Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Security in computing (5th ed.)
Pfleeger C., Pfleeger S., Margulies J., Prentice Hall Press, Upper Saddle River, NJ, 2015. 944 pp. Type: Book (978-0-134085-04-3)
Date Reviewed: Oct 9 2015

Computer security is a delightful and tricky subject to cover in a book. Its charm comes from the way it combines solid theory (consider cryptography or database disclosure) with practice that is relevant both to individuals (many of us worry whether our smartphones can get hit by malware) and to society as a whole (reflect on whether a government should be able to snoop on its citizens’ communications). Its difficulty comes from the field’s vast breadth and depth--attacks range from freezing dynamic random-access memory (DRAM) chips to social engineering. Adding to that is the swiftness of progress: the only-too-real incidents of hacking cars and airplanes would have been the subject of science fiction movies only a few years ago.

The authors of this book, now in its fifth edition, succeed both in bringing out the subject’s joy and in tackling its difficulty. Their credentials are a great help in this, for they combine the experience gained from security consulting, the currency and theoretical rigor of research, and strong ties with the security community. (Shari Pfleeger is the editor-in-chief of the IEEE Security and Privacy magazine.)

The book’s extensive length (over 900 pages) covers the vast field of computer security well. The text starts with an introductory chapter that covers the basics: threats, harm, vulnerabilities, and controls. The second chapter plunges into practice, binding together authentication, access control, and cryptography. This is an interesting choice for avoiding the presentation of tons of theoretical material before the reader can grasp how the various concepts tie together. Subsequent chapters cover the field’s many vertical areas: programs, programming, web-user interactions, operating systems, networks, databases, cloud computing, privacy, management, incident response, legal issues, and ethics. At the end of the book, one chapter digs deeper into the details of cryptography algorithms and one covers emerging topics, namely the Internet of Things (IoT), economics, and electronic voting.

The structure of the book generally serves the reader well. The network chapter--at 160 pages, the book’s longest chapter--may be hard to swallow in one go, but it is usefully divided into two parts: one covering network security attacks and one covering countermeasures. The second chapter introduces some duplication on the coverage of cryptography, with two only slightly different diagrams depicting the operation of the advanced encryption standard (AES) appearing in this chapter and in the penultimate one. In a few instances, the book can be too US-centric. For example, the section on privacy principles and policies starts the discussion with the US piecemeal (as the authors term it) legislation on the commercial handling of personal data, and lumps the European Union’s pioneering data protection directive into a section titled “Non-U.S. Privacy Principles.”

The rapid advances in computer security certainly justify the book’s fifth edition. This version covers a number of new areas: cloud computing, IoT, cyberwarfare, web-user interaction, and electronic voting. While one might think that it might be risky to treat these shifting topics in a textbook, there is already considerable established substance that merits their coverage. For example, the chapter on cloud computing examines federated authorization and authentication protocols (OAuth, OpenID Connect), which are topics any web developer should know about. On the other hand, Edward Snowden’s name does not appear in the book’s extensive index, although his role (though bizarrely not his name) is described in the section detailing how the National Security Agency (NSA) apparently compromised the dual elliptic curve deterministic random bit generator (Dual_EC_DRBG) and paid a vendor to distribute it as part of its cryptographic toolkit. Also, the section covering the interception of sensitive information discusses degaussing devices used to erase magnetic media, but fails to present the difficulty of securely clearing data stored in the increasingly common flash memory drives.

The book is extensively but not gratuitously illustrated, while numerous tables are used to good effect in organizing the presented information. Many sidebars present real cases that showcase the discussed principles and theory. Although the authors’ writing, clear and full of examples, is never dry, the sidebars enliven the text even more with descriptions of audacious attacks, inadequate responses, and interesting theory. Each chapter ends with a list of challenging open-ended exercise topics. A 26-page list of bibliographical references allows the reader to find more on the covered subjects.

In all, this book succeeds in covering a vast, difficult, and quickly changing area. I would recommend it both as a textbook and as an introduction to an important topic for software developers and system administrators.

Reviewer:  D. Spinellis Review #: CR143841 (1601-0046)
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Security and Protection (K.6.5 )
 
 
Security and Protection (D.4.6 )
 
 
Reference (A.2 )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
CIRCAL and the representation of communication, concurrency, and time
Milne G. ACM Transactions on Programming Languages and Systems 7(2): 270-298, 1985. Type: Article
Oct 1 1985
Computer security risk management
Palmer I., Potter G., Van Nostrand Reinhold Co., New York, NY, 1989. Type: Book (9780442302900)
Apr 1 1991
Computers at risk
, National Academy Press, Washington, DC, 1991. Type: Book (9780309043885)
Oct 1 1991
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy