Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Computer Security (Worldwide Series in Computer Science) Paperback – 30 Dec 1998

See all 3 formats and editions Hide other formats and editions
Amazon Price New from Used from
"Please retry"
"Please retry"
£15.00 £0.01

There is a newer edition of this item:

Computer Security
In stock.

Trade In Promotion

Product details

  • Paperback: 336 pages
  • Publisher: John Wiley & Sons (30 Dec. 1998)
  • Language: English
  • ISBN-10: 0471978442
  • ISBN-13: 978-0471978442
  • Product Dimensions: 18.8 x 2.3 x 23.4 cm
  • Average Customer Review: 3.5 out of 5 stars  See all reviews (2 customer reviews)
  • Amazon Bestsellers Rank: 1,637,148 in Books (See Top 100 in Books)
  • See Complete Table of Contents

More About the Author

Discover books, learn about writers, and more.

Product Description


"Obviously, it is an excellent textbook either for high education or for advanced training programme on computer security.", Jianying Zhou, , Computer Communications 25/8/99#

"Computer Security is a book that will teach you what you don′t know...."
––Cvu, February 2001

From the Back Cover

Computer Security .... the book I have been looking for for years .... Viiveke Fåk, Linköping University A comprehensive and practical text and the perfect starting point for this subject. ′Is this system secure?′ seems, on the face of it, a straightforward question. Yet how one arrives at an answer is a process which poses a wide range of more complex questions which require a basic understanding of security mechanisms. Questions, such as:
∗ Should protection focus on data, operations or users?
∗ Whilst taking cast iron measures to build in security at one level, what does one do to prevent attackers gaining entry from a lower level?
Starting with basic definitions and concepts, the first section of the book goes on to outline the mechanisms located at the heart of the computer system, mechanisms which provide the basis for techniques used in all other branches of the system. The second section examines the security features found in operating systems such as UNIX and Windows NT, catalogues security breaches, and introduces the topic of security evaluation. A third section is devoted to issues associated with distributed systems, such as network – and Web – security and considers cryptography as an essential technique for such environments. The final section of the book is constructed around database security, discussing problems in multi–level security, and examining security problems in specific settings. Written for self–study and course use, this book will suit a variety of introductory and more advanced security programmes for students of computer science, engineering and related disciplines. It meets a real need for a comprehensive textbook on the subject. Technical and project managers will also find that the broad coverage offers a great starting point for discovering underlying issues and provides a means of orientation in a world populated by a bewildering array of competing security systems. Instructors′ resources are available at: http://isg.rhbnc.ac.uk/TM.htm Visit our Website at: www.wiley.com/compbooks/

Inside This Book (Learn More)
First Sentence
We cannot start a meaningful exploration of Computer Security without defining the subject itself. Read the first page
Explore More
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

Customer Reviews

3.5 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See both customer reviews
Share your thoughts with other customers

Most Helpful Customer Reviews

5 of 6 people found the following review helpful By A Customer on 28 May 1999
Format: Paperback
The intentions of the author are good. He is well known in IT Security community.
The book is sometimes interesting, usually boring and other times too boring. Its advantage is that it is new and covers some new staff (Corba, NT). It talks about lot things but never says enough. It seems that this book needed to be another 300 pages long. Unfortunately the author "fitted" everything in 300 pages.
If you are patient and never feel sleepy buy it. It is a good introductory for computer security. I don't agree with the order he presents things because it leaves some of the interesting things for the end.
Alternatively think Security in Computing (Older but Better).. or Fundamentals of Computer Security Technology... The first is more practical and generic (very good) and the second is theoretic, good in Security Models (which cover in a simple way that everybody can understand).
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
5 of 6 people found the following review helpful By A Customer on 22 Feb. 2000
Format: Paperback
I enjoyed this book. It's good for a quick introduction into Computer Security and it covers most areas of security. I first used it as a college textbook and then brought it to my workplace. Now I hardly get to read it because my colleagues keep "borrowing" it. They like it as a reference manual because it takes a lot off the learning curve.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: 10 reviews
32 of 36 people found the following review helpful
A university textbook with limited practical relevance 24 Nov. 1999
By Deák Csaba - Published on Amazon.com
Format: Paperback
First of all, the book's title is not quite correct. "Some Technical Aspects of Computer Security" would be closer to the truth. It does not cover many important areas of Computer Security, such as IS organization, physical security etc. The book was written based on university lecture notes and it shows. It is quite obvious that Mr. Gollmann has never been in charge of the security of a corporate network (I doubt that he had SEEN one), so his knowledge regarding the real-life issues is rather limited. There are hardly any case studies in the book. Consequently, the usefulness of the book depends on the audience. If you are a university professor, trying to "entertain" your students with theories that they can forget as soon as they graduate, look no further, buy this book NOW. The same thing applies if you are a student wanting to survive such a course. (The back cover of the book quotes someone from Linköping University: "...the book I have been looking for for years". I can easily believe that.) On the other hand, if you are an IS security expert, a security manager or an auditor, I doubt that you will be fired if you know nothing about, say, the Harrison-Ruzzo-Ullmann Model. However, if your knowledge about security policies is limited to what's written in the book, you may be in trouble soon. Those topics that are covered are descriptive and not action-oriented. For example, there is ample information about the types of viruses and anti-virus software that exist, but practically nothing about the controls that should be in place to prevent viruses from spreading. Still, I think everyone interested in computer security will find SOME information in the book that they can use some day.
9 of 10 people found the following review helpful
Worst Textbook I've Ever Read 24 Feb. 2005
By David A. Lessnau - Published on Amazon.com
Format: Paperback Verified Purchase
Without doubt, this is the worst textbook I've ever had the misfortune to encounter. Even before the actual text starts, there's a discrepancy which bodes ill. Specifically, the back cover says:

"Written for SELF-STUDY and course use, this book will suit a variety of INTRODUCTORY and more advanced security programs for students of computer science, engineering and related disciplines."

However, the Preface states:

"This book grew out of my lecture notes for courses taught on a one-year POSTGRADUATE programme on information security."

The back cover is false and the Preface is much closer to what you can expect in the book: no person at a Computer Science/Computer Security introductory level will be able to get anything out of this book. The reader MUST already be fully knowledgeable about Unix, NT, Multics, and various computer security models and jargon. There's no way around that. If you don't meet those requirements, don't even think about picking up this book.

The biggest problem with the book is that it's written from the viewpoint of someone talking to a group of people who are already familiar with the subject: the author is merely pointing out things that those already-knowledgeable people should know. Instead of writing to teach people the topic, the author just synthesizes his own knowledge to focus on the subject. Also, he uses words not to explain and enlighten, but to confuse and obfuscate. For instance, his standard writing behavior is to use obscure technical terms well before he defines them. Plus, in general, as the book progresses, the exercises at the end of each chapter have less and less to do with anything discussed in the book and require such a level of expertise in huge swaths of areas that no one could possibly do them. Some specifics:

- The first five chapters are devoted to some of the theoretical underpinnings of the theory of computer security. Unfortunately, the author doesn't really explain these models. Instead, he assumes intimate knowledge of the models and talks about certain aspects of them. What's really jarring is that after solely talking about motherhood and apple pie (security wise) in nice, warm, fuzzy terms, he suddenly drops in "equations" from these models without explaining any of the terms or nomenclature (he follows this procedure throughout the book). Usually, after several pages you can find the definitions for what he's just said. But, unless you're familiar with what he's doing, none of this will make sense.

- For icing, in these first five chapters, the author uses virtually NO examples (which, for the most part, continues throughout the book). He'll mention Multics and some consultant data base as sources, but he never gives concrete examples of what he's "explaining." Even worse, with no examples in the text, the author asks the reader to provide examples of what he's talking about in the exercises. In general, the exercises assume far more knowledge than the author has provided in the text.

- In chapter 6, "Unix Security," he moves into "examples" of where these models are used. Similarly to earlier chapters, he writes as though his readers are intimately familiar with the subject (Unix, in this case) and that he's merely pointing out some interesting things. The chapter is filled with Unix commands with no structure to his delivery or explanation of where those commands come from. Plus, when you get to the exercises at the end of the chapter, they're mostly of the type that require you to SIGN ON TO YOUR UNIX SYSTEM AND DO THINGS! There's nothing in the preface of this book stating the requirement for being on (and intimately familiar with) a Unix system. Yet, there you are, unable to understand the chapter, and unable to do the exercises.

- Chapter 7, "Windows NT Security," is almost as bad. For someone with no familiarity with the inner workings of NT, most of the chapter will be meaningless. It's not quite as bad as Chapter 6 since NT uses a GUI for what he discusses and Unix uses the command line, but it's still frustrating. Unlike Chapter 6 and Unix, the exercises don't assume access to an NT machine, although most of them can't be done with only the information presented in the chapter.

- Chapter 8, "How Things Go Wrong," is actually somewhat interesting. It suffers from the same assumption that the reader is intimately familiar with the technical jargon of various systems and protocols. But, it actually involves examples. Of course, the exercises at the end of the chapter are undoable since they don't relate to anything taught in the chapter and are at a highly technically adept level.

I'm running out of space, so I won't write about the remaining seven chapters except to say that they suffer from the same things related above. I'd also like to include some advice to Florida State University (FSU): this book is the text for an elective (CIS 4360: "Introduction to Computer Security") in their Computer Science degree. According to the course write-up, its sole prerequisite is CGS 3408, which is a C programming course. FSU seriously needs to re-examine their use of this book. There's no chance that undergraduate students with only a C programming course under their belts (and C is used nowhere in the book) will get anything out of this book other than hemorrhoids. Find another book.

I rate this book 1 star out of 5. Avoid.
6 of 7 people found the following review helpful
Great Survey of the Fundamenal Science of Computer Security 28 Nov. 2000
By Brian Bowman - Published on Amazon.com
Format: Paperback
Dieter Gollmann's "Computer Security" provides an excellent survey of the fundamental science relating to the book's title. As stated in the Editorial Review, it is intended as a graduate Computer Science textbook. While this may be true, it is also valuable for anyone tasked with designing security into an application or distributed system.
The book provides a macro-level introduction to the primary subject areas involved in securing operating, network, and database systems, with varying levels of exposure to theoretical foundations, architectural tradeoffs, and practical implementations. These "varying levels" are perhaps the one difficulty I have with the book, because the treatment of some topic left me with an uneven understanding with respect to other important topics. For example:
In PART 1 FUNDAMENTALS, Chapter 3 (Access Control) lays thorough conceptual groundwork for understanding Chapter 4 (Security Models) which covers the theoretical development (Set Theory and Partial Order Relations) of formal Access Control Models.
These subjects are "bread and butter" to operating/database system securdesigners and receive very robust treatment given the overall dimensions of the book. However, other primary security topics (e.g. Cryptography) do not get enough fundamental explanation to leave an uninitiated reader with a sense of understanding. Perhaps, this dilemma is endemic to computer security itself - a paradigm that requires deep multi-disciplinary subject understanding to master. However, "Computer Security" does mitigate this apparent deficiency by providing a comprehensive Bibliography complete with 163 separate entries.
4 of 5 people found the following review helpful
Translation, please! 12 Aug. 2002
By James M. Dial - Published on Amazon.com
Format: Paperback
This book begins with a poem in an unidentified language that is never translated. Take this as a clue to what you're in for throughout the book. Chock full of abbreviations, acronyms, waffles and other items of geekspeak grammar, this book is possibly good reference for super technicians already familiar with the topic. For a user who is taking his first course to become familiar with the basics of computer security, however, this book might as well be in another language. After reading two bad books on this subject, I am beginning to doubt that anyone really knows much about computer security. By the way, I could make the effort to find out what language the poem is in and what it says, but as with the more technical items in this book, isn't that what I paid the author to tell me? This book is a poor value for your money.
6 of 8 people found the following review helpful
unlike other books 3 Dec. 2000
By "weippl" - Published on Amazon.com
Format: Paperback
The reason why I like this book is that its first chapter is *not* on cryptography and *not* on network security. Most other books focus on those issues (or on viruses) and do not deal with various security models in detail. Obviously, this is a theory biased textbook and not a book on 'how to make surfing with browser x version y.z more secure'. :-)
Were these reviews helpful? Let us know