Essential Cybersecurity Science Build

Test and Evaluate Secure Systems 1st

Edition Josiah Dykstra
Visit to download the full and correct content document:
https://textbookfull.com/product/essential-cybersecurity-science-build-test-and-evaluat
e-secure-systems-1st-edition-josiah-dykstra/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Privacy, Regulations, And Cybersecurity: The Essential

Business Guide Chris Moschovitis

https://textbookfull.com/product/privacy-regulations-and-
cybersecurity-the-essential-business-guide-chris-moschovitis/

Making Passwords Secure Fixing the Weakest Link in

Cybersecurity First Edition Dovell Bonnett

https://textbookfull.com/product/making-passwords-secure-fixing-
the-weakest-link-in-cybersecurity-first-edition-dovell-bonnett/

Engineering Secure Software and Systems Mathias Payer

https://textbookfull.com/product/engineering-secure-software-and-
systems-mathias-payer/

The Alternative Augustan Age 1st Edition Josiah Osgood

https://textbookfull.com/product/the-alternative-augustan-
age-1st-edition-josiah-osgood/
Cybersecurity Program Development for Business: The
Essential Planning Guide 1st Edition Chris Moschovitis

https://textbookfull.com/product/cybersecurity-program-
development-for-business-the-essential-planning-guide-1st-
edition-chris-moschovitis/

Rails 5 Test Prescriptions Build a Healthy Codebase 1st

Edition Noel Rappin

https://textbookfull.com/product/rails-5-test-prescriptions-
build-a-healthy-codebase-1st-edition-noel-rappin/

Secure and Trustworthy Transportation Cyber Physical

Systems 1st Edition Yunchuan Sun

https://textbookfull.com/product/secure-and-trustworthy-
transportation-cyber-physical-systems-1st-edition-yunchuan-sun/

Rails 5 test prescriptions build a healthy codebase

Rappin

https://textbookfull.com/product/rails-5-test-prescriptions-
build-a-healthy-codebase-rappin/

The Cybersecurity Playbook Practical Steps for Every

Leader and Employee To Make Your Organization More
Secure First Edition Young

https://textbookfull.com/product/the-cybersecurity-playbook-
practical-steps-for-every-leader-and-employee-to-make-your-
organization-more-secure-first-edition-young/
 Essential Cybersecurity
Science
Build, Test, and Evaluate Secure Systems
Josiah Dykstra
Essential Cybersecurity Science
by Josiah Dykstra
Copyright © 2016 Josiah Dykstra. All rights reserved.
Printed in the United States of America.
Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North,
Sebastopol, CA 95472.
O’Reilly books may be purchased for educational, business, or sales
promotional use. Online editions are also available for most titles
(http://safaribooksonline.com). For more information, contact our
corporate/institutional sales department: 800-998-9938 or
corporate@oreilly.com.
Editors: Rachel Roumeliotis and Heather Scherer
Production Editor: Melanie Yarbrough
Copyeditor: Gillian McGarvey
Proofreader: Susan Moritz
Indexer: Lucie Haskins
Interior Designer: David Futato
Cover Designer: Ellie Volkhausen
Illustrator: Rebecca Demarest
December 2015: First Edition
Revision History for the First Edition
2015-12-01: First Release
See http://oreilly.com/catalog/errata.csp?isbn=0636920037231 for
release details.
The O’Reilly logo is a registered trademark of O’Reilly Media, Inc.
Essential Cybersecurity Science, the cover image, and related trade
dress are trademarks of O’Reilly Media, Inc.
While the publisher and the author have used good faith efforts to
ensure that the information and instructions contained in this work
are accurate, the publisher and the author disclaim all responsibility
for errors or omissions, including without limitation responsibility for
damages resulting from the use of or reliance on this work. Use of
the information and instructions contained in this work is at your
own risk. If any code samples or other technology this work contains
or describes is subject to open source licenses or the intellectual
property rights of others, it is your responsibility to ensure that your
use thereof complies with such licenses and/or rights. This book is
not intended as legal advice. Please consult a qualified professional if
you require legal advice.
978-1-491-92094-7
[LSI]
Preface
Who This Book Is For
Science applies to many areas of cybersecurity, and the target
audience for this book is broad and varied. This book is particularly
for developers, engineers, and entrepreneurs who are building and
evaluating cybersecurity hardware and software solutions. Among
that group, it is for infosec practitioners such as forensic
investigators, malware analysts, and other cybersecurity specialists
who use, build, and test new tools for their daily work. Some will
have programming experience, others a working knowledge of
various security tools (EnCase for forensics, Wireshark for network
analysis, IDA Pro for reverse engineering, and so on). The scientific
method can be applied to all of these disciplines. Cybersecurity
science can be applied to everyday problems, including:
Testing for bugs in your new smartphone game
Defending corporate security choices given a limited budget
Convincing people that your new security product is better than
the competition’s
Balancing intrusion detection accuracy and performance
The core audience is information security professionals who have
worked in the field for 5−10 years, who are becoming experts in
their craft and field, who are not formally trained in or exposed to
scientific investigation in their daily lives, and who desire to learn a
new approach that supplements and improves their work. I want you
to walk away from this book knowing how to conduct scientific
experiments on your everyday tools and procedures, and knowing
that after conducting such experiments, you have done your job
more securely, more accurately, and more effectively.
This book is not intended to turn you into a scientist, but it will
introduce you to the discipline of scientific thinking. For those new to
the field, including students of cybersecurity, this book will help you
learn about the scientific method as it applies to cybersecurity and
how you can conduct scientific experiments in your new profession.
For nondevelopers involved in cybersecurity, such as IT security
administrators who use, evaluate, buy, and recommend security
solutions for the enterprise, this book will help you conduct hands-on
experiments and interpret the scientific claims of others.
What This Book Contains
The first three chapters contain general information about the
scientific method as it applies across many domains of cybersecurity.
They cover the basic tenets of science, the need for science in
cybersecurity, and the methodology for scientific investigation.
Chapter 1 covers the scientific method and the importance of
science to cybersecurity. Chapter 2 discusses the prerequisites
needed to conduct cybersecurity experiments, from asking good
questions to putting the results to work. It also includes a checklist
to help you construct your own experiments. Chapter 3 includes
practical details about experimentation including test environments
and open datasets.
The remaining chapters are organized into standalone, domain-
specific topics. You can read them individually, although new
scientific topics and techniques in these chapters are applicable to
other domains. These chapters explore how the scientific method
can be applied to the specific topics and challenges of each domain.
Each topic chapter contains an overview of the scientific pursuits in
that domain, one instructive example of a scientific experiment in
that field, introduction of an analysis method (which can be applied
to other domains), and a practical example of a simple, introductory
experiment in that field that walks through the application of the
scientific method.
Chapter 4 is about cybersecurity science for software assurance,
including fuzzing and adversarial models.
Chapter 5 covers intrusion detection and incident response, and
introduces error rates (false positives and false negatives) and
performance/scalability/stress testing.
Chapter 6 focuses on the application of science to cyber
situational awareness, especially using machine learning and big
data.
 Chapter 7 covers cryptography and the benefits and limitations of
provably secure cybersecurity.
Chapter 8 is about digital forensics including scientific
reproducibility and repeatability.
Chapter 9, on malware analysis, introduces game theory and
malware clustering.
Chapter 10 discusses building and evaluating dependable systems
with security engineering.
Chapter 11 covers empirical experimentation for human-computer
interaction and security usability.
Chapter 12 includes techniques for the experimental evaluation of
security visualization.
Appendix A provides some additional information about evaluating
scientific claims, especially from vendors, and how people can be
misled, manipulated, or deceived by real or bogus science. There is
also a list of clarifying questions that you can use with salespeople,
researchers, and product developers to probe the methodology they
used.

Conventions Used in This Book

The following typographical conventions are used in this book:
Italic
Indicates new terms, URLs, email addresses, filenames, and file
extensions.

Constant width
Used for program listings, as well as within paragraphs to refer to
program elements such as variable or function names, databases,
data types, environment variables, statements, and keywords.

Constant width bold

 Shows commands or other text that should be typed literally by
the user.

Constant width italic

Shows text that should be replaced with user-supplied values or
by values determined by context.

TIP
This element signifies a tip or suggestion.

NOTE
This element signifies a general note.

CAUTION
This element indicates a warning or caution.

Safari® Books Online

NOTE
Safari Books Online (www.safaribooksonline.com) is an on-demand
digital library that delivers expert content in both book and video
form from the world’s leading authors in technology and business.
Technology professionals, software developers, web designers, and
business and creative professionals use Safari Books Online as their
primary resource for research, problem solving, learning, and
certification training.
Safari Books Online offers a range of plans and pricing for
enterprise, government, and education, and individuals.
Members have access to thousands of books, training videos, and
prepublication manuscripts in one fully searchable database from
publishers like O’Reilly Media, Prentice Hall Professional, Addison-
Wesley Professional, Microsoft Press, Sams, Que, Peachpit Press,
Focal Press, Cisco Press, John Wiley & Sons, Syngress, Morgan
Kaufmann, IBM Redbooks, Packt, Adobe Press, FT Press, Apress,
Manning, New Riders, McGraw-Hill, Jones & Bartlett, Course
Technology, and hundreds more. For more information about Safari
Books Online, please visit us online.

How to Contact Us
Please address comments and questions concerning this book to the
publisher:
O’Reilly Media, Inc.
1005 Gravenstein Highway North
Sebastopol, CA 95472
800-998-9938 (in the United States or Canada)
707-829-0515 (international or local)
707-829-0104 (fax)
We have a web page for this book, where we list errata, examples,
and any additional information. You can access this page at
http://bit.ly/essential-cybersecurity-science.
To comment or ask technical questions about this book, send email
to bookquestions@oreilly.com.
For more information about our books, courses, conferences, and
news, see our website at http://www.oreilly.com.
Find us on Facebook: http://facebook.com/oreilly
Follow us on Twitter: http://twitter.com/oreillymedia
Watch us on YouTube: http://www.youtube.com/oreillymedia
Disclaimer
The views expressed in this book are those of the author alone.
Reference to any specific commercial products, process, or service
by trade name, trademark, manufacturer, or otherwise, do not
necessarily constitute or imply endorsement, recommendation, or
favoring by the United States Government or the Department of
Defense.

Acknowledgments
My sincere thanks go to Rachel Roumeliotis, Heather Scherer, Nan
Barber, and the entire team at O’Reilly for helping me through the
editing and publication process. I am grateful to the brilliant and
honest technical reviewers, Michael Collins and Matt Georgy, who
improved many facets of the book. Thank you to my friends and
colleagues who provided feedback and support on this project:
Janelle Weidner Romano, Tim Leschke, Celeste Lyn Paul, Greg
Shannon, Brian Sherlock, Chris Toombs, Tom Walcott, and Cathy Wu.
I also wish to thank the community of friends, colleagues, and
strangers that I interacted with at conferences, meetings, and
workshops on cybersecurity science over the past few years,
especially LASER, CSET, and HoTSoS. These conversations helped
influence and contribute to many of the ideas in this book. Most
importantly, thank you to my wife Alicia for her love and
encouragement in this project and in all things.
Chapter 1. Introduction to
Cybersecurity Science

This chapter will introduce the concept—and importance—of

cybersecurity science, the scientific method, the relationship of
cybersecurity theory and practice, and high-level topics that relate to
science, including human factors and metrics.
Whether you’re a student, software developer, forensic investigator,
network administrator, or have any other role in providing
cybersecurity, this book will teach you the relevant scientific
principles and flexible methodologies for effective cybersecurity.
Essential Cybersecurity Science focuses on real-world applications of
science to your role in providing cybersecurity. You’ll learn how to
conduct your own experiments that can evaluate assurances of
security.
Let me offer a few reasons why science is worth the trouble.
Science is respected. A majority of the population sees value in
scientific inquiry and scientific results. Advertisers appeal to it all
the time, even if the science is nonsensical or made up. People
will respect you and your work in cybersecurity if you
demonstrate good science. “In the past few years, there has been
significant interest in promoting the idea of applying scientific
principles to information security,” said one report.1 Scientific
research can help convince your audience about the value of a
result.
Science is sexy. In addition to respect, many nonscientists
desire to understand and be part of a field they admire. Once
perceived as dry, boring, and geeky, science is becoming a thing
of admiration, and more and more people want to be identified
with it.
 Science provokes curiosity. Information security (infosec)
professionals are curious. They ask good questions and crave
information, as evidenced by the increasing value being placed on
data science. Science is a vehicle for information, and answers
stimulate more questions. Scientific inquiry brings a deeper
understanding about the cybersecurity domain.
Science creates and improves products. In the commercial
space, the market drives cybersecurity. Scientific knowledge can
improve existing products and lead to groundbreaking innovation
and applications. For infosec decision-makers, the scientifc
method can make product evaluations defensible and efficient.
Science advances knowledge. Science is one of the primary
ways that humans unearth new knowledge about the world.
Participants in science have the opportunity to contribute to the
body of human understanding and advance the state of the art.
In cybersecurity in particular, science will help prove practices and
techniques that work, moving us away from today’s practice of
cybersecurity “folk wisdom.”
Scientific experimentation and inquiry reveal opportunities to
optimize and create more secure cyber solutions. For instance,
mathematics alone can help cryptographers determine how to
design more secure crypto algorithms, but mathematics does not
govern the process of how to design a useful network mapping
visualization. Visualization requires experimentation and repeatable
user studies. Validation in this context is more like justification for
design choices. What is the optimal sampling rate for NetFlow in my
situation? Trying to answer that question and maximize the validity
of the answer is a scientific endeavor. Furthermore, you can learn
and apply lessons from what others have done in the past.
What Is Cybersecurity Science?
Cybersecurity science is an important aspect of the understanding,
development, and practice of cybersecurity. Cybersecurity is a broad
category, covering the technology and practices used to protect
computer networks, computers, and data from harm. People
throughout industry, academia, and government all use formal and
informal science to create and expand cybersecurity knowledge. As a
discipline, the field of cybersecurity requires authentic knowledge to
explore and reason about the “how and why” we build or deploy
security controls.
When I talk about applying science and the scientific method to
cybersecurity, I mean leveraging the body of knowledge about
cybersecurity (science) and a particular set of techniques for testing
a hypothesis against empirical reality (the scientific method).
 THE MANY WAYS TO OBTAIN KNOWLEDGE
Scientific investigation is not the only way to obtain knowledge. Among the
non-scientific methods can be common sense, intuition, and deduction.
Common sense describes knowledge that most people have in common, often
relating to human experiences. Intuition is the acquisition of knowledge
without conscious reasoning. Deduction uses given premises to reach
conclusions (e.g., All men are mortal. Einstein is a man. Therefore, Einstein is
mortal). Mathematics is deductive, because axioms are assumed to be true
without being tested.
In his book What Engineers Know and How They Know It, Walter Vincenti
identified six categories of engineering knowledge that seem to apply to
cybersecurity:
Fundamental design concepts
Criteria and specifications
Theoretical tools
Quantitative data
Practical considerations
Design instrumentalities
Another naive, but sadly common, method of advancing cybersecurity science
is by uninformed and untested guessing. We guess about what users want
tools to do. We guess about what to buy and how to deploy cybersecurity
solutions. Guessing is uninformed and ineffective, and while it may appear to
advance security, it is difficult to defend and often fails miserably.

Unfortunately, science has a reputation for being stuffy and cold,

and something that only people in white lab coats are excited about.
As a cybersecurity practitioner, think of science as a way to explore
your curiosity, an opportunity to discover something unexpected,
and a tool to improve your work.
You benefit every day from the experimentation and scientific
investigation done by people in cybersecurity. To cite a few
examples:
 Microsoft Research provides key security advances for Microsoft
products and services, including algorithms to detect tens of
millions of malicious Hotmail accounts.
Government and private researchers created Security-enhanced
Linux.
Research at Google helps improve products such as Chrome
browser security and YouTube video fingerprinting.
Symantec Research Labs has contributed new algorithms,
performance speedups, and products for the company.
Cybersecurity is an applied science. That is, people in the field often
apply known facts and scientific discoveries to create useful
applications, often in the form of technology. Other forms of science
include natural science (e.g., biology), formal science (e.g.,
statistics), and social science (e.g., economics). Cybersecurity
overlaps and is influenced by connections with social sciences such
as economics, sociology, and criminology.
Hindsight also causes us to undervalue the element of surprise of
scientific findings.
As you pursue science and scientific experimentation, keep biases in
mind and continually ask yourself whether or not you think a bias is
affecting your scientific processes or outcomes.

The Role of Metrics

It’s easy to make a mental mistake by substituting metrics for
science. Managers like metrics—the analysis of measurements over
time—because they think these numbers alone allow them to
determine whether the organization is secure or succeeding.
Sometimes metrics really are called for. However, counting the
number of security incidents at your company is not necessarily an
indication of how secure or insecure the company is. Determining
the percentage of weak passwords for your users is a metric but not
also a scientific inquiry. As we will see in Chapter 2, hypotheses are
testable proposed explanations like “people take more risks online
than in their physical lives.”
Don’t get me wrong: most experiments measure something! Metrics
can be part of the scientific process if they are used to test a
hypothesis. The topic of security metrics may also be the foundation
for scientific exploration. The point is not to be fooled by believing
that metrics alone can be substituted for science. To learn more
about the active field of security metrics, visit SecurityMetrics.org,
which hosts an active mailing list and annual conference.

Conclusion
The key concepts and takeaways about the scientific method
presented in this chapter and used throughout the book are:
Cybersecurity science is an important aspect of the
understanding, development, and practice of cybersecurity.
Another random document with
no related content on Scribd:
It was no use to run, but they ran anyway. This was what Sam meant
when he said he knew what Jim was going to do. Jim Cochran was
completely blackballed in his own profession. As he said, he couldn't
have gotten a job stirring with a wooden paddle in a soap factory.
Tom Banning and his family went with them. They went as far north
as they could and finally stopped running on the edge of the
Canadian wilderness. They pooled their funds and bought some
wheat land and some cattle stock and tried to stop thinking beyond
the end of each day.
They were grateful for the absence of television, but they kept a
radio. Through it, they learned when the Apollo finally took off with its
three-man crew. They followed its two and a half day journey through
space and heard the voice of Captain Allan Wright announce they
were in lunar orbit.
A few hours later the landing capsule was disengaged from the
spaceship and Captain Wright and William Chambers rode it down.
Their voices were heard in exultation as they announced their first
steps on the surface of the moon.
It was night in northern Canada when the landing was made. Jim and
Sam and Tom and their families were outside watching the full moon,
trying to imagine how it was up there. From the house they heard the
radio relaying the voices of the astronauts. The voices were relayed
to earth through the more powerful transmitter of the orbiting Apollo,
but as the spaceship circled the moon the voices of the men on the
surface were lost. Then they returned once more as the ship came
over their horizon.
For five orbits their voices came and went as they described their
sensations and exulted in the first minutes of their achievement.
Then, on the sixth orbit, there were no voices. There was only the
sudden, shrill cry of the third crewman, Don Anderson, who manned
the orbiting ship.
"Allan! Bill! Apollo to capsule: Come in, please. Bill—where are you—
I can't even see your capsule. I'm passing right over the spot. Apollo
to Base: I can't locate the capsule through the telescope. It looks like
a big crevasse right where the capsule was, but it wasn't there before.
Allan—Bill—Come in! Come in!"
Jim heard the sudden sob that shook Mary. He put his arm about her
shoulders and led her into the house.
Don Anderson remained in lunar orbit for two more days. Then he
was ordered home. He landed safely.
There were expressions of national sorrow over the unexplained loss
of the two astronauts, but plans were renewed for the next voyage.
The President said that sacrifices must be expected if this great goal
were to be achieved, and that it would be a betrayal of those who had
already given their lives if the work were to stop now.
In Canada that winter, Jim was sure the wolves howled on cold,
moonlit nights more than ever before. And something new was
happening to the moon. The silver light was taking on a faint tint of
orange. The radio told of a very learned report by some astronomer
who spoke obscurely of changes in albedo and percentages of
atmospheric dust and angstroms of sunlight. Any fool could see the
moon was changing color.
Jim listened to the wolves howling in the forest, and he thought of
Cramer's Pond when he was a boy, and of a machine tumbling into a
crevasse where a terrible darkness lay, and he wondered how long it
would be.
THE END
*** END OF THE PROJECT GUTENBERG EBOOK STAY OFF THE
MOON! ***

Updated editions will replace the previous one—the old editions will
be renamed.

Creating the works from print editions not protected by U.S.

copyright law means that no one owns a United States copyright in
these works, so the Foundation (and you!) can copy and distribute it
in the United States without permission and without paying copyright
royalties. Special rules, set forth in the General Terms of Use part of
this license, apply to copying and distributing Project Gutenberg™
electronic works to protect the PROJECT GUTENBERG™ concept
and trademark. Project Gutenberg is a registered trademark, and
may not be used if you charge for an eBook, except by following the
terms of the trademark license, including paying royalties for use of
the Project Gutenberg trademark. If you do not charge anything for
copies of this eBook, complying with the trademark license is very
easy. You may use this eBook for nearly any purpose such as
creation of derivative works, reports, performances and research.
Project Gutenberg eBooks may be modified and printed and given
away—you may do practically ANYTHING in the United States with
eBooks not protected by U.S. copyright law. Redistribution is subject
to the trademark license, especially commercial redistribution.

START: FULL LICENSE

THE FULL PROJECT GUTENBERG LICENSE
 PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK

To protect the Project Gutenberg™ mission of promoting the free

distribution of electronic works, by using or distributing this work (or
any other work associated in any way with the phrase “Project
Gutenberg”), you agree to comply with all the terms of the Full
Project Gutenberg™ License available with this file or online at
www.gutenberg.org/license.

Section 1. General Terms of Use and

Redistributing Project Gutenberg™
electronic works
1.A. By reading or using any part of this Project Gutenberg™
electronic work, you indicate that you have read, understand, agree
to and accept all the terms of this license and intellectual property
(trademark/copyright) agreement. If you do not agree to abide by all
the terms of this agreement, you must cease using and return or
destroy all copies of Project Gutenberg™ electronic works in your
possession. If you paid a fee for obtaining a copy of or access to a
Project Gutenberg™ electronic work and you do not agree to be
bound by the terms of this agreement, you may obtain a refund from
the person or entity to whom you paid the fee as set forth in
paragraph 1.E.8.

1.B. “Project Gutenberg” is a registered trademark. It may only be

used on or associated in any way with an electronic work by people
who agree to be bound by the terms of this agreement. There are a
few things that you can do with most Project Gutenberg™ electronic
works even without complying with the full terms of this agreement.
See paragraph 1.C below. There are a lot of things you can do with
Project Gutenberg™ electronic works if you follow the terms of this
agreement and help preserve free future access to Project
Gutenberg™ electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the
Foundation” or PGLAF), owns a compilation copyright in the
collection of Project Gutenberg™ electronic works. Nearly all the
individual works in the collection are in the public domain in the
United States. If an individual work is unprotected by copyright law in
the United States and you are located in the United States, we do
not claim a right to prevent you from copying, distributing,
performing, displaying or creating derivative works based on the
work as long as all references to Project Gutenberg are removed. Of
course, we hope that you will support the Project Gutenberg™
mission of promoting free access to electronic works by freely
sharing Project Gutenberg™ works in compliance with the terms of
this agreement for keeping the Project Gutenberg™ name
associated with the work. You can easily comply with the terms of
this agreement by keeping this work in the same format with its
attached full Project Gutenberg™ License when you share it without
charge with others.

1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside the
United States, check the laws of your country in addition to the terms
of this agreement before downloading, copying, displaying,
performing, distributing or creating derivative works based on this
work or any other Project Gutenberg™ work. The Foundation makes
no representations concerning the copyright status of any work in
any country other than the United States.

1.E. Unless you have removed all references to Project Gutenberg:

1.E.1. The following sentence, with active links to, or other

immediate access to, the full Project Gutenberg™ License must
appear prominently whenever any copy of a Project Gutenberg™
work (any work on which the phrase “Project Gutenberg” appears, or
with which the phrase “Project Gutenberg” is associated) is
accessed, displayed, performed, viewed, copied or distributed:
 This eBook is for the use of anyone anywhere in the United
States and most other parts of the world at no cost and with
almost no restrictions whatsoever. You may copy it, give it away
or re-use it under the terms of the Project Gutenberg License
included with this eBook or online at www.gutenberg.org. If you
are not located in the United States, you will have to check the
laws of the country where you are located before using this
eBook.

1.E.2. If an individual Project Gutenberg™ electronic work is derived

from texts not protected by U.S. copyright law (does not contain a
notice indicating that it is posted with permission of the copyright
holder), the work can be copied and distributed to anyone in the
United States without paying any fees or charges. If you are
redistributing or providing access to a work with the phrase “Project
Gutenberg” associated with or appearing on the work, you must
comply either with the requirements of paragraphs 1.E.1 through
1.E.7 or obtain permission for the use of the work and the Project
Gutenberg™ trademark as set forth in paragraphs 1.E.8 or 1.E.9.

1.E.3. If an individual Project Gutenberg™ electronic work is posted

with the permission of the copyright holder, your use and distribution
must comply with both paragraphs 1.E.1 through 1.E.7 and any
additional terms imposed by the copyright holder. Additional terms
will be linked to the Project Gutenberg™ License for all works posted
with the permission of the copyright holder found at the beginning of
this work.

1.E.4. Do not unlink or detach or remove the full Project

Gutenberg™ License terms from this work, or any files containing a
part of this work or any other work associated with Project
Gutenberg™.

1.E.5. Do not copy, display, perform, distribute or redistribute this

electronic work, or any part of this electronic work, without
prominently displaying the sentence set forth in paragraph 1.E.1 with
active links or immediate access to the full terms of the Project
Gutenberg™ License.
1.E.6. You may convert to and distribute this work in any binary,
compressed, marked up, nonproprietary or proprietary form,
including any word processing or hypertext form. However, if you
provide access to or distribute copies of a Project Gutenberg™ work
in a format other than “Plain Vanilla ASCII” or other format used in
the official version posted on the official Project Gutenberg™ website
(www.gutenberg.org), you must, at no additional cost, fee or expense
to the user, provide a copy, a means of exporting a copy, or a means
of obtaining a copy upon request, of the work in its original “Plain
Vanilla ASCII” or other form. Any alternate format must include the
full Project Gutenberg™ License as specified in paragraph 1.E.1.

1.E.7. Do not charge a fee for access to, viewing, displaying,

performing, copying or distributing any Project Gutenberg™ works
unless you comply with paragraph 1.E.8 or 1.E.9.

1.E.8. You may charge a reasonable fee for copies of or providing

access to or distributing Project Gutenberg™ electronic works
provided that:

• You pay a royalty fee of 20% of the gross profits you derive from
the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty
payments must be paid within 60 days following each date on
which you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly marked
as such and sent to the Project Gutenberg Literary Archive
Foundation at the address specified in Section 4, “Information
about donations to the Project Gutenberg Literary Archive
Foundation.”

• You provide a full refund of any money paid by a user who

notifies you in writing (or by e-mail) within 30 days of receipt that
s/he does not agree to the terms of the full Project Gutenberg™
License. You must require such a user to return or destroy all
 copies of the works possessed in a physical medium and
discontinue all use of and all access to other copies of Project
Gutenberg™ works.

• You provide, in accordance with paragraph 1.F.3, a full refund of

any money paid for a work or a replacement copy, if a defect in
the electronic work is discovered and reported to you within 90
days of receipt of the work.

• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.

1.E.9. If you wish to charge a fee or distribute a Project Gutenberg™

electronic work or group of works on different terms than are set
forth in this agreement, you must obtain permission in writing from
the Project Gutenberg Literary Archive Foundation, the manager of
the Project Gutenberg™ trademark. Contact the Foundation as set
forth in Section 3 below.

1.F.

1.F.1. Project Gutenberg volunteers and employees expend

considerable effort to identify, do copyright research on, transcribe
and proofread works not protected by U.S. copyright law in creating
the Project Gutenberg™ collection. Despite these efforts, Project
Gutenberg™ electronic works, and the medium on which they may
be stored, may contain “Defects,” such as, but not limited to,
incomplete, inaccurate or corrupt data, transcription errors, a
copyright or other intellectual property infringement, a defective or
damaged disk or other medium, a computer virus, or computer
codes that damage or cannot be read by your equipment.

1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES - Except

for the “Right of Replacement or Refund” described in paragraph
1.F.3, the Project Gutenberg Literary Archive Foundation, the owner
of the Project Gutenberg™ trademark, and any other party
distributing a Project Gutenberg™ electronic work under this
agreement, disclaim all liability to you for damages, costs and
expenses, including legal fees. YOU AGREE THAT YOU HAVE NO
REMEDIES FOR NEGLIGENCE, STRICT LIABILITY, BREACH OF
WARRANTY OR BREACH OF CONTRACT EXCEPT THOSE
PROVIDED IN PARAGRAPH 1.F.3. YOU AGREE THAT THE
FOUNDATION, THE TRADEMARK OWNER, AND ANY
DISTRIBUTOR UNDER THIS AGREEMENT WILL NOT BE LIABLE
TO YOU FOR ACTUAL, DIRECT, INDIRECT, CONSEQUENTIAL,
PUNITIVE OR INCIDENTAL DAMAGES EVEN IF YOU GIVE
NOTICE OF THE POSSIBILITY OF SUCH DAMAGE.

1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If you

discover a defect in this electronic work within 90 days of receiving it,
you can receive a refund of the money (if any) you paid for it by
sending a written explanation to the person you received the work
from. If you received the work on a physical medium, you must
return the medium with your written explanation. The person or entity
that provided you with the defective work may elect to provide a
replacement copy in lieu of a refund. If you received the work
electronically, the person or entity providing it to you may choose to
give you a second opportunity to receive the work electronically in
lieu of a refund. If the second copy is also defective, you may
demand a refund in writing without further opportunities to fix the
problem.

1.F.4. Except for the limited right of replacement or refund set forth in
paragraph 1.F.3, this work is provided to you ‘AS-IS’, WITH NO
OTHER WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR ANY PURPOSE.

1.F.5. Some states do not allow disclaimers of certain implied

warranties or the exclusion or limitation of certain types of damages.
If any disclaimer or limitation set forth in this agreement violates the
law of the state applicable to this agreement, the agreement shall be
interpreted to make the maximum disclaimer or limitation permitted
by the applicable state law. The invalidity or unenforceability of any
provision of this agreement shall not void the remaining provisions.
1.F.6. INDEMNITY - You agree to indemnify and hold the
Foundation, the trademark owner, any agent or employee of the
Foundation, anyone providing copies of Project Gutenberg™
electronic works in accordance with this agreement, and any
volunteers associated with the production, promotion and distribution
of Project Gutenberg™ electronic works, harmless from all liability,
costs and expenses, including legal fees, that arise directly or
indirectly from any of the following which you do or cause to occur:
(a) distribution of this or any Project Gutenberg™ work, (b)
alteration, modification, or additions or deletions to any Project
Gutenberg™ work, and (c) any Defect you cause.

Section 2. Information about the Mission of

Project Gutenberg™
Project Gutenberg™ is synonymous with the free distribution of
electronic works in formats readable by the widest variety of
computers including obsolete, old, middle-aged and new computers.
It exists because of the efforts of hundreds of volunteers and
donations from people in all walks of life.

Volunteers and financial support to provide volunteers with the

assistance they need are critical to reaching Project Gutenberg™’s
goals and ensuring that the Project Gutenberg™ collection will
remain freely available for generations to come. In 2001, the Project
Gutenberg Literary Archive Foundation was created to provide a
secure and permanent future for Project Gutenberg™ and future
generations. To learn more about the Project Gutenberg Literary
Archive Foundation and how your efforts and donations can help,
see Sections 3 and 4 and the Foundation information page at
www.gutenberg.org.

Section 3. Information about the Project

Gutenberg Literary Archive Foundation
The Project Gutenberg Literary Archive Foundation is a non-profit
501(c)(3) educational corporation organized under the laws of the
state of Mississippi and granted tax exempt status by the Internal
Revenue Service. The Foundation’s EIN or federal tax identification
number is 64-6221541. Contributions to the Project Gutenberg
Literary Archive Foundation are tax deductible to the full extent
permitted by U.S. federal laws and your state’s laws.

The Foundation’s business office is located at 809 North 1500 West,

Salt Lake City, UT 84116, (801) 596-1887. Email contact links and up
to date contact information can be found at the Foundation’s website
and official page at www.gutenberg.org/contact

Section 4. Information about Donations to

the Project Gutenberg Literary Archive
Foundation
Project Gutenberg™ depends upon and cannot survive without
widespread public support and donations to carry out its mission of
increasing the number of public domain and licensed works that can
be freely distributed in machine-readable form accessible by the
widest array of equipment including outdated equipment. Many small
donations ($1 to $5,000) are particularly important to maintaining tax
exempt status with the IRS.

The Foundation is committed to complying with the laws regulating

charities and charitable donations in all 50 states of the United
States. Compliance requirements are not uniform and it takes a
considerable effort, much paperwork and many fees to meet and
keep up with these requirements. We do not solicit donations in
locations where we have not received written confirmation of
compliance. To SEND DONATIONS or determine the status of
compliance for any particular state visit www.gutenberg.org/donate.

While we cannot and do not solicit contributions from states where

we have not met the solicitation requirements, we know of no
prohibition against accepting unsolicited donations from donors in
such states who approach us with offers to donate.

International donations are gratefully accepted, but we cannot make

any statements concerning tax treatment of donations received from
outside the United States. U.S. laws alone swamp our small staff.

Please check the Project Gutenberg web pages for current donation
methods and addresses. Donations are accepted in a number of
other ways including checks, online payments and credit card
donations. To donate, please visit: www.gutenberg.org/donate.

Section 5. General Information About Project

Gutenberg™ electronic works
Professor Michael S. Hart was the originator of the Project
Gutenberg™ concept of a library of electronic works that could be
freely shared with anyone. For forty years, he produced and
distributed Project Gutenberg™ eBooks with only a loose network of
volunteer support.

Project Gutenberg™ eBooks are often created from several printed

editions, all of which are confirmed as not protected by copyright in
the U.S. unless a copyright notice is included. Thus, we do not
necessarily keep eBooks in compliance with any particular paper
edition.

Most people start at our website which has the main PG search
facility: www.gutenberg.org.

This website includes information about Project Gutenberg™,

including how to make donations to the Project Gutenberg Literary
Archive Foundation, how to help produce our new eBooks, and how
to subscribe to our email newsletter to hear about new eBooks.