Computer Security

My university has an undergraduate CS major in Computer Security and this is the book we use for our introductory subject. Some reviews here have stated that this book does not deal much about the practical aspects of computer security...true, it doesn't, but I don't think it was supposed to anyway. Our major branches out to more practical areas after this subject including applied cryptography and network security. I haven't finished doing this subject as of this writing but I can see how this book will help anyone who intend on doing serious computer security studies in the future. This isn't a "build a firewall in 24 hours" type of book. It's an academic book for those who want an introductory theoretical approach to computer security. If you cannot appreciate the abstract side of computer science then you're probably in the wrong field, buddy.This book is for people who want to get a good foundation on security before getting their hands dirty. If you're a university student/graduate and serious about further studies in computer security then this book is a must buy.This book is not for people who need a step-by-step tutorial to build a firewall (as I have mentioned). If you're more concerned about which set of applications to use in a particular operating system then look elsewhere.

The reason why I like this book is that its first chapter is *not* on cryptography and *not* on network security. Most other books focus on those issues (or on viruses) and do not deal with various security models in detail. Obviously, this is a theory biased textbook and not a book on 'how to make surfing with browser x version y.z more secure'. :-)

Dieter Gollmann's "Computer Security" provides an excellent survey of the fundamental science relating to the book's title. As stated in the Editorial Review, it is intended as a graduate Computer Science textbook. While this may be true, it is also valuable for anyone tasked with designing security into an application or distributed system.The book provides a macro-level introduction to the primary subject areas involved in securing operating, network, and database systems, with varying levels of exposure to theoretical foundations, architectural tradeoffs, and practical implementations. These "varying levels" are perhaps the one difficulty I have with the book, because the treatment of some topic left me with an uneven understanding with respect to other important topics. For example:In PART 1 FUNDAMENTALS, Chapter 3 (Access Control) lays thorough conceptual groundwork for understanding Chapter 4 (Security Models) which covers the theoretical development (Set Theory and Partial Order Relations) of formal Access Control Models. These subjects are "bread and butter" to operating/database system security designers and receive very robust treatment given the overall dimensions of the book. However, other primary security topics (e.g. Cryptography) do not get enough fundamental explanation to leave an uninitiated reader with a sense of understanding. Perhaps, this dilemma is endemic to computer security itself - a paradigm that requires deep multi-disciplinary subject understanding to master. However, "Computer Security" does mitigate this apparent deficiency by providing a comprehensive Bibliography complete with 163 separate entries.

Dieter Gollmann's "Computer Security" provides an excellent survey of the fundamental science relating to the book's title. As stated in the Editorial Review, it is intended as a graduate Computer Science textbook. While this may be true, it is also valuable for anyone tasked with designing security into an application or distributed system.The book provides a macro-level introduction to the primary subject areas involved in securing operating, network, and database systems, with varying levels of exposure to theoretical foundations, architectural tradeoffs, and practical implementations. These "varying levels" are perhaps the one difficulty I have with the book, because the treatment of some topic left me with an uneven understanding with respect to other important topics. For example:In PART 1 FUNDAMENTALS, Chapter 3 (Access Control) lays thorough conceptual groundwork for understanding Chapter 4 (Security Models) which covers the theoretical development (Set Theory and Partial Order Relations) of formal Access Control Models. These subjects are "bread and butter" to operating/database system securdesigners and receive very robust treatment given the overall dimensions of the book. However, other primary security topics (e.g. Cryptography) do not get enough fundamental explanation to leave an uninitiated reader with a sense of understanding. Perhaps, this dilemma is endemic to computer security itself - a paradigm that requires deep multi-disciplinary subject understanding to master. However, "Computer Security" does mitigate this apparent deficiency by providing a comprehensive Bibliography complete with 163 separate entries.

This is a great work for experienced systems and network engineers to study the subject of computer security.The author covers a range of topics in the computer security field. This includes history, standard security models, evaluations (including a discussion of the NSA rainbow series), explanations of famous exploits, and specifics regarding well known operating systems.I highly recommend this to anyone experienced in information technology who wishes to learn about the subject of computer security. Note that the book is presented as a textbook, and is not a step-by-step how-to. It is for this reason that the book is best read by individuals already experienced in the technology field.