A Review of Computer Security: Art and Science by Matt Bishop
Computer security is a complex and evolving field that requires both theoretical and practical knowledge. In this book, Matt Bishop, a professor in the Department of Computer Science at the University of California at Davis, provides a comprehensive and rigorous introduction to the art and science of computer security. The book covers a wide range of topics, from basic concepts and principles to advanced techniques and applications. It is suitable for advanced undergraduate and graduate students, as well as professionals and researchers in the field.
The book is divided into four parts: Introduction, Policy, Cryptography, and Assurance. The first part introduces the goals, problems, and challenges of computer security, as well as the relationship between policy and mechanism, the role of trust and assumptions, and the methods for evaluating security. The second part discusses different types of security policies, such as confidentiality, integrity, availability, and hybrid policies, and how they can be modeled and enforced. The third part explains the fundamentals of cryptography, including symmetric and asymmetric encryption, hash functions, digital signatures, key management, and protocols. The fourth part explores various aspects of assurance, such as vulnerability analysis, auditing, intrusion detection, malware analysis, and attack response.
The book is well-written and organized, with clear explanations, examples, exercises, and references. It also includes appendices on mathematical background, security standards, ethics, and legal issues. The book reflects the latest developments and research in computer security, such as cloud computing, mobile devices, biometrics, quantum cryptography, and cyber warfare. The book is also accompanied by a website that provides additional resources, such as slides, solutions, projects, and errata.
Computer Security: Art and Science is an excellent text that should be read by every computer security professional and student. It is both a comprehensive text that explains the most fundamental and pervasive aspects of the field, and a detailed reference that contains valuable information for even the most seasoned practitioner.
One of the strengths of the book is that it links theory and practice, showing how computer security concepts can be applied to real-world systems and scenarios. The book also illustrates the trade-offs and challenges that arise in computer security, such as usability, performance, cost, and complexity. The book encourages critical thinking and problem-solving skills, by presenting open-ended questions, case studies, and ethical dilemmas. The book also fosters a scientific approach to computer security, by emphasizing the importance of rigorous definitions, proofs, and experiments.
Another strength of the book is that it covers a broad spectrum of computer security topics, from low-level to high-level, from technical to social, from historical to contemporary. The book provides a solid foundation for understanding the core principles and mechanisms of computer security, as well as a comprehensive overview of the current state-of-the-art and future directions of the field. The book also exposes the reader to a variety of perspectives and disciplines that contribute to computer security, such as mathematics, computer science, engineering, psychology, law, and ethics.
In conclusion, Computer Security: Art and Science is a must-have book for anyone who wants to learn or teach computer security. It is a comprehensive, rigorous, and engaging text that covers both the art and the science of computer security. It is a valuable resource for students, instructors, researchers, and practitioners who want to deepen their knowledge and skills in computer security. aa16f39245