Loading ...
Sorry, an error occurred while loading the content.

[techbooks] REVIEW: "Computer Security", Dieter Gollmann

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKCOMPSC.RVW 990430 Computer Security , Dieter Gollmann, 1999, 0-471-97844-2 %A Dieter Gollmann %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON
    Message 1 of 1 , Jun 21, 1999
    • 0 Attachment
      BKCOMPSC.RVW 990430

      "Computer Security", Dieter Gollmann, 1999, 0-471-97844-2
      %A Dieter Gollmann
      %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
      %D 1999
      %G 0-471-97844-2
      %I John Wiley & Sons, Inc.
      %O 416-236-4433 fax: 416-236-4448 rlangloi@...
      %P 320 p.
      %T "Computer Security"

      Gollmann is fairly explicit in stating the intention and audience for
      the book. It is to be a text for a course, rather than a handbook,
      encyclopedia, or history. It is about computer security, rather than
      information security in general, although there are sections on
      computer network security and database security. The objective of the
      course for which it was prepared is to give students a sufficient
      background to evaluate security products, rather than to address
      issues of policy or risk analysis. Thus the emphasis is on technical,
      rather than managerial, aspects.

      Part one lays the basic foundation for computer security. Chapter one
      outlines the fundamental vocabulary and concepts. Authentication is
      reviewed in chapter two. Examples from both UNIX and NT are used, in
      chapter three, to explain access control. Chapter four's discussion
      of security models requires a significant background in set theory,
      but for a course this can be assumed as a prerequisite.
      Considerations for hardware or operating system level security are
      looked at in chapter five.

      Part two examines security in the real world. Chapter six provides a
      good review of the UNIX security functions. Security aspects of NT
      are described in chapter seven, but the effective interaction of
      rights and permissions is not clear (a failing shared by most NT
      security texts). A variety of ways in which security has failed are
      detailed in chapter eight. This concludes with a section on computer
      viruses in quite different format and level of detail. The reason for
      this is not made clear, but I am willing to grant that most security
      texts do not treat the subject as well. Chapter nine talks about the
      evaluation of security products, but concentrates on the formal
      criteria laid down by governmental agencies.

      Part three looks at distributed systems. Chapter ten reviews specific
      systems, such as Kerberos and CORBA (Common Object Request Broker
      Architecture) security. Specific known Web vulnerabilities are
      effectively used to illustrate classes of threats in chapter eleven.
      The explanation of cryptography in chapter twelve is nicely balanced
      for mechanics; a full description without a morass of detail; but is
      somewhat weaker on key management and cryptographic strength. Network
      security, in chapter thirteen, deals with implementation level topics
      such as the IPSec (Internet Prototcol Security) protocols and
      firewalls.

      Part four deals with other aspects of security theory, primarily
      related to databases. Chapter fourteen and fifteen, respectively,
      discuss basic and advanced database security concepts. Problems of
      concurrent access, with applications in transaction processing, are
      examined in chapter sixteen. Security concerns of the object-oriented
      paradigm are raised in chapter seventeen.

      In terms of readability, Gollmann's writing is not always fluid, but
      it is always clear. While intended as a class text, the book is, in
      most parts, accessible to any intelligent reader. The exercises
      provided at the end of each chapter are not mere buzzword tests,
      although most are more suitable for discussion starters than checks
      for understanding.

      The bibliography is not annotated, but the "Further Reading" section
      at the end of each chapter helps make up for this shortcoming. Having
      to flip between two sections to find the referenced work is a bit
      awkward, but not unduly so.

      This is a very welcome addition to the general computer security
      bookshelf.

      copyright Robert M. Slade, 1999 BKCOMPSC.RVW 990430

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Don't buy a computer - Jeff Richards' First Law of Data Security
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade

      ------------------------------------------------------------------------

      eGroups.com home: http://www.egroups.com/group/techbooks
      http://www.egroups.com - Simplifying group communications
    Your message has been successfully submitted and would be delivered to recipients shortly.