|Computer Security: Art and Science||
Computer Security: Art and Science
|109.30||approx. 7-9 days|
Today, everyone recognizes the importance of safeguarding computer systems and networks from vulnerability, attack, and compromise. But computer security is neither an easy art nor a simple science: its methodologies and technologies require rigorous study, and a deep grounding in principles that can be applied even as technologies change. Moreover, practitioners must understand how to align concepts with real policies, and then actually implement those policies -- managing inevitable tradeoffs such as “How secure do our devices really need to be, and how much inconvenience can we accept?”
In his extensively updated Computer Security: Art and Science, 2nd Edition, University of California at Davis Computer Security Laboratory co-director Matt Bishop offers a clear, rigorous, and thorough introduction to the entire modern field of computer security. Bishop covers access control; security, confidentiality, integrity, availability, and hybrid policies; policy composition; cryptography; authentication; identity management; information flow; assurance; formal methods; system evaluation; vulnerability analysis; auditing; intrusion detection, and many other topics.
This edition adds four new chapters, including a brand-new chapter-length case study on the high-profile issue of electronic voting. Through this case study, Bishop demonstrates how principles, policies, procedures, and technology come together in a crucial real-world application.
Four entirely new chapters have been added:
1. Availability Policies, covering early availability policies (usually oriented around ‘fairness’); generalized to ‘quality of service’ policies for defining availability; and encompassing ideas related to network defense, reliability, and performance.
2. Attack Analysis, covering diverse attacks, linking them to attack models, and examining detection and related forensic issues.
3. Security Management, addressing the management of technology and policies for providing and assuring security, and presenting leading sets of management practices.
4. Electronic Voting, an ideal case study that integrates and applies policies, procedures, technology, and many other aspects of security in an important real world application.
Other notable updates include extensive revisions to the chapter on Malicious Logic to reflect newer malware threats and advances in anti-malware techniques and technologies. Examples and exercises will be updated or added as appropriate. For all chapters, ‘Research Issues’ and ‘Further Reading’ sections will be updated.