One of the biggest fringe benefits of writing book reviews is that
publishers are happy to send you samples of their wares. Sometimes they
are a little too enthusiastic; your editor has been buried under books on
.NET programming, XML for legacy business applications, DBA certification,
and more. The pile of such books threatens to fall over and make a big
mess in the otherwise immaculate LWN.net data center. When an envelope
showed up with a book called Introduction to Computer Security
Matt Bishop), it almost joined that pile. Your editor hardly needs another
book on password policies, anti-virus software, and attachment filtering.
Consigning this book to that pile would have been a mistake, however.
"Introduction" might be an accurate description of this book, but only with
a suitable understanding of the target audience: this book could serve for
an introductory, graduate-level course for security researchers. People
looking for ways to lock down their Windows boxes will not find it here;
if, instead, you want to argue about the theoretical limitations of the
type enforcement model with the SELinux folks, you're in the right place.
Chapter 1 (available online
(PDF)) starts with the real introduction, where a number of important
terms are defined: integrity, confidentiality, availability, assurance,
etc. Chapter 2 gets into protection models, access matrices, and
state transitions. Chapter 3 turns up the rigor by proving some
theorems on whether a given system can be proven to be safe or not.
The fourth chapter gets into security policies, and makes some interesting
distinctions: a "military" policy is one oriented primarily around
confidentiality, while a "commercial" policy is aimed at integrity.
Chapter 5 goes military with a more detailed look at confidentiality
policies, with more theorems and a look at mandatory access control.
Integrity policies are covered in the following chapter; a few integrity
models are introduced. Chapter 7 addresses the fact that most
organizations want both integrity and confidentiality by looking at
hybrid models: chinese walls, etc.
Then the focus shifts to cryptography. Chapter 8 is a whirlwind
introduction, starting with basic ciphers and progressing through DES,
public key encryption, and more. The crucial problem of key management is
chapter 9's topic; chapter 10 looks at ciphers in more detail.
There is some discussion there about how ciphers and network stacks can be
brought together, ending with an overview of IPSec. Chapter 11 is
about authentication; here your editor got his discussion of password
policies after all, though in a bit more depth than usual.
Chapter 12 gets into design principles for secure systems: least privilege,
fail-safe defaults, complete mediation, open design (with a discussion of
DeCSS), etc. Chapter 13 looks at identity representations,
certificates, and anonymity, and chapter 14 returns to access control
mechanisms in more detail.
The book then gets into a more serious look at information flow and how it
might be controlled in a secure system. Chapter 16 moves on to
confinement - keeping processes within their defined boundaries; it looks
at virtual machines, sandboxes, and the covert channel problem.
Chapter 17 is an introduction to assurance - how one can be reasonably
sure that a given system meets its security criteria. Then an introduction
to evaluation techniques is given: TCSEC, FIPS, Common Criteria, etc.
After those dry chapters, chapter 19 ("malicious logic") is a relatively
fun look at malware: trojan horses, viruses, worms, and how to defend
against them. Chapter 20 is on vulnerability analysis, penetration
testing, flaw models, etc. with a number of real-world examples. The next
two chapters look at auditing and intrusion detection. Then follows a
series of relatively high-level chapters on network, system, user, and
program security techniques - firewalls, user policies, programming
techniques, and more. The book finishes up with some background material
(lattices, virtual machines) and a 63-page, 968-entry bibliography.
Introduction to Computer Security is an intense reading experience.
Interestingly, this book can be seen as a watered-down version of another
book by the same author: Computer
Security: Art and Science. According to the introduction,
Introduction to Computer Security is a shorter book (a mere 750
pages) with much of the mathematical formalism left out. For most readers,
however, the shortened version is likely to be enough - and to be an
important resource for anybody who wishes to truly understand what secure
to post comments)