Professional Documents
Culture Documents
(Download PDF) Essential Cybersecurity Science Build Test and Evaluate Secure Systems 1St Edition Josiah Dykstra Online Ebook All Chapter PDF
(Download PDF) Essential Cybersecurity Science Build Test and Evaluate Secure Systems 1St Edition Josiah Dykstra Online Ebook All Chapter PDF
https://textbookfull.com/product/privacy-regulations-and-
cybersecurity-the-essential-business-guide-chris-moschovitis/
https://textbookfull.com/product/making-passwords-secure-fixing-
the-weakest-link-in-cybersecurity-first-edition-dovell-bonnett/
https://textbookfull.com/product/engineering-secure-software-and-
systems-mathias-payer/
https://textbookfull.com/product/the-alternative-augustan-
age-1st-edition-josiah-osgood/
Cybersecurity Program Development for Business: The
Essential Planning Guide 1st Edition Chris Moschovitis
https://textbookfull.com/product/cybersecurity-program-
development-for-business-the-essential-planning-guide-1st-
edition-chris-moschovitis/
https://textbookfull.com/product/rails-5-test-prescriptions-
build-a-healthy-codebase-1st-edition-noel-rappin/
https://textbookfull.com/product/secure-and-trustworthy-
transportation-cyber-physical-systems-1st-edition-yunchuan-sun/
https://textbookfull.com/product/rails-5-test-prescriptions-
build-a-healthy-codebase-rappin/
https://textbookfull.com/product/the-cybersecurity-playbook-
practical-steps-for-every-leader-and-employee-to-make-your-
organization-more-secure-first-edition-young/
Essential Cybersecurity
Science
Build, Test, and Evaluate Secure Systems
Josiah Dykstra
Essential Cybersecurity Science
by Josiah Dykstra
Copyright © 2016 Josiah Dykstra. All rights reserved.
Printed in the United States of America.
Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North,
Sebastopol, CA 95472.
O’Reilly books may be purchased for educational, business, or sales
promotional use. Online editions are also available for most titles
(http://safaribooksonline.com). For more information, contact our
corporate/institutional sales department: 800-998-9938 or
corporate@oreilly.com.
Editors: Rachel Roumeliotis and Heather Scherer
Production Editor: Melanie Yarbrough
Copyeditor: Gillian McGarvey
Proofreader: Susan Moritz
Indexer: Lucie Haskins
Interior Designer: David Futato
Cover Designer: Ellie Volkhausen
Illustrator: Rebecca Demarest
December 2015: First Edition
Revision History for the First Edition
2015-12-01: First Release
See http://oreilly.com/catalog/errata.csp?isbn=0636920037231 for
release details.
The O’Reilly logo is a registered trademark of O’Reilly Media, Inc.
Essential Cybersecurity Science, the cover image, and related trade
dress are trademarks of O’Reilly Media, Inc.
While the publisher and the author have used good faith efforts to
ensure that the information and instructions contained in this work
are accurate, the publisher and the author disclaim all responsibility
for errors or omissions, including without limitation responsibility for
damages resulting from the use of or reliance on this work. Use of
the information and instructions contained in this work is at your
own risk. If any code samples or other technology this work contains
or describes is subject to open source licenses or the intellectual
property rights of others, it is your responsibility to ensure that your
use thereof complies with such licenses and/or rights. This book is
not intended as legal advice. Please consult a qualified professional if
you require legal advice.
978-1-491-92094-7
[LSI]
Preface
Who This Book Is For
Science applies to many areas of cybersecurity, and the target
audience for this book is broad and varied. This book is particularly
for developers, engineers, and entrepreneurs who are building and
evaluating cybersecurity hardware and software solutions. Among
that group, it is for infosec practitioners such as forensic
investigators, malware analysts, and other cybersecurity specialists
who use, build, and test new tools for their daily work. Some will
have programming experience, others a working knowledge of
various security tools (EnCase for forensics, Wireshark for network
analysis, IDA Pro for reverse engineering, and so on). The scientific
method can be applied to all of these disciplines. Cybersecurity
science can be applied to everyday problems, including:
Testing for bugs in your new smartphone game
Defending corporate security choices given a limited budget
Convincing people that your new security product is better than
the competition’s
Balancing intrusion detection accuracy and performance
The core audience is information security professionals who have
worked in the field for 5−10 years, who are becoming experts in
their craft and field, who are not formally trained in or exposed to
scientific investigation in their daily lives, and who desire to learn a
new approach that supplements and improves their work. I want you
to walk away from this book knowing how to conduct scientific
experiments on your everyday tools and procedures, and knowing
that after conducting such experiments, you have done your job
more securely, more accurately, and more effectively.
This book is not intended to turn you into a scientist, but it will
introduce you to the discipline of scientific thinking. For those new to
the field, including students of cybersecurity, this book will help you
learn about the scientific method as it applies to cybersecurity and
how you can conduct scientific experiments in your new profession.
For nondevelopers involved in cybersecurity, such as IT security
administrators who use, evaluate, buy, and recommend security
solutions for the enterprise, this book will help you conduct hands-on
experiments and interpret the scientific claims of others.
What This Book Contains
The first three chapters contain general information about the
scientific method as it applies across many domains of cybersecurity.
They cover the basic tenets of science, the need for science in
cybersecurity, and the methodology for scientific investigation.
Chapter 1 covers the scientific method and the importance of
science to cybersecurity. Chapter 2 discusses the prerequisites
needed to conduct cybersecurity experiments, from asking good
questions to putting the results to work. It also includes a checklist
to help you construct your own experiments. Chapter 3 includes
practical details about experimentation including test environments
and open datasets.
The remaining chapters are organized into standalone, domain-
specific topics. You can read them individually, although new
scientific topics and techniques in these chapters are applicable to
other domains. These chapters explore how the scientific method
can be applied to the specific topics and challenges of each domain.
Each topic chapter contains an overview of the scientific pursuits in
that domain, one instructive example of a scientific experiment in
that field, introduction of an analysis method (which can be applied
to other domains), and a practical example of a simple, introductory
experiment in that field that walks through the application of the
scientific method.
Chapter 4 is about cybersecurity science for software assurance,
including fuzzing and adversarial models.
Chapter 5 covers intrusion detection and incident response, and
introduces error rates (false positives and false negatives) and
performance/scalability/stress testing.
Chapter 6 focuses on the application of science to cyber
situational awareness, especially using machine learning and big
data.
Chapter 7 covers cryptography and the benefits and limitations of
provably secure cybersecurity.
Chapter 8 is about digital forensics including scientific
reproducibility and repeatability.
Chapter 9, on malware analysis, introduces game theory and
malware clustering.
Chapter 10 discusses building and evaluating dependable systems
with security engineering.
Chapter 11 covers empirical experimentation for human-computer
interaction and security usability.
Chapter 12 includes techniques for the experimental evaluation of
security visualization.
Appendix A provides some additional information about evaluating
scientific claims, especially from vendors, and how people can be
misled, manipulated, or deceived by real or bogus science. There is
also a list of clarifying questions that you can use with salespeople,
researchers, and product developers to probe the methodology they
used.
Constant width
Used for program listings, as well as within paragraphs to refer to
program elements such as variable or function names, databases,
data types, environment variables, statements, and keywords.
TIP
This element signifies a tip or suggestion.
NOTE
This element signifies a general note.
CAUTION
This element indicates a warning or caution.
How to Contact Us
Please address comments and questions concerning this book to the
publisher:
O’Reilly Media, Inc.
1005 Gravenstein Highway North
Sebastopol, CA 95472
800-998-9938 (in the United States or Canada)
707-829-0515 (international or local)
707-829-0104 (fax)
We have a web page for this book, where we list errata, examples,
and any additional information. You can access this page at
http://bit.ly/essential-cybersecurity-science.
To comment or ask technical questions about this book, send email
to bookquestions@oreilly.com.
For more information about our books, courses, conferences, and
news, see our website at http://www.oreilly.com.
Find us on Facebook: http://facebook.com/oreilly
Follow us on Twitter: http://twitter.com/oreillymedia
Watch us on YouTube: http://www.youtube.com/oreillymedia
Disclaimer
The views expressed in this book are those of the author alone.
Reference to any specific commercial products, process, or service
by trade name, trademark, manufacturer, or otherwise, do not
necessarily constitute or imply endorsement, recommendation, or
favoring by the United States Government or the Department of
Defense.
Acknowledgments
My sincere thanks go to Rachel Roumeliotis, Heather Scherer, Nan
Barber, and the entire team at O’Reilly for helping me through the
editing and publication process. I am grateful to the brilliant and
honest technical reviewers, Michael Collins and Matt Georgy, who
improved many facets of the book. Thank you to my friends and
colleagues who provided feedback and support on this project:
Janelle Weidner Romano, Tim Leschke, Celeste Lyn Paul, Greg
Shannon, Brian Sherlock, Chris Toombs, Tom Walcott, and Cathy Wu.
I also wish to thank the community of friends, colleagues, and
strangers that I interacted with at conferences, meetings, and
workshops on cybersecurity science over the past few years,
especially LASER, CSET, and HoTSoS. These conversations helped
influence and contribute to many of the ideas in this book. Most
importantly, thank you to my wife Alicia for her love and
encouragement in this project and in all things.
Chapter 1. Introduction to
Cybersecurity Science
Conclusion
The key concepts and takeaways about the scientific method
presented in this chapter and used throughout the book are:
Cybersecurity science is an important aspect of the
understanding, development, and practice of cybersecurity.
Another random document with
no related content on Scribd:
It was no use to run, but they ran anyway. This was what Sam meant
when he said he knew what Jim was going to do. Jim Cochran was
completely blackballed in his own profession. As he said, he couldn't
have gotten a job stirring with a wooden paddle in a soap factory.
Tom Banning and his family went with them. They went as far north
as they could and finally stopped running on the edge of the
Canadian wilderness. They pooled their funds and bought some
wheat land and some cattle stock and tried to stop thinking beyond
the end of each day.
They were grateful for the absence of television, but they kept a
radio. Through it, they learned when the Apollo finally took off with its
three-man crew. They followed its two and a half day journey through
space and heard the voice of Captain Allan Wright announce they
were in lunar orbit.
A few hours later the landing capsule was disengaged from the
spaceship and Captain Wright and William Chambers rode it down.
Their voices were heard in exultation as they announced their first
steps on the surface of the moon.
It was night in northern Canada when the landing was made. Jim and
Sam and Tom and their families were outside watching the full moon,
trying to imagine how it was up there. From the house they heard the
radio relaying the voices of the astronauts. The voices were relayed
to earth through the more powerful transmitter of the orbiting Apollo,
but as the spaceship circled the moon the voices of the men on the
surface were lost. Then they returned once more as the ship came
over their horizon.
For five orbits their voices came and went as they described their
sensations and exulted in the first minutes of their achievement.
Then, on the sixth orbit, there were no voices. There was only the
sudden, shrill cry of the third crewman, Don Anderson, who manned
the orbiting ship.
"Allan! Bill! Apollo to capsule: Come in, please. Bill—where are you—
I can't even see your capsule. I'm passing right over the spot. Apollo
to Base: I can't locate the capsule through the telescope. It looks like
a big crevasse right where the capsule was, but it wasn't there before.
Allan—Bill—Come in! Come in!"
Jim heard the sudden sob that shook Mary. He put his arm about her
shoulders and led her into the house.
Don Anderson remained in lunar orbit for two more days. Then he
was ordered home. He landed safely.
There were expressions of national sorrow over the unexplained loss
of the two astronauts, but plans were renewed for the next voyage.
The President said that sacrifices must be expected if this great goal
were to be achieved, and that it would be a betrayal of those who had
already given their lives if the work were to stop now.
In Canada that winter, Jim was sure the wolves howled on cold,
moonlit nights more than ever before. And something new was
happening to the moon. The silver light was taking on a faint tint of
orange. The radio told of a very learned report by some astronomer
who spoke obscurely of changes in albedo and percentages of
atmospheric dust and angstroms of sunlight. Any fool could see the
moon was changing color.
Jim listened to the wolves howling in the forest, and he thought of
Cramer's Pond when he was a boy, and of a machine tumbling into a
crevasse where a terrible darkness lay, and he wondered how long it
would be.
THE END
*** END OF THE PROJECT GUTENBERG EBOOK STAY OFF THE
MOON! ***
Updated editions will replace the previous one—the old editions will
be renamed.
1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside the
United States, check the laws of your country in addition to the terms
of this agreement before downloading, copying, displaying,
performing, distributing or creating derivative works based on this
work or any other Project Gutenberg™ work. The Foundation makes
no representations concerning the copyright status of any work in
any country other than the United States.
• You pay a royalty fee of 20% of the gross profits you derive from
the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty
payments must be paid within 60 days following each date on
which you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly marked
as such and sent to the Project Gutenberg Literary Archive
Foundation at the address specified in Section 4, “Information
about donations to the Project Gutenberg Literary Archive
Foundation.”
• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.
1.F.
1.F.4. Except for the limited right of replacement or refund set forth in
paragraph 1.F.3, this work is provided to you ‘AS-IS’, WITH NO
OTHER WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR ANY PURPOSE.
Please check the Project Gutenberg web pages for current donation
methods and addresses. Donations are accepted in a number of
other ways including checks, online payments and credit card
donations. To donate, please visit: www.gutenberg.org/donate.
Most people start at our website which has the main PG search
facility: www.gutenberg.org.