ossa infraorbitalia
20. Nasal Turbinal Os terminale
22. Palatine Palatin Os palatinum
23. Temporal Epitympanic Os temporale Hyomandibular
(Huxley)
24. Transverse Pterygoid Os transversum s.
pterygoideum
externum
25. Ptérygoidien Entopterygoid Os pterygoideum Mesopterygoid
interne (Parker)
26. Jugal Hypotympanic Os quadratojugale Quadrate (Huxley)
27. Tympanal Pretympanic Os tympanicum Metapterygoid
(Huxley)
28. Operculaire Operculum Operculum
29. Styloide Stylohyal Os styloideum
30. Préopercule Præoperculum Præoperculum
31. Symplectique Mesotympanic Os symplecticum
32. Sousopercule Suboperculum Suboperculum
33. Interopercule Interoperculum Interoperculum
34. Dentaire Dentary Os dentale
35. Articulaire Articulary Os articulare
36. Angulaire Angular Os angulare
37. Grandes pièces Epihyal Segmente der
latérales Zungenbein-
Schenkel
38. Ceratohyal
39. Petites pièces Basihyal
laterales
40.
41. Os lingual Glossohyal Os linguale s.
entoglossum
42. Queue de l’os Urohyal Basibranchiostegal
hyoide (Parker)
43. Rayon Branchiostegal Radii
branchiostège branchiostegi
46. Surscapulaire Suprascapula Omolita Post-temporal
(Parker)
 47. Scapulaire Scapula Scapula Supraclavicula
(Parker)
48. Humeral Coracoid Clavicula Clavicula (Parker)
49.
Postclavicula
Coracoid Epicoracoid
50. (Parker)
51. Cubital Radius Coracoid (Parker)
Ossa carpi
52. Radial Ulna Scapula (Parker)
Basalia (Huxley),
53. Os du carpe Carpals Ossa metacarpi
Brachials (Parker)
53 bis.
Chaine
55. Basibranchials Copula
intermédiaire
54.
56. Pharyngiens Lower Ossa pharyngea
inférieurs Pharyngeals inferiora
57. Pièce interne de Hypobranchial
partie
inférieure de
l’arceau
branchiale
58. Pièce externe „ Ceratobranchial
Segmente der
59. Stylet de Upper
Kiemenbogen-
prémière epibranchial of
Schenkel
arceau first branchial
branchiale arch
61. Partie Epibranchials
supérieure de
l’arceau
branchiale
62. Os pharyngian Pharyngobranchial Os pharyngeum Upper pharyngeals
supérieur superius
63. Gill-rakers
65. Rayons de la Pectoral rays Brustflossen-
pectorale Strablen
67, 68. Vertèbres Abdominal Bauchwirbel
abdominales vertebræ
69. Vertèbres Caudal vertebræ Schwanzwirbel
caudales
70. Plaque [Aggregated Verticale Platte Hypural (Huxley)
triangulaire et interhæmals]
verticale
71. Caudal rays Schwanzflossen
Strahlen
72. Côte Rib Rippen
73. Appendices or Epipleural spines Muskel-Gräthen
stylets
74. Interépineux Interneural spines Ossa interspinalia
s. obere
Flossentræger
75. Épines et Dorsal rays and Rückenflossen-
rayons spines Strablen u.
dorsales Stacheln
76. First interneural
78. Rudimentary
caudal rays
79. Apophyses Interhæmal spines Untere
épineuses Flossentræger
inférieures
80. Pubic Becken
81. Ventral spine Bauchflossen-
Stachel
 CHAPTER IV.

MODIFICATIONS OF THE SKELETON.

The lowermost sub-class of fishes, which comprises one form

only, the Lancelet (Branchiostoma [s. Amphioxus] lanceolatum),
possesses the skeleton of the most primitive type.

Fig. 28.—Branchiostoma lanceolatum. a, Mouth; b, Vent; c, abdominal porus.

Fig. 29.—Anterior end of body of Branchiostoma (magn.) d, Chorda dorsalis; e,

Spinal chord; f, Cartilaginous rods; g, Eye; h, Branchial rods; i, Labial
cartilage; k, Oral cirrhi.
The vertebral column is represented by a simple chorda dorsalis
or notochord only, which extends from one extremity of the fish to the
other, and, so far from being expanded into a cranial cavity, it is
pointed at its anterior end as well as at its posterior. It is enveloped in
a simple membrane like the spinal chord and the abdominal organs,
and there is no trace of vertebral segments or ribs; however, a series
of short cartilaginous rods above the spine evidently represent
apophyses. A maxillary or hyoid apparatus, or elements representing
limbs, are entirely absent.
[J. Müller, Ueber den Bau und die Lebenserscheinungen des
Branchiostoma lubricum, in Abhandl. Ak. Wiss. Berlin, 1844.]
The skeleton of the Cyclostomata (or Marsipobranchii) (Lampreys
and Sea-hags) shows a considerable advance of development. It
consists of a notochord, the anterior pointed end of which is wedged
into the base of a cranial capsule, partly membranous partly
cartilaginous. This skull, therefore, is not movable upon the spinal
column. No vertebral segmentation can be observed in the
notochord, but neural arches are represented by a series of
cartilages on each side of the spinal chord. In Petromyzon (Fig. 30)
the basis cranii emits two prolongations on each side: an inferior,
extending for some distance along the lower side of the spinal
column, and a lateral, which is ramified into a skeleton supporting
the branchial apparatus. A stylohyal process and a subocular arch
with a palato-pterygoid portion may be distinguished. The roof of the
cranial capsule is membranous in Myxine and in the larvæ of
Petromyzon, but more or less cartilaginous in the adult Petromyzon
and in Bdellostoma. A cartilaginous capsule on each side of the
hinder part of the skull contains the auditory organ, whilst the
olfactory capsule occupies the anterior upper part of the roof. A
broad cartilaginous lamina, starting from the cranium and overlying
part of the snout, has been determined as representing the ethmo-
vomerine elements, whilst the oral organs are supported by large,
very peculiar cartilages (labials), greatly differing in general
configuration and arrangement in the various Cyclostomes. There
are three in the Sea-lamprey, of which the middle one is joined to the
palate by an intermediate smaller one; the foremost is ring-like,
tooth-bearing, emitting on each side a styliform process. The lingual
cartilage is large in all Cyclostomes.
There is no trace of ribs or limbs.
 [J. Müller, Vergleichende Anatomie der Myxinoiden. Erster Theil.
Osteologie und Myologie, in Abhandl. Ak. Wiss. Berlin, 1835.]

Fig. 30.—Upper (A) and side (B) views, and vertical section (C) of the skull
of Petromyzon marinus.
a, Notochord; b, Basis cranii; c, Inferior, and d, Lateral process of basis; e,
Auditory capsule; f, Subocular arch; g, Stylohyal process; h, Olfactory
capsule; i, Ethmo-vomerine plate; k, Palato-pterygoid portion of subocular
arch; l-n, Accessory labial or rostral cartilages; with o, appendage; p,
lingual cartilage; q, neural arches; r, Branchial skeleton; s, Blind
termination of the nasal duct between the notochord and œsophagus.
 Fig. 31.—Heterocercal Tail of Centrina salviani.
a, Vertebræ; b, Neurapophyses; c, Hæmapophyses.
The Chondropterygians exhibit a most extraordinary diversity in
the development of their vertebral column; almost every degree of
ossification, from a notochord without a trace of annular structure to
a series of completely ossified vertebræ being found in this order.
Sharks, in which the notochord is persistent, are the Holocephali (if
they be reckoned to this order, and the genera Notidanus and
Echinorhinus). Among the first, Chimæra monstrosa begins to show
traces of segmentation; but they are limited to the outer sheath of the
notochord, in which slender subossified rings appear. In Notidanus
membranous septa, with a central vacuity, cross the substance of
the gelatinous notochord. In the other Sharks the segmentation is
complete, each vertebra having a deep conical excavation in front
and behind, with a central canal through which the notochord is
continued; but the degree in which the primitive cartilage is replaced
by concentric or radiating lamellæ of bone varies greatly in the
various genera, and according to the age of the individuals. In the
Rays all the vertebræ are completely ossified, and the anterior ones
confluent into one continuous mass.
In the majority of Chondropterygians the extremity of the
vertebral column shows a decidedly heterocercal condition (Fig. 31),
and only a few, like Squatina and some Rays, possess a diphycercal
tail
The advance in the development of the skeleton of the
Chondropterygians beyond the primitive condition of the previous
sub-classes, manifests itself further by the presence of neural and
hæmal elements, which extend to the foremost part of the axial
column, but of which the hæmal form a closed arch in the caudal
region only, whilst on the trunk they appear merely as a lateral
longitudinal ridge.

Fig. 32.—Lateral view.

Fig. 33.—Longitudinal section.
 Fig. 34.—Transverse section of Caudal
vertebra of Basking Shark (Selache
maxima). (After Hasse.) a, Centrum; b,
Neurapophysis; c, Intercrural cartilage; d,
Hæmapophysis; e, Spinal canal; f,
Intervertebral cavity; g, Central canal for
persistent portion of notochord; h, Hæmal
canals for blood-vessels.
The neural and hæmal apophyses are either merely attached to
the axis, as in Chondropterygians with persistent notochord, the
Rays and some Sharks; or their basal portions penetrate like wedges
into the substance of the centrum, so that, in a transverse section, in
consequence of the difference in their texture, they appear in the
form of an X.[6] The interspaces between the neurapophyses of the
vertebræ are not filled by fibrous membrane, as in other fishes, but
by separate cartilages, laminæ or cartilagines intercrurales, to which
frequently a series of terminal pieces is superadded, which must be
regarded as the first appearance of the interneural spines of the
Teleostei and many Ganoids. Similar terminal pieces are sometimes
observed on the hæmal arches. Ribs are either absent or but
imperfectly represented (Carcharias).
The substance of the skull of the Chondropterygians is cartilage,
interrupted especially on its upper surface by more or less extensive
fibro-membranous fontanelles. Superficially it is covered by a more
or less thick chagreen-like osseous deposit. The articulation with the
vertebral column is effected by a pair of lateral condyles. In the
Sharks, besides, a central conical excavation corresponds to that of
the centrum of the foremost vertebral segment, whilst in the Rays
this central excavation of the skull receives a condyle of the axis of
the spinous column.
The cranium itself is a continuous undivided cartilage, in which
the limits of the orbit are well marked by an anterior and posterior
protuberance. The ethmoidal region sends horizontal plates over the
nasal sacs, the apertures of which retain their embryonic situation
upon the under surface of the skull. In the majority of
Chondropterygians these plates are conically produced, forming the
base of the soft projecting snout; and in some forms, especially in
the long-snouted Rays and the Saw-fishes (Pristis) this prolongation
appears in the form of three or more tubiform rods.
As separate cartilages there are appended to the skull a
suspensorium, a palatine, mandible, hyoid, and rudimentary
maxillary elements.
The suspensorium is movably attached to the side of the skull. It
generally consists of one piece only, but in some Rays of two. In the
Rays it is articulated with the mandible only, their hyoid possessing a
distinct point of attachment to the skull. In the Sharks the hyoid is
suspended from the lower end of the suspensorium together with the
mandible.
What is generally called the upper jaw of a Shark is, as Cuvier
has already stated, not the maxillary, but palatine. It consists of two
simple lateral halves, each of which articulates with the
corresponding half of the lower jaw, which is formed by the simple
representative of Meckel’s cartilage.
 Some cartilages of various sizes are generally developed on
each side of the palatine, and one on each side of the mandible.
They are called labial cartilages, and seem to represent maxillary
elements.
The hyoid consists generally of a pair of long and strong lateral
pieces, and a single mesial piece. From the former cartilaginous
filaments (representing branchiostegals) pass directly outwards.
Branchial arches, varying in number, and similar to the hyoid,
succeed it. They are suspended from the side of the foremost part of
the spinous column, and, like the hyoid, bear a number of filaments.
The vertical fins are supported by interneural and interhæmal
cartilages, each of which consists of two and more pieces, and to
which the fin-rays are attached without articulation.
The scapular arch of the Sharks is formed by a single coracoid
cartilage bent from the dorsal region downwards and forwards. In
some genera (Scyllium, Squatina) a small separate scapular
cartilage is attached to the dorsal extremities of the coracoid; but in
none of the Elasmobranchs is the scapular arch suspended from the
skull or vertebral column; it is merely sunk, and fixed in the
substance of the muscles. Behind, at the point of its greatest
curvature, three carpal cartilages are joined to the coracoid, which
Gegenbaur has distinguished as propterygium, mesopterygium, and
metapterygium, the former occupying the front, the latter the hind
margin of the fin. Several more or less regular transverse series of
styliform cartilages follow. They represent the phalanges, to which
the horny filaments which are imbedded in the skin of the fin are
attached.
In the Rays, with the exception of Torpedo, the scapular arch is
intimately connected with the confluent anterior portion of the
vertebral column. The anterior and posterior carpal cartilages are
followed by a series of similar pieces, which extend like an arch
forwards to the rostral portion of the skull, and backwards to the
pubic region. Extremely numerous phalangeal elements, longest in
the middle, are supported by the carpals, and form the skeleton of
the lateral expansion of the so-called disk of the Ray’s body, which
thus, in fact, is nothing but the enormously enlarged pectoral fin.
The pubic is represented by a single median transverse cartilage,
with which a tarsal cartilage articulates. The latter supports the fin-
rays. To the end of this cartilage is also attached, in the male
Chondropterygians, a peculiar accessory generative organ or
clasper.
The Holocephali differ from the other Chondropterygians in
several important points of the structure of their skeleton, and
approach unmistakably certain Ganoids. That their spinal column is
persistently notochordal has been mentioned already. Their palatal
apparatus, with the suspensorium, coalesces with the skull, the
mandible articulating with a short apophysis of the cranial cartilage.
The mandible is simple, without anterior symphysis. The spine with
which the dorsal fin is armed articulates with a neural apophysis, and
is not immovably attached to it, as in the Sharks. The pubic consists
of two lateral halves, with a short, rounded, tarsal cartilage.
The skeleton of the Ganoid Fishes offers extreme variations with
regard to the degree in which ossifications replace the primordial
cartilage. Whilst some exhibit scarcely any advance beyond the
Plagiostomes with persistent cartilage, others approach, as regards
the development and specialisation of the several parts of their
osseous framework, the Teleosteans so closely that their Ganoid
nature can be demonstrated by, or inferred from, other
considerations only. All Ganoids possess a separate gill-cover.[7]
The diversity in the development of the Ganoid skeleton is well
exemplified by the few representatives of the order in the existing
Fish-fauna. Lowest in the scale (in this respect) are those with a
persistent notochord, and an autostylic skull, that is, a skull without
separate suspensorium—the fishes constituting the suborder Dipnoi,
of which the existing representatives are Lepidosiren, Protopterus,
and Ceratodus, and the extinct (as far as demonstrated at present)
Dipterus, Chirodus (and Phaneropleuron?). In these fishes the
notochord is persistent, passing uninterruptedly into the cartilaginous
base of the skull. Only now and then a distinct vertical segmentation