Browse Books

Reviewer: Edgar R. Weippl

This textbook on computer security covers a wide range of mostly introductory-level topics. The word "foundations" in the book's title suggests a book that focuses on theory and formal concepts; in fact, the book is an easy-to-read collection of practical knowledge. Following a brief introduction, chapter 1 starts with physical security. The first topic covered is side-channel attacks. Side-channel attacks and Van-Eck attacks are what Bruce Schneier might call "movie-plot" threats. They are spectacular, but not very likely. The chapter continues with acoustic keyboard eavesdropping, an attack recently (re-)published with a working prototype. Finally, disaster recovery planning is explained, on a single page. This first chapter generates a lot of interest, but it focuses on interesting attacks and neglects boring but important considerations, such as a business impact analysis as the first step in business continuity planning. Chapter 2 is a very detailed chapter on viruses. The Bell-LaPadula security model is explained, in the context of viruses leaking sensitive information. There is no formal definition of the model presented, and it is not put into context with other security models, or with the conceptual frameworks of access control, mandatory access control, and multilevel security. Worms are addressed thoroughly in chapter 3, and trojans in chapter 4. Chapter 5 presents examples of malware, such as the Lehigh Virus or the MTX worm. Defense and prevention mechanisms are explored in chapter 6. Generic guidelines help readers avoid becoming victims of viruses. In addition, backup schemes, mirroring, and checksums are discussed. Port scanning, spoofing, spam, and denial-of-service attacks are widely known security issues in network security, and are discussed in chapter 7. The last two pages of this chapter explain firewalls. Authentication, a prerequisite for access control, encompasses biometrics and passwords (chapter 8). Smart cards are briefly addressed as a subsection of biometrics, which is misleading. Usually, authentication is categorized into, first, "what you are" (biometrics); second, "what you know" (passwords); and, third, "what you have" (tokens and smart cards). Chapter 9 addresses the timely topic of spyware. Chapter 10 covers identity theft, and chapter 11 discusses privacy and trust. Chapter 12 concludes the book with an overview of cryptography. The book is a useful collection of in-depth knowledge. Exercises throughout the chapters make this book entertaining to read, and keep readers actively involved. The major weakness of the book is that it is not well organized. This is not the textbook you want your students to read if it is their first and only book on security. The book, however, is certainly worth its price for lecturers and professionals who need in-depth stories to enrich their lectures and presentations. Matt Bishop's book [1] is still my first choice for a theory-oriented course, and Shon Harris' book [2] remains my top choice for professional readers. The most important difference between these books and Foundations of computer security is that they are structured better, taking a more systematic approach to computer security. Online Computing Reviews Service