Errata to the First Printing (November 2018)

This is the errata for the first printing. I have added the name of the first person to report each problem.

Chapter 2, “Access Control Matrix”

Section 2.2.2, “Access Control by History”, p. 37 [author]

In the example, the variable file in the lines
    file = helper_proc()
    sys_delete_file(file)

should be tmp_file.

Section 2.3, “Protection State Transitions”, pp. 38–39 [author]

In the preconditions for item 1, create subject s, replace each a′ with A′.
In the preconditions for item 2, create object s, replace each a′ with A′.
In the primitive command for item 3, enter r into a[s,o], replace a[s,o] with A[s,o].
In the preconditions for item 3, replace each a with A and a′ with A′.
In the last paragraph of item 3, replace each a[s,o] with A[s,o].
In the primitive command for item 4, delete r from a[s,o], replace a[s,o] with A[s,o].
In the preconditions for item 4, replace each a with A and a′ with A′.
In the last paragraph of item 4, replace each a[s,o] with A[s,o].
In the preconditions for item 5, delete subject s, replace each a′ with A′.
In the preconditions for item 6, delete object s, replace each a′ with A′.

Chapter 3, “Foundational Results”

Section 3.4, “The Schematic Protection Model”, p. 79 [author]

In Definition 3–21, the last part of the definition of σ(X), the minus sign “−” should be a hyphen “-”.

Chapter 5, “Confidentiality Policies”

Section 5.2.2, “Example: Trusted Solaris”, p. 147 [author]

In the third bullet item of the first bulleted list, “write” should be “read” and in the last bullet item of that list, “read” should be “write”.

Chapter 6, “Integrity Policies”

Section 6.2.3, “Biba’s Model (Strict Integrity Policy)”, p. 178 [Habib M. Ammari]

In the example, the phrase “risk level that starts out set to the highest credibility level” should read “risk level that starts out set to the lowest credibility level”. The word “highest” in the phrase should be “lowest”.

Section 6.4.1, “The Model”, p. 185–186 [author]

Just after Enforcement rule 1, “(CR1)” should be “(ER1)”.
Just after Enforcement rule 2, “(CR2)” should be “(ER2)”.
Just after Enforcement rule 3, “(CR3)” should be “(ER3)”.
Just after Enforcement rule 4, “(CR4)” should be “(ER4)”.

Section 6.4.1, “The Model”, p. 186 [Habib M. Ammari]

The paragraph just after Enforcement rule 4, that begins “This rule requires”, should come after Certification rule 5.

Section 6.5.1, “Policy-Based Trust Management”, p. 193 [author]

In the credential assertion at the bottom of the page, “_MAX_TRUST” should be “Approve”.

Section 6.5.2, “Reputation-Based Trust Management”, p. 195 [author]

In the last line of the first paragraph of the example, change “Bob” to “Boris”.

Section 6.5.2, “Reputation-Based Trust Management”, p. 196 [author]

In the third line of the first paragraph of the example, change “p(v,t)” to “p(u,t)”.

In the last equation of the example, change “S(v,i)” to “S(v,t)”.

Chapter 7, “Availability Policies”

Section 7.3.1.1, “User Agreement”, p. 206 [author]

In line 10, replace “pi*(c)” with “oi*(c)”.

Section 7.3.1.3, “Service Specification”, p. 209 [author]

In lines 3 and 4 of the resource constraints in the example, both “acquire” and “release” should be italicized. In line 4, the part before the ⇒ should be “(∀ id) (own[id] = M)”

Section 7.3.2.1, “Model of a Resource Allocation System”, p. 211 [author]

In line 3, “QSp(p, r)” should be “QSp(r)”.

Section 7.3.2.2, “Denial of Service Protection Base”, p. 214 [author]

For clarity, in line 3, after “(∀i)” should be a “[” and before the “⇒” should be a “]”.

Section 7.4.1, “Analysis”, p. 216 [author]

In the second paragraph, the second sentence should read “The key observation is that the waiting time policy has a maximum wait time, which is the time that the receiving process at the destination will wait for an ACK message from the sending process at the source.”

Chapter 8, “Hybrid Policies”

Section 8.1.2, “Formal Model”, p. 232 [author]

Replace “sS” with “sS” and “oO” with “oO”.

Chapter 9, “Noninterference and Policy Composition”

Section 9.2, “Deterministic Noninterference”, p. 260 [author]

In the line just before the first equation on the page, “T* : C* × SS” should be “T* : C* × Σ → Σ”.

Section 9.2, “Deterministic Noninterference”, p. 260 [author]

In the second line below the first equation on the page, “P* : C* × SO” should be “P* : C* × Σ → O”.

Section 9.2, “Deterministic Noninterference”, p. 262 [author]

In the third line, “πHolly(cs)” should be “πHolly(cs)”.

Section 9.2.1, “Unwinding Theorem”, p. 265 [author]

In the first equation, “T(cn+1, T * (π′(cs), sb))” should be “T(cn+1, T*(π′(cs), σb))”.

Section 9.2.2, “Access Control Matrix Interpretation”, p. 267 [author]

In the second line of the second paragraph of the proof of Theorem 9.2, “(dom(c), d) ∈ r” should be “(dom(c), d) ∉ r”.

Section 9.2.3, “Security Policies That Change over Time”, p. 269 [author]

In the second line, “cs” should be “cs”.

Section 9.4.1, “Composition of Generalized Noninterference Systems”, p. 275 [author]

In Figure 9–5, the bottom arrow should be reversed and the “0 or 1” should be “stop_count”.

Chapter 10, “Basic Cryptography”

Section 10.3.1, “El Gamal”, p. 307 [author]

In the third line of the example at the bottom of the page, “public” should be “private”.

Section 10.3.3, “Elliptic Curve Ciphers”, p. 314 [author]

In the example, change the second sentence to “They use y2 = x3 + 4x + 14 mod 2503 and the point P = (1002, 493)”.

Section 10.5.2.2, “El Gamal Digital Signature”, p. 322 [author]

In the fourth line of the example, change the result of “p − 1” from “262643” to “262642”.

Chapter 11, “Key Management”

Section 11.2.1.3, “Bellare-Rogaway Protocol”, p. 336 [author]

In the third message of the exchange in this protocol, r1 should be r2. In the first line of the next paragraph, “When Bob receives the first message,” should be “When Bob receives the message from Cathy,”, and in the second line, r1 should be r2.

Section 11.4.3.1, “The Internet X.509 PKI”, p. 352 [author]

In line 6, change “key identifiers” to “key usage”.

Section 11.5.1.3, “The Yaksha Security System”, p. 357 [author]

In the third (last) equation, aAlice should be nAlice.

Chapter 12, “Cipher Techniques”

Section 12.2.1.1, “Synchronous Stream Ciphers”, p. 372 [author]

The fourth line of the example should be:
1001    1    f(1, 0, 0, 1) = (1 and 0) or 1 = 1    1100
and the next two registers should be 0110 and 0011.

Section 12.3.1, “Counter with CBC-MAC Mode”, p. 378 [author]

At the beginning of the description of Phase 2, in the middle of the page, change b0 to Ai.

Section 12.3.2, “Galois Counter Mode”, p. 380 [author]

In line 1 of the program in Figure 12–5, in the comment, “X and X” should be “X and Y”. In line 2 of the caption, “V127 is the leftmost bit” should be “V127 is the rightmost bit”.

Section 12.5.2.2, “Session Setup and Initial Message”, p. 391 [author]

In the first line of the last equation, the first encryption should be “ECDH(IKprivAlice, SPKpubBob)”. The text has a spurious parenthesis “)” after the IK.

Section 12.5.2.3, “Sending Messages”, p. 392 [author]

In the second line after the first equation, “AEC” should be “AES”.

Section 12.5.3.1, “Supporting Cryptographic Mechanisms”, p. 395 [author]

In the definitions of P_hash and PRF, replace x with secret.

Section 12.5.4.1, “IPsec Architecture”, p. 405 [author]

In the eighth line, change “and the packet such as remote IP addresses” to “and packet attributes such as remote IP addresses”.

Section 12.5.4.3, “Encapsulating Security Payload Protocol”, p. 409 [author]

In the first line of the seventh paragraph, “ICV” should be “IVC” and in the next-to-last and last lines, “classical” should be “symmetric”.

Chapter 17, “Information Flow”

Section 17.4.1, “Fenton’s Data Mark Machine”, p. 564 [author]

In the last two lines on the page, change “x” to “z”. Also, move “PCy” up one line.

Chapter 18, “Confinement Problem”

Section 18.3.1.4, “Covert Flow Trees”, p. 604 [author]

Delete the second line of the first comment, and the type &lqduo;boolean” from the declaration of the procedure “Lockfile”. Procedures do not return any values.

Section 18.3.1.4, “Covert Flow Trees”, p. 610 [author]

In the last 2 sentences of the example, change “(a 0 bit)” to “(a 1 bit)” and “(a 1 bit)” to “(a 0 bit)”.

Chapter 20, “Building Systems With Assurance”

Section 20.3.3.1, “Security Testing”, p. 690 [author]

In Figure 20–3, delete the lower “Build test suite” (the one outside the boxes near the bottom box).

Chapter 21, “Formal Methods”

Section 21.2, “Formal Specification”, p. 704 [author]

In the definition of “give-access” in the example, on the line with “VFUN access_matrix ()”, the “Accesses” should be “Access”.

Section 21.6, “Formally Verified Products”, pp. 722–723 [author]

In the example, “__soaap_var_read("decrypt")” should be “__soaap_var_read("decipher")” in both the program and the line underneath the program. In the second line under the program, “decrypt” should be “decipher”. Near the end of that paragraph (on p. 723), “__soaap_var_read("decrypt")” should be “__soaap_var_read("decipher")”.

Chapter 24, “Vulnerabilities Analysis”

Section 24.4.3.1, “The Flaw Classes”, p. 925 [author]

In Figure 24–8, the lower “Replicating” (on the path “Intentional>Nonmalicious>Covert channel>Replicating”) should be “Timing”.

Section 24.5.2, “Common Weaknesses and Exposures (CWE)”, p. 867 [author]

In the last line, “memory” should be ” Memory”.

Section 24.5.2, “Common Weaknesses and Exposures (CWE)”, p. 868 [author]

In the last paragraph of the example, “(CWE-275)” should be “(CWE-732)” and “(CWE-3856)” should be “(CWE-386)”.

Section 24.6.1, “The Flow-Based Model of Penetration Analysis”, p. 870 [author]

In Figure 24–11, in the lower rectangle, change “stcstr” to “srcstr”. In the oval at the bottom, change “srcdir” to “srcstr” and “destdir” to “deststr”.

Chapter 26, “Intrusion Detection”

Section 26.3.1.4, “Machine Learning”, p. 925 [author]

In the example, change every occurrence of “KDD-CUPS-99” to “KDD-CUP-99”.

Section 26.3.1.7, “Self-Organizing Maps”, p. 929 [author]

At the end of the second line from the bottom, “training set” to “input”.

Appendix E, “Symbolic Logic”

Section E.3.2, “Semantics of CTL”, p. 1187 [author]

In the third bullet item, the sentence that begins “This says that . . .” should begin on the next line.

Appendix F, “The Encryption Standards”

Section F.2.2.3, “MixColumns”, p. 1198 [author]

In the third equation from the bottom: “s2c” should be “s2,c”.

Section F.2.3, “Encryption”, p. 1199 [author]

This section should be Section F.2.2.5.

Section F.2.3, “Encryption”, p. 1199 [author]

In Figure F-10, the variable named “in” (on lines 1 and 5) should not be in bold (i.e., “in”), and the type “word” (in line 1) should be in bold (i.e., “word”).

Section F.2.3.1, “AES Decryption”, p. 1200 [author]

This section should be Section F.2.3.

Section F.2.3.2, “InvSubBytes”, p. 1200 [author]

This section should be Section F.2.3.1.

Section F.2.3.3, “InvShiftRows”, p. 1200 [author]

This section should be Section F.2.3.2.

Section F.2.3.4, “InvMixColumns”, p. 1201 [author]

This section should be Section F.2.3.3.

Section F.2.3.5, “Decryption”, p. 1201 [author]

This section should be Section F.2.3.4.

Section F.2.3.5, “Decryption”, p. 1202 [author]

In Figure F-13, the routine should be “decrypt” rather than “ encrypt” (line 1); the variable named “in” (on lines 1 and 5) should not be in bold (i.e., “in”), and the type “word” (in line 1) should be in bold (i.e., “word”). Also, the “SubBytes” and “ShiftRows” in lines 16 and 17 should be “InvSubBytes” and “InvShiftRows”, respectively.

Section F.2.4.4, “Round Key Schedule Generation”, p. 1203 [author]

In Figure F-15, the type “word” (in line 1) should be in bold (i.e., “word”); the operator “xor” (in lines 14 and 17) should be in bold (i.e., “xor”); and the operator “and” (in line 15) should be in bold (i.e., “and”).

Section F.2.5, “Equivalent Inverse Cipher Implementation”, p. 1204 [author]

In Figure F-17, the type “word” (in line 1) should be in bold (i.e., “word”).

References


“An expert is a man who has made all the mistakes which can be made in a very narrow field.”
            —Niels Bohr


Last updated on Tuesday, November 6, 2018 at 7:15:05 PM
Valid HTML 5 Valid CSS! Built with BBEdit Built on a Macintosh