Computer Security: Art and Science, 2nd edition
by Matt Bishop
Addison-Wesley Professional 2018.
ISBN ISBN-13: 978-0321712332, ISBN-10: 0321712331 . 1440 pages
Reviewed by Sven Dietrich 01/18/2020
Matt Bishop's classic "Computer Security: Art and Science" textbook is getting a makeover in this second edition published in 2018. For those familiar with the first edition that came out in 2002, this textbook was often found in rigorous computer security courses starting in the early 2000s. And for a good reason: it prepared many students, both undergraduate and graduate, as well as professionals for the intricacies of computer security as we knew it then.
In this second edition, enhanced by contributions from Elizabeth Sullivan and Michelle Ruppel, Matt Bishop constructs a heavy - yet comprehensive - textbook on computer security with about additional 300 pages to bring it up to 1440 pages. The electronic edition feels so much lighter than its paper counterpart.
The book is divided into nine parts, which in total contain 31 chapters and eight appendices, plus a bibliography with over 2200 entries at the end. The nine parts are, in order, Introduction, Foundations, Policy, Implementation I: Cryptography, Implementation II: Systems, Assurance (contributed by Elizabeth Sullivan and Michelle Ruppel), Special Topics, Practicum, and Appendices. Each chapter typically has illustrations and clear diagrams explaining the various concepts, and at the end a summary, a set of research issues, a list for further reading, and a set of exercises. There is supplementary material on the author's page for the book at UC Davis, including sample chapters, the full bibliography with URLs, slides and errata for the first printing from November 2018 as well as for the electronic edition from July 2019.
Part I "Introduction", has just one chapter that covers an overview of computer security, such as the CIA (no, not the one in Langley, VA or even Hyde Park, NY: we mean Confidentiality, Integrity, and Availability here), threats, assumptions, and trust, operational issues, and human issues.
Part II "Foundations" covers two chapters, Access Control Matrices and Foundational Results. Here the reader learns about basic protection states, protection models (e.g. Take-Grant, Schematic Protection Model) and their expressive power.
Part III on Policy, which contains six chapters, lets the reader explore policies for security and the related policy languages, as well as an example of an academic security policy. The book describes the Bell-Lapadula model and its issues for confidentiality policies, for integrity it touches on the Biba, Clark-Wilson, and other models, for availability it describes some denial-of-service models, and finally some hybrid models such as the Chinese Wall model. Part III gets rounded up by the classic concepts of noninterference and policy composition.
Part IV covers "Implementation I: Cryptography" in four chapters. The topics here are basic cryptography, key management, cipher techniques, and authentication in a thorough yet complete treatise. Cipher types, cipher modes, protocols (SSL/TLS, IPsec), and password selection and attacks are among the main topics, complemented by discussions of indentity establishment through biometrics and challenge-response mechanisms.
Part V covers "Implementation II: Systems". Here the system-centric view comes into play with design principles (such as least astonishment, least privilege, separation of privilege), identity representation and its meaning (on the computer system vs. the Web) plus anonymity approaches such as Onion Routing, access control mechanisms (access control lists, capabilities, ring-based access control, and propagated access control lists), as well as information flow and its policies. Part V ends with a discussion of the confinement problem with isolation and covert channels.
Part VI is the contributed assurance section by Elizabeth Sullivan and Michelle Ruppel with four chapters on introduction to assurance (the need for assurance, requirements, building secure systems using a Waterfall Life Cycle or Agile Software Development approach), formal methods for verifying systems (such as the older HDM, Gypsy, as well as the current PVS, SMV, and NRL Protocol Analyzer). This part wraps up with an overview (historical in parts) of various evaluation and certification approaches, including FIPS 140, Common Criteria, and the Secure Systems Engineering Capability Maturity Model.
Part VII is on special topics and in five chapters covers malware (e.g. logic bombs, virus, ransomware) and their defenses, vulnerability analysis (e.g. penetration testing approaches illustrated by a few examples, and the notions of CVEs and CWEs and their classification), auditing (logging, log sanitization, auditing file systems), and intrusion detection (various models such as anomaly, misuse, or specification, architecture, and some examples of intrusion detection systems such as NSM, DIDS, and AAFID). The last chapter covers attacks and responses by illustrating attack representation (e.g. attack graphs and trees), intrusion responses (incident prevention and handling), and digital forensics including anti-forensics.
Part VIII "Practicum" takes a real-world, practical perspective on four scenarios: network security, systems security, user security, and program security. In each scenario, the reader is engaged in thinking in proper terms (e.g. how does one handle public access, how does one deal with the DMZ or the Cloud, how does one design user groups/classes, how does one consider encrypted email, how does one deal with proper input to programs).
Part IX is a set of eight appendices that provide the reader with background they may not have had elsewhere. The areas covered here are: mathematical background in lattices, the extended Euclidean algorithm, and entropy and uncertainty, virtual machines, symbolic logic, encryption standards, examples of academic security policies, and programming rules.
Overall the book is aimed at advanced undergraduate (computer science) students wishing to learn about computer security, practitioners wanting to dig deeper, or at early graduate students getting into the basics as an on-ramp for more advanced security topics.
Matt Bishop did an excellent job with "Computer Security: Art and Science, 2nd edition," covering all the bases needed for a go-to book in the area of computer security. I enjoyed reading it and look forward to having this book readily available on my (virtual?) book shelf.