[techbooks] REVIEW: "Computer Security", Dieter Gollmann
- BKCOMPSC.RVW 990430
"Computer Security", Dieter Gollmann, 1999, 0-471-97844-2
%A Dieter Gollmann
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%I John Wiley & Sons, Inc.
%O 416-236-4433 fax: 416-236-4448 rlangloi@...
%P 320 p.
%T "Computer Security"
Gollmann is fairly explicit in stating the intention and audience for
the book. It is to be a text for a course, rather than a handbook,
encyclopedia, or history. It is about computer security, rather than
information security in general, although there are sections on
computer network security and database security. The objective of the
course for which it was prepared is to give students a sufficient
background to evaluate security products, rather than to address
issues of policy or risk analysis. Thus the emphasis is on technical,
rather than managerial, aspects.
Part one lays the basic foundation for computer security. Chapter one
outlines the fundamental vocabulary and concepts. Authentication is
reviewed in chapter two. Examples from both UNIX and NT are used, in
chapter three, to explain access control. Chapter four's discussion
of security models requires a significant background in set theory,
but for a course this can be assumed as a prerequisite.
Considerations for hardware or operating system level security are
looked at in chapter five.
Part two examines security in the real world. Chapter six provides a
good review of the UNIX security functions. Security aspects of NT
are described in chapter seven, but the effective interaction of
rights and permissions is not clear (a failing shared by most NT
security texts). A variety of ways in which security has failed are
detailed in chapter eight. This concludes with a section on computer
viruses in quite different format and level of detail. The reason for
this is not made clear, but I am willing to grant that most security
texts do not treat the subject as well. Chapter nine talks about the
evaluation of security products, but concentrates on the formal
criteria laid down by governmental agencies.
Part three looks at distributed systems. Chapter ten reviews specific
systems, such as Kerberos and CORBA (Common Object Request Broker
Architecture) security. Specific known Web vulnerabilities are
effectively used to illustrate classes of threats in chapter eleven.
The explanation of cryptography in chapter twelve is nicely balanced
for mechanics; a full description without a morass of detail; but is
somewhat weaker on key management and cryptographic strength. Network
security, in chapter thirteen, deals with implementation level topics
such as the IPSec (Internet Prototcol Security) protocols and
Part four deals with other aspects of security theory, primarily
related to databases. Chapter fourteen and fifteen, respectively,
discuss basic and advanced database security concepts. Problems of
concurrent access, with applications in transaction processing, are
examined in chapter sixteen. Security concerns of the object-oriented
paradigm are raised in chapter seventeen.
In terms of readability, Gollmann's writing is not always fluid, but
it is always clear. While intended as a class text, the book is, in
most parts, accessible to any intelligent reader. The exercises
provided at the end of each chapter are not mere buzzword tests,
although most are more suitable for discussion starters than checks
The bibliography is not annotated, but the "Further Reading" section
at the end of each chapter helps make up for this shortcoming. Having
to flip between two sections to find the referenced work is a bit
awkward, but not unduly so.
This is a very welcome addition to the general computer security
copyright Robert M. Slade, 1999 BKCOMPSC.RVW 990430
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
Don't buy a computer - Jeff Richards' First Law of Data Security
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
eGroups.com home: http://www.egroups.com/group/techbooks
http://www.egroups.com - Simplifying group communications