Computer Security Art and Science
by Matt Bishop

Addison-Wesley 2003.
ISBN 0-201-44099-7. LoC QA76.9.A25B56 2002. 1084 pages. $74.99. Bibliography. Index.

Reviewed by  Robert Bruen   January 8, 2003 

Professor Bishop's has raised the level of the field of digital security with this book. Although there are many good security books available, none has pulled together the theoretical side like this one. No discipline is really a discipline unless it has a a fundamental, theoretical reference available. This is a signal that the field has reached a level of maturity beyond worrying about juvenile attacks like Denial of Service and Web Page Defacement. Some of the other good security books have offered theoretical approaches, but Bishop has provided the most comprehensive of all.

No one who practices computer security should ignore this book, in spite of its billing as a theoretical work. Theoretical means there is math and models at a the deeper levels, not all of which a practitioner requires to secure a system. However, the deeper levels of understanding provide abstract methods of dealing with novel problems, a step beyond knowing that a particular operating system version needs a specific patch to be protected against single attack. More emphasis will be placed on proper design of systems to meet security requirements and without a strong theoretical basis to work from, it just will not happen.

Mathematics gives us a couple of things. On the one hand there are proofs, theorems and formulas, which seem to be the playground of the professionals, and on the other hand, we have a way of thinking about ideas. Bishop has produced an wonderful example of both. The chapters are well organized with definitions that are clearly drawn out into the more complex ideas in a style which is quite readable. The teaching approach is evident throughout the book.

It is a long book, over 1000 pages, with little white space and lots of figures. It is organized into nine parts consisting of thirty-five chapters. The first two parts are the requisite introduction and the all important foundations. The third part is a wonderful coverage of policy, which contains practical matter, but we find the use of specialized language and several models present, which do not appear in other policy texts for computer security. Parts four and five are dedicated to implementation, first cryptography, then systems. Obviously, since cryptography is covered in many other places, just enough of the basics are here. Assurance, the topic of part six, was contributed by Elisabeth Sullivan. These four chapters follow the pattern of the rest of the book without a bump. The Common Criteria is discussed, along with systems evaluation and formal methods for assurance. Parts seven and eight more practical in nature such as malicious code, auditing, security for programs, web servers and users. The last part is a collection of interesting areas, among them are lattices, the Euclidean Algorithm, and Entropy.

The book is intended as a textbook. Every chapter has sections on research issues, further reading and exercises. There is an extensive bibliography and many examples. Computer security is a game of knowledge and expertise. The underpinnings of the game are here for the taking. A must for anyone in the field, even if you are not in school as a student or a teacher. Bishop's Computer Security will have the same kind of impact on computer security that Bruce Schneier's Applied Cryptography has on cryptography.  One of the best security books written.