The importance of computer security has increased dramatically during the past few years. Bishop provides a monumental reference for the theory and practice of computer security. This is a textbook intended for use at the advanced undergraduate and introductory graduate levels, non-University training courses, as well as reference and self-study for security professionals. Comprehensive in scope, this covers applied and practical elements, theory, and the reasons for the design of applications and security techniques. Bishop treats the management and engineering issues of computer. Excellent examples of ideas and mechanisms show how disparate techniques and principles are combined (or not) in widely-used systems. Features a distillation of a vast number of conference papers, dissertations and books that have appeared over the years, providing a valuable synthesis. This book is acclaimed for its scope, clear and lucid writing, and its combination of formal and theoretical aspects with real systems, technologies, techniques, and policies.

Average Customer Review: ( 16 customer reviews )
Write an online review and share your thoughts with other customers.

Computer Security Art and Science has been years in the making and for good reason; it is over a thousand pages. The book seems best suited for four groups of readers. The first group is college students; this will probably be a popular choice as a textbook for undergraduate level students and with additional materials, graduate level students. It is a complete guide to computer security terminology and theory. Other groups of readers that would benefit from this book include security knowledgeable managers seeking to assess the knowledge of potential employees especially in policy and architecture positions. A third group includes anyone preparing for information security certifications. If you are wish to certify you will benefit from a close reading of this text before attempting your examination. Finally, anyone seeking to understand the big picture of information security would benefit from Computer Security Art and Science. However the book's value is primarily as a textbook!

Like most authors writing a security book, Matt has chosen to start at a basic level beginning with a discussion of confidentiality, integrity and availability. As a reviewer I was quietly wondering how long he would stay there. The answer proved to be one chapter only and at the back of the chapter one the author has included insightful, thought provoking study questions. If I were considering hiring someone who claimed to have experience in information security that could not answer these questions, I would show them the door.

Now to consider the rest of the book! On the first page of chapter two we are introduced to logical equations. This is where the casual reader is likely to get off the bus while the diligent student with a qualified instructor gets on. As soon as I saw the equations with no explanation of how to read them, I could see someone browsing in a bookstore shut the cover and move on. Be brave and press on is my advice; the book is well worth it even if some of the illustrations are beyond comprehension without a teacher's guide. It says in the preface this book was designed to be a college level textbook. They have to put a few inscrutable pages in the book so the professors can appear to be smarter than the students.

The cryptography section, chapters 9 - 11 are very approachable and while not as in depth as some other sections, they would help anyone preparing for the various industry security certifications including CompTIA's Security +, ISC2's CISSP and SANS' GSEC. In fact the entire book would be beneficial for any of these.

The table of contents says that part 6 of the book, assurance, chapters 18 - 21, were contributed by a different author, Elisabeth Sullivan. I read those chapters closely and could not detect a different tone or level of quality; the authors are to be congratulated for that. Nice use of humor on the heading title for 18.1.1, "The Need for Assurance" and where else can you read about "Extreme Programming".

No book is perfect, the intrusion detection and penetration testing discussions need to be beefed up, but chapter 29, Program Security more than makes up for them. That chapter should be required reading before anyone is allowed to touch a compiler.

I donate most of the books people send me to review to my local library, but this one stays on the shelf and I am setting an iCal reminder to re-read the policy and audit sections a couple months from now.

11 of 12 found the following review helpful:

SuperbApr 07, 2004
By Dr. Lee D. Carlson
This book gives an excellent introduction to the subject of computer security, both from a practical and theoretical point of view. Computer scientists and not security professionals will probably gain the most from the reading of the book, but there is enough practical discussion to allow the latter to gain more insight into various aspects of computer security, particularly in the mathematics of encryption. The book is designed for use in academic classroom settings, and the author gives two different outlines for use in both undergraduate and graduate level courses. The book is divided up into 9 parts, only parts 2 and 3 of which I read in any detail, with the rest only briefly perused. For this reason only these two parts will be reviewed here.

Part 2 of the book is a view of security from the standpoint of theoretical computer science. The author discusses models for the decidability of security systems, i.e. is there a generic algorithm that will determine whether a computer system is secure? As expected, this question is addressed in the context of Turing machines, and the author shows that it is undecidable whether a given state of a given protection system is safe for a given generic right. However the proof proceeds by contradiction, and those of us who insist on constructive proofs in all of mathematics will not accept this one. It would be interesting to find a constructive proof of this result.

If the protection system is restricted in some way then they safety question is decidable. The author discusses such a system, the "Take-Grant Protection Model" in terms of directed graphs, and he shows that this model is decidable in linear time with respect to the size of the graph. He then explains the reasons why a safety model can be decidable versus one that cannot be, via a highly technical discussion of the "Schematic Protection Model" (SPM). This section is very interesting due to the nature of the mathematical constructions that are used. These constructions make it readily apparent why the (undecidable) Harrison-Ruzzo-Ullman (HRU) model is more expressive than the SPM. The expressive power of the different models derives from the notion of a `type', and this motivates the author to consider the `typed access matrix model' and its utility in detailing a system's safety properties.

In Part 3, the author gets down to more practical matters, and discusses the implementation of security policies. Taking a computer system to be a finite-state automaton with transition functions that change state, a security policy is defined as a statement that partitions these states into `secure' and `nonsecure' states. Secure systems are defined as those that cannot enter a nonsecure state if they are in a secure state. All throughout this part the author emphasizes that fact that all security policies are based on assumptions that would lead to the destruction of these policies if they are false. The author discusses a practical example of a security policy in this part. Also discussed is the relation between security and precision, with the idea of a covert channel arising in this context. The author proves that there is no general procedure for constructing a system that conforms exactly to a specific security policy but that allows all actions that the policy allows.

The Bell-LaPadula confidentiality model, which has its origins in military applications, is also discussed in Part 3. The author explains a confidentiality policy as being a `information flow policy', which prevents the unauthorized disclosure of information, with unauthorized alteration of information being secondary. An explicit example of this security involving a UNIX operating system is discussed. A formal model is then proposed, and the author then uses the accompanying formalism to prove the `basic security theorem'. The formal model constructed by the author is interesting in that it can be viewed as a (discrete) dynamical system, with transitions governed by decisions that are responding to requests for access. A system is called secure if it satisfies three conditions, namely the `simple security condition', the `*-property', and the `discretionary security property'. The first condition states that a subject that can read or write to an object must dominate it. The *-property states that if a subject can write to an object, the classification of the object must dominate the subject's clearance; if the subject can also read the object, the subject's clearance must be the same as the object's classification. The discretionary security property relates the authority of the access control matrix to allow the controller of an object to condition access based on identity. The author also discusses in detail the objections to the Bell-LaPadula model of computer security.

The author then directs his attention to integrity policies, wherein the emphasis is on ensuring data integrity, and he discusses various integrity security policies in this regard. One of these is the Biba integrity model, which as it turns out is the mathematical dual of the Bell-Lapadula model, wherein a system is now composed of a set of subjects, objects, and integrity levels. The higher the "integrity level", the more confidence there is that a program will execute correctly. This model is then generalized to the Lipner integrity matrix model, which is a hybrid of Biba and Bell-Lapadula, this being done to obtain a model more suitable for commercial needs. The author then considers the Clark-Wilson integrity model, which uses transactions as the basic operation, and wherein data subjected to integrity controls becomes `constrained data items.' Various certification and enforcement rules are imposed that give this model more commercial applicability than the others, even though the certification process can be very complex and the prone to error. The author compares the Clark-Wilson model with the Biba model and is clearly on the side of the former in terms of practicality, although in the exercises he asks the reader to construct an emulation of the Biba model using Clark-Wilson.

10 of 11 found the following review helpful:

Solid book, which is well suited for a graduate level courseMar 26, 2003
By Ben Rothke "Author of 'Computer Security: 20 Things Every Employee Should Know'"
At over 1000 pages, Computer Security: Art and Science is a veritable everything you need to know about computer security. But for most readers, the book will be far too much information, in a style that is more academic than practical.

The academic style of the book is understandable as the author, Dr. Matt Bishop is an Associate Professor in the Department of Computer Science at the University of California at Davis.

The topics in the book cover the world of computer science, from access control, policy and cryptography, to information flow, vulnerability analysis, auditing and more. Unfortunately, this comes in a style that is heavy on formal methods and the extensive use of various forms of symbolic logic.

Computer Security: Art and Science is a solid book, which is well suited for a graduate level university course for those looking primarily into the theoretical nature of computer security. But for those who are looking for practical answers on day-to-day corporate security issues, Computer Security: Art and Science, while a masterpiece, will not fit their needs.

9 of 10 found the following review helpful:

What a gift to the security profession!Dec 10, 2002
By Sushi-n'Grits "Sushi"
This book is simply superb - a comprehensive, beautifully written text for information security students and practitioners. Matt Bishop has decades of security-related contributions to his credit and his book reflects his accumulated wisdom on all things security. I believe that those colleges and universities that offer information security degree programs will certainly use this book as text for those programs, and in doing so, will serve their students extremely well. And for those of us who are laboring in the security vineyard, this book represents a rare opportunity to refine our understanding of the fundamentals by tuning in to the thoughts of a master teacher and practitioner. Well done!!

4 of 4 found the following review helpful:

Never Back on the ShelfNov 20, 2004
By Jean H. Ennis "jdimension"
I admit...this book was a required text for my computer security class, so I didn't buy it for my reading pleasure.

First thought? GOOD GRIEF (it's about 1000 pages)!

Current thinking? THANK GOODNESS I HAVE THIS BOOK.

I have pages in every chapter marked and read and have to say that it has helped transform me from someone who didn't have a clue about computer secrurity to someone who is now getting the NSTISSI 4011 certification in conjunction with a PhD in Computer Information Systems with a focus in Information Security.

The explanations are clear, yet bring the reader beyond the elementary level. Bishop covers a wide range of topics to help create a thorough understanding of security issues. Of most benefit to me was the section on Cryptography.

I've read some review regarding the math. It's in there for those who would like to review it, but it not, just skim and read on. The first time I went through this book, I skipped any section with math, but found those very same sections useful as I learned the topics in depth.

Since I bought this book a year ago (this review is dated 11/04) and I have not yet put it back on the shelf.

See all 16 customer reviews on Amazon.com