Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL



Computer technology surrounds us; from mobile phones to digital cameras, and hybrid vehicles to laser surgery, we achieve results that would be impossible without computers. On any given day you probably interact with computer-controlled or computer-assisted devices tens or hundreds of times, generally without even thinking of the computing involved. And this discussion does not even include the laptops, desktops, netbooks, and other actual computers we use, let alone the Internet and its vast oceans of data. Of course, we could do without all these things, but our lives would be different.

At the same time, as we become more accustomed to and integrated with computers, their weaknesses become our weaknesses. If you lost power, you could write a report by hand or on a manual typewriter, but the process would be a challenge; you might be relieved when the power went back on. You do not worry about changes to paper documents, as long as they are protected from physical hazards such as fire or deterioration, but you must guard against accidentally modifying a file or losing it because of a power surge. When you share a secret with a friend, you do not worry that your secret will become public if someone takes a picture of your friend, but you do need to prevent your files from being copied without your permission. Our use of computer technology has brought with it certain risks.

This book is about bad things that can happen with computers and ways to protect our computing. The title Analyzing Computer Security should alert you that this book is intended to help you develop a way of thinking critically about computers and their security.

Why Read This Book?

You do not learn algebra by memorizing the names of famous mathematicians or learning the Greek alphabet. You learn algebra by studying its principles, techniques, and results. And then you work problems ... lots of problems. You get to the point where you can set up the equations for a mixture problem before you even finish reading or hearing the problem statement. Solving two equations in two unknowns becomes easy. But these tasks were really challenging the first time you did them.

Now let us consider a different kind of learning: completing a crossword puzzle. At the beginning you may have had trouble filling in any cells. Gradually you learned tricks: a plural is likely to end in S, Q is usually followed by U, two Js together may indicate a mistake. Gradually, your analytic skills developed and you may have found you could solve harder puzzles. In a way, you began to think like the person who wrote the puzzle.

This book will do the same kind of thing for you with respect to the security of computers and data: It will make you aware of how such systems can fail—or be made to fail—and how to protect yourself and your use of computing. You will start to look at computing as would an attacker. Your question becomes not How can I make this work? but How could this fail? Only by figuring out the failure modes can you decide how to protect yourself.

For these reasons, the threat–vulnerability–countermeasure approach is the basis of our presentation. Each chapter starts with an attack, from which we challenge you to develop your ability to identify people or things that could cause harm, locate the weaknesses against which they would work, and learn about the protective tools of the computer security community. For more than forty years, the leaders in our field have been developing a vast array of defenses that we will share with you. Just as with algebra, you need to know the tools of the field, but you also need to develop the insight that guides when to apply which tool.

Who Should Read This Book?

Three groups of people can profit from reading this book: students, computing professionals, and users.

College and university students can use this book in a one- or two-semester course on computer and information security. It covers the most important points such courses address, such as network security, application code, identification and authentication, access control, and operating systems. You will find the expected topics of firewalls, intrusion detection and protection systems, cryptography, viruses, and secure programming techniques, as well as many others. We think you will learn how, when, and why to apply these things for the most benefit.

Computing professionals may have a different context and focus from that of college students. Whereas many students want the full development of the subject, you as professionals may be more comfortable diving into the middle, to learn about a topic that is of immediate importance. From that topic, you can move to neighboring topics that are relevant, or pick another topic in which you have an interest. Although the book has a front-to-back progression, we point to other chapters that have material relevant to what you are currently reading, so you can feel comfortable starting at your point of interest and referring back if you find a concept you need to learn more about.

Computer users can easily find the language of computer security mystifying: Viruses, teardrop attacks, bots, drive-by downloads, backdoors, and rootkits sound dreadful, which they can be, but underneath they are just words to describe methods attackers use to harm you. To protect yourself, ignore the colorful language and focus instead on what valuable things of yours are at risk and how you can defend yourself. You will find not just definitions of these terms but also examples to which you can relate.

We wrote this book to be useful to all three kinds of readers.

What Will You Learn From This Book?

From this book you will learn how to think critically and creatively about security. Anyone can memorize facts, but mere facts will not address the constantly changing situations in computer security. You need to be able to look at new programs, technologies, requirements, data collections, and objects with an eye for how their security can fail and how those potential failures can be countered.

As you read this book you will encounter many examples: some old, some very recent. We even mention some situations from the days before computers, to amplify or demonstrate a point we want you to understand.


As you look at the Contents you will not find a networks chapter or the cryptography section or even the privacy pages. That is because computer security, like many disciplines, has interrelationships. We have chosen to work with, rather than against, those connections.

How Is This Book Structured?

We think you will find this book intriguing. We have laid it out in a rather nontraditional way for a textbook, but the structure is designed to help you learn to think critically about security.

Think for a moment of a history book, for example, about the nineteenth century. One conventional way to present history is chronologically: Start at the beginning in 1800 and work by date through all the major events until 1900. That organization is familiar because that is the way our lives unfold, but it is not the only way to present history. Another way to appreciate history is to observe the changes in society. For example, we could look at how artists abandoned realism and classicism for impressionism. We could analyze how inventions and the Industrial Revolution changed the nature of work, or how small city-states united to form large nations. Just as photography lets people see and record events that had formerly been represented only in words, so do we seek to view security through a lens that will help you understand its principles.


The lens we have chosen is the threat–vulnerability–countermeasure paradigm. Computer objects are subject to threats from attack sources; those attacks aim to exploit weaknesses or vulnerabilities; and we can take action to protect against the harm those threats could cause. We use case studies to illustrate each attack type.

We have picked real examples for our case studies. In some cases there was an obvious failure: a human error, technology failure, misunderstanding, or an oversight. We assure you, these failures may be obvious in retrospect, but they were not so apparent before the event. That is precisely the point of this book: You should develop the ability to analyze a situation outside this book, to determine what threats could be raised, what vulnerabilities exploited, and what countermeasures employed. From studying the examples in this book and our explanations, you will acquire both the tools to use as countermeasures and the experience to guide your thinking.


In case you want to find a particular topic, Table P-1 shows you where some of the conventional topics of computer security are covered. (This table shows only main locations for these topics.)

Table P-1. Conventional Topics and Where They Appear in This Book
Threats, vulnerabilities, and countermeasures1:Definitions
All other chapters: Examples
Identification and authentication2:Basic concepts
12:Shared secrets, one-time passwords
Cryptography4:Cryptographic checksums
 7:Symmetric encryption
 10:Cryptographic weaknesses (WiFi protocols)
 11:Key management; asymmetric cryptography
 13:Digital signatures, public key infrastructure, code signing
 14:SSL, IPsec
 16:Block chaining
Malicious code4:Viruses, Trojan horses, worms
 6:Buffer overflows
 12:Man-in-the-middle attacks, covert channels
 15:Denial-of-service attacks, distributed denial of service attacks
Network security9:Network architecture
 10:WiFi vulnerabilities
 14:Replay attacks; session hijacks
 15:Intrusion detection systems
Operating systems4:Memory separation
 6:Memory management
 8:Rootkits and operating system subversion, trusted operating systems
Secure software development3:Techniques
6:Error prevention
System design5:Security through obscurity
 6:Access control models and enforcement
 8:Simplicity of design, trusted system design
 9:Layered protection
 17:Peer-to-peer network model
Assurance8:Trusted systems
Privacy2:Identities and anonymity
 17:Unexpected data distribution
 18:Social media applications, inference, and aggregation

Expected Background

What background do you need to appreciate this book? We assume you understand programming, machine organization, operating systems, and networking. We give some background in each of these topics where we introduce them, but because these are the topics of entire books and courses, we cannot really cover all that background in this book. A student in a computer science program or a professional designer or developer probably has most of the background necessary or can check a reference for any needed explanation.

How Does This Book Relate to Security in Computing?

You may have seen Security in Computing, of which the most recent edition was published in 2007. This book began as a revision; however, as it took shape, we realized it was a dramatically different book. True, both books address many of the same topics, and you will even see some overlap because, for example, there are only so many ways you can explain authentication.

However, not only does this book have more recent coverage of emerging topics, the objectives and structure are completely different. If you want encyclopedic coverage of computer security in a taxonomic progression, you want Security in Computing. However, we think a significant number of people will like the analytical approach of this book, so we offer it as an alternative for people who want to be able to identify security weaknesses in any situation and know tools and techniques by which to counter those weaknesses.

In the Chapters

Let us now explain how the individual chapters are laid out.


Each chapter begins with a spotlight: a handful of bullet points to tell you the major topics that will be covered in the chapter. This lets you quickly know what you will find in a chapter, so if you want to skip around in the book, this block will give you a simple guide.


We use the same format for each chapter: a case, explanation of the threats, enumeration and expansion on the vulnerabilities, and statement and development of the countermeasures.

Recurring Threads

Some topics are relevant to computer security; we would be remiss if we did not raise them at appropriate points. These topics are privacy, ethics, law and law enforcement, forensics, management, and economics. We pay attention to these topics at points when they are especially relevant in sections labeled “Recurring Thread.”


Sometimes we want to view a point from a different perspective, show a historical parallel, or tell an interesting story. We do these things in Sidebars. They are set off typographically so you can tell they are interruptions to the normal flow of content.


We have added three mini-chapters to give you a chance to apply the analytic skills you will learn. We call these pieces Interludes, and they raise issues related to cloud computing, electronic voting, and cyber warfare. Currently in an early stage of development, each of these is an important area that we expect will gain in prominence in the future. Although people are beginning to address the security issues for these areas, more analysis and implementation remain to be done.

The Interludes challenge your analytical skills. In each Interlude we lay out the topic and ask some pointed questions for your consideration. However, we leave the bulk of the work to you: Who would have method, opportunity, and motive to attack? What would be the nature of the attack? What harm could occur? Where might there be vulnerabilities that could be exploited? How difficult would an attack be? And what countermeasures could or should be applied now to render each of these situations more secure in the future?


We conclude each chapter by briefly reviewing the salient points, summarizing the current state of and future issues for the chapter’s topic, and tabulating the key threats, vulnerabilities, and countermeasures of the chapter.


At the end of each chapter you will find a set of exercises. Many of the exercises call for you to analyze, describe, or justify something. You can do these exercises mentally or in writing, and you can use some as debate topics for friends, students, or colleagues.


We end the book with a last, unnumbered chapter, to describe where we think the field of computer security is heading. Crystal balls are notoriously cloudy, and we do not think our ability to predict the future is exceptional. Still, this book has pointed out some security strengths and weaknesses in our current computing environment, and we use the Afterword to recommend things to which the community should pay attention.


It is increasingly difficult to acknowledge all the people who have influenced this book. Many colleagues and friends have contributed their knowledge and insight, often without knowing their impact. By arguing a point or sharing explanations of concepts, our associates have forced us to question or rethink what we know.

We thank our associates in at least two ways. First, we have tried to include references to their written works. References in the text cite specific papers relating to particular thoughts or concepts, but the Bibliography also includes broader works that have played a more subtle role in shaping our approach to security. So, to all the cited authors, many of whom are friends and colleagues, we happily acknowledge your positive influence on this book.

Rather than name individuals, we thank the organizations in which we have interacted with creative, stimulating, and challenging people from whom we learned a lot. These places include Trusted Information Systems, the Contel Technology Center, the Centre for Software Reliability of the City University of London, Arca Systems, Exodus Communications, the RAND Corporation, Cable & Wireless, and the Institute for Information Infrastructure Protection. If you worked with us at any of these locations, chances are high that your imprint can be found in this book. And for all the side conversations, debates, arguments, and light moments, we are grateful.

We want to recognize and thank three people for their particular, significant contributions to this book. Mischel Kwon first suggested to us the idea of studying security by exploring threats, vulnerabilities, and countermeasures. As we picked up and began to expand that idea, she offered valuable constructive criticism, as well as friendship and encouragement. We similarly appreciate the contributions of Charles Palmer. In addition to writing the Foreword to this book, Charles has been a great friend and colleague who has gladly shared his insights. We also thank Bernard Goodwin, our editor at Prentice Hall, who has been a solid champion during development of this book.


  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint