This book provides a concise yet comprehensive overview of computer and Internet security, suitable for a one-term introductory course for junior/senior undergrad or first-year graduate students. It is also suitable for self-study by anyone seeking a solid footing in security - including software developers and computing professionals, technical managers and government staff. An overriding focus is on brevity, without sacrificing breadth of core topics or technical detail within them. The aim is to enable a broad understanding in roughly 350 pages. Further prioritization is supported by designating as optional selected content within this. Fundamental academic concepts are reinforced by specifics and examples, and related to applied problems and real-world incidents.
The first chapter provides a gentle overview and 20 design principles for security. The ten chapters that follow provide a framework for understanding computer and Internet security. They regularly refer back to the principles, with supporting examples. These principles are the conceptual counterparts of security-related error patterns that have been recurring in software and system designs for over 50 years.The book is "elementary" in that it assumes no background in security, but unlike "soft" high-level texts it does not avoid low-level details, instead it selectively dives into fine points for exemplary topics to concretely illustrate concepts and principles. The book is rigorous in the sense of being technically sound, but avoids both mathematical proofs and lengthy source-code examples that typically make books inaccessible to general audiences. Knowledge of elementary operating system and networking concepts is helpful, but review sections summarize the essential background. For graduate students, inline exercises and supplemental references provided in per-chapter endnotes provide a bridge to further topics and a springboard to the research literature; for those in industry and government, pointers are provided to helpful surveys and relevant standards, e.g., documents from the Internet Engineering Task Force (IETF), and the U.S. National Institute of Standards and Technology.
保羅·C·范奧爾肖特(Paul C. van Oorschot)是卡爾頓大學(Carleton University,渥太華)的計算機科學教授,並擔任加拿大研究主席,專注於身份驗證和計算機安全。他是ACM會士、IEEE會士以及加拿大皇家學會會士。他曾擔任NSPW 2014-2015、USENIX Security 2008、NDSS 2001-2002的程序主席,並共同撰寫《應用密碼學手冊》(Handbook of Applied Cryptography,1996)。他曾在IEEE TDSC、IEEE TIFS和ACM TISSEC/TOPS的編輯委員會任職。他的研究興趣包括身份驗證和身份管理、計算機安全、網際網路安全、安全性與可用性、軟體安全以及應用密碼學。他的學術生涯之前有14年的電信和軟體安全的工業研究與開發經驗。