Errata to the First Printing, Second Electronic Book (July 2019)

The publisher has revised the electronic copy of the book, and all the errata in the first printing have been fixed. But the printed version still has the errors, because it will not be updated until the second printing.

Here are the errata for the next revision. I have added the name of the first person to report each problem.

Chapter 1, “An Overview of Computer Security”

Section 1.3, “Policy and Mechanism”, p. 9 [Gedare Bloom]

In Definition 1–2, “a security policy” should be “part of a security policy”. This is more precise, and consistent with Definition 4–7.

Chapter 3, “Foundational Results”

Section 3.4.4, “Demand and Create Operations”, p. 74 [Hosseinb Homaei]

In Definition 3–14, condition 2, “a/r:ccrc(a, b)” should be “a/r:ccrp(a, b)” (note the subscript of cr should be p, not c).

Chapter 8, “Hybrid Policies”

Section 8.1.2, “Formal Model”, p. 232 [Gedare Bloom]

In item 2 of Axiom 8.6, “o′ ≠ O” should be “o′ ∈ O” and “l2(o′) = l2(v(o))” should be “l2(o′) ≠ l2(v(o))”

Section 8.4, “Role-Based Access Control”, p. 244 [Gedare Bloom]

Definition 8–11 should be “The active role of a subject s, written actr(s), is the set of roles that s is currently performing.” This makes clear that the active roles form a set.

Section 8.4, “Role-Based Access Control”, p. 247 [Gedare Bloom]

In the third line of Definition 8–16, “(∃r′′r)” should be “(∃r′′r)”. In the last line of that definition, “(r2, r1)” should be “(r1, r2)”.

Chapter 9, “Noninterference and Policy Composition”

Section 9.1.1, “Composition of Bell-LaPadula Models”, p. 258 [Dhruvatara Bhogishetty]

In the example, the transitive closure of the access set XY should include ( Lilith, Alice ).

Section 9.3, “Nondeducibility”, p. 273 [Gedare Bloom]

On the fourth line of the second full paragraph, change “01101” to “01100”.

Section 9.10, “Exercises”, p. 285 [Gedare Bloom]

Exercise 9.6 should begin with “Suppose in” rather than simply “In”.

Chapter 10, “Basic Cryptography”

Section 10.1, “Cryptography”, p. 290 [author]

In the second line in the second full paragraph on this page, “onfusion” should be “confusion”.

Section 10.3.2, “RSA”, p. 309 [Robert Fourney]

In the first line under the first example in this section, “e < n” should be “e < φ(n)”.

Chapter 11, “Key Management”

Section 11.2.3.1, “Diffie-Hellman”, p. 339 [Robert Fourney]

The first sentence of the last paragraph should have a footnote following it that says “The value of g should be chosen to be a primitive root modulo p”.

Chapter 12, “Cipher Techniques”

Section 12.2.1.1, “Synchronous Stream Ciphers”, p. 372 [author]

The seventh line of the example should end in 1001.

Section 12.5.1.4, “OpenOPGP and PEM”, p. 389 [Robert Fourney]

In the third line from the bottom of Table 12–1, “AES-123” should be “AES-128”.

Chapter 13, “Authentication”

Section 13.4.2, “On-Line Dictionary Attacks”, p. 431 [Gedare Bloom]

On lines 3 to 4 in the paragraph under the first example, the phrase “easy for humans to solve, but difficult for humans to solve” should be “easy for humans to solve, but difficult for computers to solve” (the second “human” should be “computers”).

Section 13.4.3, “Password Strength”, p. 434 [Gedare Bloom]

In the second line before the next section, 13.5, “iportant” should be “important”.

Chapter 17, “Information Flow”

Section 17.1.1, “Entropy-Based Analysis”, p. 541 [Gedare Bloom]

In the first line, change “tmp to x” to “tmp to y”.

Section 17.10, “Exercises”, p. 576 [Gedare Bloom]

In Exercise 1, change “H(ys || xt)” to “H(ys | xt)” (there should only be one “|” character).

Chapter 18, “Confinement Problem”

Section 18.3.1.1, “Noninterference”, p. 597 [Gedare Bloom]

In the second line above Specification 18.2, change “canrread” to “can_read”.

Section 18.3.1.1, “Noninterference”, p. 597 [Gedare Bloom]

In Specification 18.2, change both “∨” to “∧” and delete both “¬”s.

Section 18.3.1.4, “Covert Flow Trees”, p. 606 [Gedare Bloom]

In the next to the last line of text on the page, change “and” to “or”.

Section 18.3.1.4, “Covert Flow Trees”, p. 607 [Gedare Bloom]

In Figure 18–4, change “Indirect recognition” to “Inferred recognition”.

Section 18.3.1.4, “Covert Flow Trees”, p. 608 [Gedare Bloom]

In Figure 18–6, change “Indirect recognition” to “Inferred recognition”.

Section 18.3.1.4, “Covert Flow Trees”, p. 609 [Gedare Bloom]

In Figure 18–7, change both occurrences of “Indirect recognition” to “Inferred recognition”.

Chapter 23, “Malware”

Section 23.1, “Introduction”, p. 775 [Allen Pinto]

In the shell script, the line “chmod o+s,w+x /tmp/.xxsh” should be “chmod u+s,o+x /tmp/.xxsh”.

Chapter 24, “Vulnerabilities Analysis”

Section 24.6.1, “The Flow-Based Model of Penetration Analysis”, p. 870 [author]

In Figure 24–11, in the oval at the bottom, change “deststr” to “dststr”.

Appendix B, “The Extended Eudlidean Algorithm”

Section B.1, “The Euclidean Algorithm”, p. 1158 [Bradley Bowen]

The algorithm in pseudocode fails when a is a multiple of b; it returns 1 rather than b. The following is the correct algorithm.

	function gcd(a : integer, b : integer) : integer;
	var q, r : integer;
	begin
		while b <> 0 do begin
			q := a div b;
			r := a mod b;
			write 'a = ', a, 'b = ', b, 'q = ', q, 'r = ', r, endline;
			a := b;
			b := r;
		end;
		gcd := a;
		write 'the gcd is ', gcd, endline;
	end.
	

“An expert is a man who has made all the mistakes which can be made in a very narrow field.”
            —Niels Bohr


Last updated on Friday, March 19, 2021 at 11:57:07 AM
Valid HTML 5 Valid CSS! Built with BBEdit Built on a Macintosh