Security in Computing, 3rd edition by Charles Pfleeger and Shari Pfleeger, Pearson Education (Singapore) Pte. Ltd., India
Branch, 2004, ISBN 81-297-0042-5. 746 pages. Index. Bibliography.
Reviewed by Y.M.K.G.Yapa Bandara November 16th 2005.
Security in Computing by Charles and Shari Pfleeger is organized by general area of computing, so that the readers with particular interests can find information easily. The chapters of this book progress in an orderly manner, from general security concerns to particular needs of specialized applications, and finally overachieve management and legal issues. Authors attempt to cover five key areas namely Introduction (threats, vulnerability and control), Encryptions, code, management & Law and privacy & ethics.
In the first chapter, authors attempt to explain the fundamental concepts of Computer Security. They have introduced most of the concepts very clearly but some important concepts are not outlined completely (For Example, the full ranges and types of controls). It is productive that real world problems (For Example:” Hollywood at Risk”) are explained in the chapter and this is something one rarely sees in other books.
The authors also attempt to provide an understanding of what encryption is and how it can be used or misused. I feel that the second chapter is for users of encryption and not for designers of new encryption schemas. When we want more information, we are pointed in the right direction to additional reading materials.
Secure systems development is explained in chapter three. This is an important but often neglected topic and is covered reasonably well. First, the authors comment about programming errors (buffer overflows and incomplete access control) and then proceed to give information on viruses, worms and Trojan horses. Naturally, none of these would be useful without some software engineering principles and practices. That is also explained to some extent. However, the chapter is not always completely clear and rigorous. For example, it is implied that Thompson, rather than Cohen, was the first to investigate viruses.
In the fourth chapter, authors have explained
protection in general purpose
operating systems. Initially we can find a bit of history of protection in operating systems and afterwards an overview of protection features provided by general-purpose operating systems: the protection of memory, files and the executing environment. There are numerous figures in this chapter and they complement the text quite nicely. The part dedicated to passwords is particularly well written and covers the topic in great depth. Authors give you information on the control of access to general objects, file protection mechanisms and user authentication to close the chapter. In fact this chapter information is hugely theoretical and I would rather like to see it as an expanded chapter for different practical situations (For Example, Protecting Memory in Windows 2000 Operating System).
Trusted Operating Systems Design is treated in chapter five. It begins with the question, “What is a Trusted System? “ The explanation is transparent and real world examples are given to clarify the content. The whole chapter is very well organized by dividing into 4 parts and tried to explain the contents giving examples.
Chapter six explains Database Security, which is a very important topic because today many people rely on database management systems. Here the content is good but more general and theoretical. The Available securities and the way we can apply these in practical situations (For Example: Oracle databases, DB2 databases) are not mentioned.
In chapter seven the authors consider security in Networks and also puts forward a lot of research ideas (For Example, Developing one own secure email system). I really appreciate the use of real world examples to show practical uses. (“Using PKI at Lloyd’s Bank “).
I believe that, Security is not achieved only through technology. This is the message behind chapter eight that shows the administrative and physical aspects of security. I also agree with the author that the security plan must address the security involving on human and natural disasters.
Intellectual property, computer crime, and ethics are presented as problems with no solutions, in chapter nine.
The last chapter of the book entitled "Cryptography Explained" explains in detail the mathematics that are the foundation stones of different encryption schemes. That puts the reader on a fast track to learn Cryptography in more detail.
In conclusion, I would like to say that this textbook gives a good foundation in computer security for graduate level beginners to this field. A reader has easy access to interesting topics. Numerous exercises given at the end of each chapter help to verify what one has learned. A lot of real world examples help reader to reinforce practical knowledge. The book is very well written, packed with a ton of information and clear to understand. I would recommend, adding a few more case studies and few modifications would make the book more valuable.