This book constitutes the thoroughly refereed post-conference proceedings of the 9th International Symposium on Foundations and Practice of Security, FPS 2016, held in Québec City, QC, Canada, in October 2016. The 18 revised regular papers presented together with 5 short papers and 3 invited talks were carefully reviewed and selected from 34 submissions. The accepted papers cover diverse research themes, ranging from classic topics, such as malware, anomaly detection, and privacy, to emerging issues, such as security and privacy in mobile computing and cloud.

This book constitutes the refereed proceedings of the 15th International Symposium on Foundations and Practice of Security, FPS 2022, held in Ottawa, ON, Canada, during December 12–14, 2022. The 26 regular and 3 short papers presented in this book were carefully reviewed and selected from 83 submissions. The papers have been organized in the following topical sections: Cryptography; Machine Learning; Cybercrime and Privacy; Physical-layer Security; Blockchain; IoT and Security Protocols; and Short Papers.

The world of IT is always evolving, but in every area there are stable, core concepts that anyone just setting out needed to know last year, needs to know this year, and will still need to know next year. The purpose of the Foundations series is to identify these concepts and present them in a way that gives you the strongest possible starting point, no matter what your endeavor. Network Security Foundations provides essential knowledge about the principles and techniques used to protect computers and networks from hackers, viruses, and other threats. What you learn here will benefit you in the short term, as you acquire and practice your skills, and in the long term, as you use them. Topics covered include: Why and how hackers do what they do How encryption and authentication work How firewalls work Understanding Virtual Private Networks (VPNs) Risks posed by remote access Setting up protection against viruses, worms, and spyware Securing Windows computers Securing UNIX and Linux computers Securing Web and email servers Detecting attempts by hackers

Hardware-intrinsic security is a young field dealing with secure secret key storage. By generating the secret keys from the intrinsic properties of the silicon, e.g., from intrinsic Physical Unclonable Functions (PUFs), no permanent secret key storage is required anymore, and the key is only present in the device for a minimal amount of time. The field is extending to hardware-based security primitives and protocols such as block ciphers and stream ciphers entangled with the hardware, thus improving IC security. While at the application level there is a growing interest in hardware security for RFID systems and the necessary accompanying system architectures. This book brings together contributions from researchers and practitioners in academia and industry, an interdisciplinary group with backgrounds in physics, mathematics, cryptography, coding theory and processor theory. It will serve as important background material for students and practitioners, and will stimulate much further research and development.

Software developers need to worry about security as never before. They need clear guidance on safe coding practices, and that’s exactly what this book delivers. The book does not delve deep into theory, or rant about the politics of security. Instead, it clearly and simply lays out the most common threats that programmers need to defend against. It then shows programmers how to make their defense. The book takes a broad focus, ranging over SQL injection, worms and buffer overflows, password security, and more. It sets programmers on the path towards successfully defending against the entire gamut of security threats that they might face.

High-level overview of the information security field. Covers key concepts like confidentiality, integrity, and availability, then dives into practical applications of these ideas in the areas of operational, physical, network, application, and operating system security. In this high-level survey of the information security field, best-selling author Jason Andress covers the basics of a wide variety of topics, from authentication and authorization to maintaining confidentiality and performing penetration testing. Using real-world security breaches as examples, Foundations of Information Security explores common applications of these concepts, such as operations security, network design, hardening and patching operating systems, securing mobile devices, as well as tools for assessing the security of hosts and applications. You'll also learn the basics of topics like: Multifactor authentication and how biometrics and hardware tokens can be used to harden the authentication process The principles behind modern cryptography, including symmetric and asymmetric algorithms, hashes, and certificates The laws and regulations that protect systems and data Anti-malware tools, firewalls, and intrusion detection systems Vulnerabilities such as buffer overflows and race conditions A valuable resource for beginning security professionals, network systems administrators, or anyone new to the field, Foundations of Information Security is a great place to start your journey into the dynamic and rewarding field of information security.

Security Science integrates the multi-disciplined practice areas of security into a single structured body of knowledge, where each chapter takes an evidence-based approach to one of the core knowledge categories. The authors give practitioners and students the underlying scientific perspective based on robust underlying theories, principles, models or frameworks. Demonstrating the relationships and underlying concepts, they present an approach to each core security function within the context of both organizational security and homeland security. The book is unique in its application of the scientific method to the increasingly challenging tasks of preventing crime and foiling terrorist attacks. Incorporating the latest security theories and principles, it considers security from both a national and corporate perspective, applied at a strategic and tactical level. It provides a rational basis for complex decisions and begins the process of defining the emerging discipline of security science. - A fresh and provocative approach to the key facets of security - Presentation of theories and models for a reasoned approach to decision making - Strategic and tactical support for corporate leaders handling security challenges - Methodologies for protecting national assets in government and private sectors - Exploration of security's emerging body of knowledge across domains

This new textbook outlines the main theories and concepts from a variety of disciplines that support homeland security operations, structures and strategies. Following the terrorist attacks of September 11th, "homeland security" (HLS) grew in importance within the U.S. government (and around the world) and matured from a concept discussed among a relatively small cadre of policymakers and strategic thinkers to a broadly discussed issue in Congress and society with a growing academic presence. Yet the ability to discern a theory of homeland security that would support overall security strategy has been more elusive to both scholars and policymakers. This textbook aims to elucidate a grand theory of homeland security by leveraging the theoretical underpinnings of the disciplines that comprise the strategies, operations and structures of the HLS enterprise. In this way, each chapter contributes to a grand theory of homeland security as it explores a different discipline that influences or supports a domain of the homeland security enterprise. These chapters cover intelligence systems, terrorism origins and ideologies, emergency management, environmental and human security, cybersecurity policy, crime and security, global governance, risk management, public health, law and policy, technology, interagency collaboration and the sociology of security. This book will be essential reading for students of Homeland Security and Emergency Response, and recommended reading for students of terrorism, intelligence, cybersecurity, risk management and national security.

The International Foundation for Protection Officers (IFPO) has for many years provided materials to support its certification programs. The current edition of this book is being used as the core text for the Security Supervision and Management Training/Certified in Security Supervision and Management (CSSM) Program at IFPO. The CSSM was designed in 1988 to meet the needs of the security supervisor or senior protection officer. The book has enjoyed tremendous acceptance and success in the past, and the changes in this third edition, vetted by IFPO, make it still more current and relevant. Updates include 14 new chapters, 3 completely revised chapters, "Student Performance Objectives" in each chapter, and added information on related resources (both print and online). - Completion of the Security Supervision and Management Program is the initial step toward the Certified in Security Supervision and Management (CSSM) designation - Over 40 experienced security professionals contribute chapters in their area of specialty - Revised throughout, and completely updated with 14 new chapters on topics such as Leadership, Homeland Security, Strategic Planning and Management, Budget Planning, Career Planning, and much more - Quizzes at the end of each chapter allow for self testing or enhanced classroom work

Developing secure software requires the integration of numerous methods and tools into the development process, and software design is based on shared expert knowledge, claims, and opinions. Empirical methods, including data analytics, allow extracting knowledge and insights from the data that organizations collect from their processes and tools, and from the opinions of the experts who practice these processes and methods. This book introduces the reader to the fundamentals of empirical research methods, and demonstrates how these methods can be used to hone a secure software development lifecycle based on empirical data and published best practices.