Computer Security: Art and Science [Hardcover]

Matt Bishop (Author)

Book Description

ISBN-10: 0201440997 | ISBN-13: 978-0201440997 | Publication Date: December 12, 2002 | Edition: 1

The importance of computer security has increased dramatically during the past few years. Bishop provides a monumental reference for the theory and practice of computer security. This is a textbook intended for use at the advanced undergraduate and introductory graduate levels, non-University training courses, as well as reference and self-study for security professionals. Comprehensive in scope, this covers applied and practical elements, theory, and the reasons for the design of applications and security techniques. Bishop treats the management and engineering issues of computer. Excellent examples of ideas and mechanisms show how disparate techniques and principles are combined (or not) in widely-used systems. Features a distillation of a vast number of conference papers, dissertations and books that have appeared over the years, providing a valuable synthesis. This book is acclaimed for its scope, clear and lucid writing, and its combination of formal and theoretical aspects with real systems, technologies, techniques, and policies.

Editorial Reviews

From the Back Cover

"This is an excellent text that should be read by every computer security professional and student."

—Dick Kemmerer, University of California, Santa Barbara.

"This is the most complete book on information security theory, technology, and practice that I have encountered anywhere!"

—Marvin Schaefer, Former Chief Scientist, National Computer Security Center, NSA

This highly anticipated book fully introduces the theory and practice of computer security. It is both a comprehensive text, explaining the most fundamental and pervasive aspects of the field, and a detailed reference filled with valuable information for even the most seasoned practitioner. In this one extraordinary volume the author incorporates concepts from computer systems, networks, human factors, and cryptography. In doing so, he effectively demonstrates that computer security is an art as well as a science.

Computer Security: Art and Science includes detailed discussions on:

The nature and challenges of computer security

The relationship between policy and security

The role and application of cryptography

The mechanisms used to implement policies

Methodologies and technologies for assurance

Vulnerability analysis and intrusion detection

Computer Security discusses different policy models, and presents mechanisms that can be used to enforce these policies. It concludes with examples that show how to apply the principles discussed in earlier sections, beginning with networks and moving on to systems, users, and programs.

This important work is essential for anyone who needs to understand, implement, or maintain a secure network or computer system.

0201440997B10252002

About the Author

Matt Bishop is a professor in the Department of Computer Science at the University of California at Davis. A recognized expert in vulnerability analysis, secure systems/software design, network security, access control, authentication, and UNIX security, Bishop also works to improve computer security instruction.

See all Editorial Reviews

Product Details

• Hardcover: 1136 pages
• Publisher: Addison-Wesley Professional; 1 edition (December 12, 2002)
• Language: English
• ISBN-10: 0201440997
• ISBN-13: 978-0201440997
• Product Dimensions: 9.4 x 7.7 x 1.8 inches
• Shipping Weight: 4.1 pounds (View shipping rates and policies)
• Average Customer Review: 4.0 out of 5 stars  See all reviews (17 customer reviews)
• Amazon Best Sellers Rank: #20,228 in Books (See Top 100 in Books)
  • #17 in Books > Computers & Technology > Business & Culture > Privacy
  • #20 in Books > Computers & Technology > Certification > CompTIA
  • #32 in Books > Computers & Technology > Networking > Network Security

More About the Author

Matt Bishop received his Ph.D. in computer science from Purdue University, where he specialized in computer security, in 1984. He was a research scientist at the Research Institute of Advanced Computer Science and was on the faculty at Dartmouth College before joining the Department of Computer Science at the University of California at Davis.

His main research area is the analysis of vulnerabilities in computer systems, including modeling them, building tools to detect vulnerabilities, and ameliorating or eliminating them. This includes detecting and handling all types of malicious logic. He is active in the areas of network security, the study of denial of service attacks and defenses, policy modeling, software assurance testing, and formal modeling of access control. He also studies the issue of trust as an underpinning for security policies, procedures, and mechanisms.

He has examined electronic voting systems and they way in which they are used. He was a co-Principal Investigator for the California Top-to-Bottom Review of certified systems used in California, and also participated in several other reviews of e-voting systems.

He is active in information assurance education, is a charter member of the Colloquium on Information Systems Security Education, and led a project to gather and make available many unpublished seminal works in computer security. His textbook, Computer Security: Art and Science, was published in December 2002 by Addison-Wesley Professional, and another one, Introduction to Computer Security, in 2005.

He also teaches software engineering, machine architecture, operating systems, programming, and (of course) computer security.

Customer Reviews

Most Helpful Customer Reviews

40 of 41 people found the following review helpful:

4.0 out of 5 stars One of few books that can qualify as a textbook in infosec, April 2, 2003

By 

Stephen Northcutt (Kauai, HI USA) - See all my reviews
(REAL NAME)   

This review is from: Computer Security: Art and Science (Hardcover)

Please understand that the Amazon star system, while very powerful has limits, I feel this book is 5 stars as a textbook for an undergrad computer security course, 4 stars for a graduate student and 3 stars for a book on the average information security worker's shelf.

Computer Security Art and Science has been years in the making and for good reason; it is over a thousand pages. The book seems best suited for four groups of readers. The first group is college students; this will probably be a popular choice as a textbook for undergraduate level students and with additional materials, graduate level students. It is a complete guide to computer security terminology and theory. Other groups of readers that would benefit from this book include security knowledgeable managers seeking to assess the knowledge of potential employees especially in policy and architecture positions. A third group includes anyone preparing for information security certifications. If you are wish to certify you will benefit from a close reading of this text before attempting your examination. Finally, anyone seeking to understand the big picture of information security would benefit from Computer Security Art and Science. However the book's value is primarily as a textbook!

Like most authors writing a security book, Matt has chosen to start at a basic level beginning with a discussion of confidentiality, integrity and availability. As a reviewer I was quietly wondering how long he would stay there. The answer proved to be one chapter only and at the back of the chapter one the author has included insightful, thought provoking study questions. If I were considering hiring someone who claimed to have experience in information security that could not answer these questions, I would show them the door.

Now to consider the rest of the book! On the first page of chapter two we are introduced to logical equations. This is where the casual reader is likely to get off the bus while the diligent student with a qualified instructor gets on. As soon as I saw the equations with no explanation of how to read them, I could see someone browsing in a bookstore shut the cover and move on. Be brave and press on is my advice; the book is well worth it even if some of the illustrations are beyond comprehension without a teacher's guide. It says in the preface this book was designed to be a college level textbook. They have to put a few inscrutable pages in the book so the professors can appear to be smarter than the students.

The cryptography section, chapters 9 - 11 are very approachable and while not as in depth as some other sections, they would help anyone preparing for the various industry security certifications including CompTIA's Security +, ISC2's CISSP and SANS' GSEC. In fact the entire book would be beneficial for any of these.

The table of contents says that part 6 of the book, assurance, chapters 18 - 21, were contributed by a different author, Elisabeth Sullivan. I read those chapters closely and could not detect a different tone or level of quality; the authors are to be congratulated for that. Nice use of humor on the heading title for 18.1.1, "The Need for Assurance" and where else can you read about "Extreme Programming".

No book is perfect, the intrusion detection and penetration testing discussions need to be beefed up, but chapter 29, Program Security more than makes up for them. That chapter should be required reading before anyone is allowed to touch a compiler.

I donate most of the books people send me to review to my local library, but this one stays on the shelf and I am setting an iCal reminder to re-read the policy and audit sections a couple months from now.

11 of 12 people found the following review helpful:

5.0 out of 5 stars Superb, April 7, 2004

By 

Dr. Lee D. Carlson (Baltimore, Maryland USA) - See all my reviews
(VINE VOICE)    (HALL OF FAME REVIEWER)    (REAL NAME)   

This review is from: Computer Security: Art and Science (Hardcover)

This book gives an excellent introduction to the subject of computer security, both from a practical and theoretical point of view. Computer scientists and not security professionals will probably gain the most from the reading of the book, but there is enough practical discussion to allow the latter to gain more insight into various aspects of computer security, particularly in the mathematics of encryption. The book is designed for use in academic classroom settings, and the author gives two different outlines for use in both undergraduate and graduate level courses. The book is divided up into 9 parts, only parts 2 and 3 of which I read in any detail, with the rest only briefly perused. For this reason only these two parts will be reviewed here.

Part 2 of the book is a view of security from the standpoint of theoretical computer science. The author discusses models for the decidability of security systems, i.e. is there a generic algorithm that will determine whether a computer system is secure? As expected, this question is addressed in the context of Turing machines, and the author shows that it is undecidable whether a given state of a given protection system is safe for a given generic right. However the proof proceeds by contradiction, and those of us who insist on constructive proofs in all of mathematics will not accept this one. It would be interesting to find a constructive proof of this result.

If the protection system is restricted in some way then they safety question is decidable. The author discusses such a system, the "Take-Grant Protection Model" in terms of directed graphs, and he shows that this model is decidable in linear time with respect to the size of the graph. He then explains the reasons why a safety model can be decidable versus one that cannot be, via a highly technical discussion of the "Schematic Protection Model" (SPM). This section is very interesting due to the nature of the mathematical constructions that are used. These constructions make it readily apparent why the (undecidable) Harrison-Ruzzo-Ullman (HRU) model is more expressive than the SPM. The expressive power of the different models derives from the notion of a `type', and this motivates the author to consider the `typed access matrix model' and its utility in detailing a system's safety properties.

In Part 3, the author gets down to more practical matters, and discusses the implementation of security policies. Taking a computer system to be a finite-state automaton with transition functions that change state, a security policy is defined as a statement that partitions these states into `secure' and `nonsecure' states. Secure systems are defined as those that cannot enter a nonsecure state if they are in a secure state. All throughout this part the author emphasizes that fact that all security policies are based on assumptions that would lead to the destruction of these policies if they are false. The author discusses a practical example of a security policy in this part. Also discussed is the relation between security and precision, with the idea of a covert channel arising in this context. The author proves that there is no general procedure for constructing a system that conforms exactly to a specific security policy but that allows all actions that the policy allows.

The Bell-LaPadula confidentiality model, which has its origins in military applications, is also discussed in Part 3. The author explains a confidentiality policy as being a `information flow policy', which prevents the unauthorized disclosure of information, with unauthorized alteration of information being secondary. An explicit example of this security involving a UNIX operating system is discussed. A formal model is then proposed, and the author then uses the accompanying formalism to prove the `basic security theorem'. The formal model constructed by the author is interesting in that it can be viewed as a (discrete) dynamical system, with transitions governed by decisions that are responding to requests for access. A system is called secure if it satisfies three conditions, namely the `simple security condition', the `*-property', and the `discretionary security property'. The first condition states that a subject that can read or write to an object must dominate it. The *-property states that if a subject can write to an object, the classification of the object must dominate the subject's clearance; if the subject can also read the object, the subject's clearance must be the same as the object's classification. The discretionary security property relates the authority of the access control matrix to allow the controller of an object to condition access based on identity. The author also discusses in detail the objections to the Bell-LaPadula model of computer security.

The author then directs his attention to integrity policies, wherein the emphasis is on ensuring data integrity, and he discusses various integrity security policies in this regard. One of these is the Biba integrity model, which as it turns out is the mathematical dual of the Bell-Lapadula model, wherein a system is now composed of a set of subjects, objects, and integrity levels. The higher the "integrity level", the more confidence there is that a program will execute correctly. This model is then generalized to the Lipner integrity matrix model, which is a hybrid of Biba and Bell-Lapadula, this being done to obtain a model more suitable for commercial needs. The author then considers the Clark-Wilson integrity model, which uses transactions as the basic operation, and wherein data subjected to integrity controls becomes `constrained data items.' Various certification and enforcement rules are imposed that give this model more commercial applicability than the others, even though the certification process can be very complex and the prone to error. The author compares the Clark-Wilson model with the Biba model and is clearly on the side of the former in terms of practicality, although in the exercises he asks the reader to construct an emulation of the Biba model using Clark-Wilson.

10 of 11 people found the following review helpful:

4.0 out of 5 stars Solid book, which is well suited for a graduate level course, March 25, 2003

By 

Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews
(REAL NAME)   

This review is from: Computer Security: Art and Science (Hardcover)

At over 1000 pages, Computer Security: Art and Science is a veritable everything you need to know about computer security. But for most readers, the book will be far too much information, in a style that is more academic than practical.

The academic style of the book is understandable as the author, Dr. Matt Bishop is an Associate Professor in the Department of Computer Science at the University of California at Davis.

The topics in the book cover the world of computer science, from access control, policy and cryptography, to information flow, vulnerability analysis, auditing and more. Unfortunately, this comes in a style that is heavy on formal methods and the extensive use of various forms of symbolic logic.

Computer Security: Art and Science is a solid book, which is well suited for a graduate level university course for those looking primarily into the theoretical nature of computer security. But for those who are looking for practical answers on day-to-day corporate security issues, Computer Security: Art and Science, while a masterpiece, will not fit their needs.