Book review: Introduction to Computer Security [LWN.net]

One of the biggest fringe benefits of writing book reviews is that publishers are happy to send you samples of their wares. Sometimes they

are a little too enthusiastic; your editor has been buried under books on .NET programming, XML for legacy business applications, DBA certification, and more. The pile of such books threatens to fall over and make a big mess in the otherwise immaculate LWN.net data center. When an envelope showed up with a book called Introduction to Computer Security (by Matt Bishop), it almost joined that pile. Your editor hardly needs another book on password policies, anti-virus software, and attachment filtering.

Consigning this book to that pile would have been a mistake, however. "Introduction" might be an accurate description of this book, but only with a suitable understanding of the target audience: this book could serve for an introductory, graduate-level course for security researchers. People looking for ways to lock down their Windows boxes will not find it here; if, instead, you want to argue about the theoretical limitations of the type enforcement model with the SELinux folks, you're in the right place.

Chapter 1 (available online (PDF)) starts with the real introduction, where a number of important terms are defined: integrity, confidentiality, availability, assurance, etc. Chapter 2 gets into protection models, access matrices, and state transitions. Chapter 3 turns up the rigor by proving some theorems on whether a given system can be proven to be safe or not.

The fourth chapter gets into security policies, and makes some interesting distinctions: a "military" policy is one oriented primarily around confidentiality, while a "commercial" policy is aimed at integrity. Chapter 5 goes military with a more detailed look at confidentiality policies, with more theorems and a look at mandatory access control. Integrity policies are covered in the following chapter; a few integrity models are introduced. Chapter 7 addresses the fact that most organizations want both integrity and confidentiality by looking at hybrid models: chinese walls, etc.

Then the focus shifts to cryptography. Chapter 8 is a whirlwind introduction, starting with basic ciphers and progressing through DES, public key encryption, and more. The crucial problem of key management is chapter 9's topic; chapter 10 looks at ciphers in more detail. There is some discussion there about how ciphers and network stacks can be brought together, ending with an overview of IPSec. Chapter 11 is about authentication; here your editor got his discussion of password policies after all, though in a bit more depth than usual.

Chapter 12 gets into design principles for secure systems: least privilege, fail-safe defaults, complete mediation, open design (with a discussion of DeCSS), etc. Chapter 13 looks at identity representations, certificates, and anonymity, and chapter 14 returns to access control mechanisms in more detail.

The book then gets into a more serious look at information flow and how it might be controlled in a secure system. Chapter 16 moves on to confinement - keeping processes within their defined boundaries; it looks at virtual machines, sandboxes, and the covert channel problem. Chapter 17 is an introduction to assurance - how one can be reasonably sure that a given system meets its security criteria. Then an introduction to evaluation techniques is given: TCSEC, FIPS, Common Criteria, etc.

After those dry chapters, chapter 19 ("malicious logic") is a relatively fun look at malware: trojan horses, viruses, worms, and how to defend against them. Chapter 20 is on vulnerability analysis, penetration testing, flaw models, etc. with a number of real-world examples. The next two chapters look at auditing and intrusion detection. Then follows a series of relatively high-level chapters on network, system, user, and program security techniques - firewalls, user policies, programming techniques, and more. The book finishes up with some background material (lattices, virtual machines) and a 63-page, 968-entry bibliography.

Introduction to Computer Security is an intense reading experience. Interestingly, this book can be seen as a watered-down version of another book by the same author: Computer Security: Art and Science. According to the introduction, Introduction to Computer Security is a shorter book (a mere 750 pages) with much of the mathematical formalism left out. For most readers, however, the shortened version is likely to be enough - and to be an important resource for anybody who wishes to truly understand what secure computing means.

(Log in to post comments)