Book Review: Computer Security by Dieter Gollmann
Computer Security is, as you may have guessed, a book about computer security, specifically, it a textbook intended to be used along with a upper level undergrad course, or a graduate course. However, I found that it served well as a standalone book to educate yourself on basic computer security, since it is clearly written, and well organized, making it easy to follow the material.
This book serves as a good introduction to information security, covering from the basic principles of information security (e.g. integrity vs. confidentiality), to mobile code (code like Java applets running in your browser), to security in network environments (e.g. distributed authentication). No topic is covered in any great depth, with topics like encryption receiving only a single chapter. As well, elements generally associated with network security seem to have received less attention than did those at an individual computer level, demonstrated by the dedication of individual chapters to Windows 2000 security (which dates the book a bit to be sure) and Unix security, as well as several chapters examining the generic issues inherent in securing individual systems. However, since this forms the base from which network security operates, I feel it was a worthy focus for the book.
One thing to note is that some understanding of discrete mathematics is required to get full benefit from some of the earlier chapters, such as understanding the concepts of partially ordered sets and lattices. Although a brief explanation of these mathematics is usually given, it serves more a as a refresher for those who have encountered it previously than to introduce a newcomer.
If you can handle the mathematics behind them however, you will get a good introduction to security models such as the Bell-LaPadula model, the Chinese Wall model, and more, which are formal models that implement different approaches to security, such as preserving integrity vs. confidentiality, and protecting military vs. commercial systems, that is to say that each situation is treated as unique rather than lumped into a singe solution. Another area well covered and of particular interest these days is that of mobile computing, addressing problems such as authenticating phones to networks and its reverse, as well as those of customer privacy. In other words, the topics cover a large selection of information security topics, and at a high enough level that a newcomer to a particular topic will not be overwhelmed, and get a firm starting point for further research.
In short, this book provides a good way to get a jumping point off into security, or if you have only learned certain areas of information security, provides the framework with which your specialization fits in. If you fit either of those categories, I recommend taking a look at Computer Security (Amazon).