Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin
暫譯: 電腦安全與網際網路:從惡意軟體到比特幣的工具與寶藏
Van Oorschot, Paul C.
相關主題
商品描述
This book provides a concise yet comprehensive overview of computer and Internet security, suitable for a one-term introductory course for junior/senior undergrad or first-year graduate students. It is also suitable for self-study by anyone seeking a solid footing in security - including software developers and computing professionals, technical managers and government staff. An overriding focus is on brevity, without sacrificing breadth of core topics or technical detail within them. The aim is to enable a broad understanding in roughly 350 pages. Further prioritization is supported by designating as optional selected content within this. Fundamental academic concepts are reinforced by specifics and examples, and related to applied problems and real-world incidents.
The first chapter provides a gentle overview and 20 design principles for security. The ten chapters that follow provide a framework for understanding computer and Internet security. They regularly refer back to the principles, with supporting examples. These principles are the conceptual counterparts of security-related error patterns that have been recurring in software and system designs for over 50 years.
The book is "elementary" in that it assumes no background in security, but unlike "soft" high-level texts it does not avoid low-level details, instead it selectively dives into fine points for exemplary topics to concretely illustrate concepts and principles. The book is rigorous in the sense of being technically sound, but avoids both mathematical proofs and lengthy source-code examples that typically make books inaccessible to general audiences. Knowledge of elementary operating system and networking concepts is helpful, but review sections summarize the essential background. For graduate students, inline exercises and supplemental references provided in per-chapter endnotes provide a bridge to further topics and a springboard to the research literature; for those in industry and government, pointers are provided to helpful surveys and relevant standards, e.g., documents from the Internet Engineering Task Force (IETF), and the U.S. National Institute of Standards and Technology.
商品描述(中文翻譯)
這本書提供了一個簡明而全面的電腦與網路安全概述,適合用於大學三年級/四年級或研究所一年級的入門課程。它也適合任何希望在安全領域建立堅實基礎的自學者,包括軟體開發人員、計算專業人士、技術經理和政府人員。本書的主要重點在於簡潔,卻不犧牲核心主題的廣度或技術細節。目標是在大約350頁內使讀者能夠獲得廣泛的理解。進一步的優先考量是通過將某些內容標示為選修來支持這一點。基本的學術概念通過具體的例子得到強化,並與應用問題和真實事件相關聯。
第一章提供了一個溫和的概述以及20條安全設計原則。接下來的十章提供了一個理解電腦與網路安全的框架,並定期回顧這些原則,並附上支持性例子。這些原則是與安全相關的錯誤模式的概念對應,這些模式在過去50多年來的軟體和系統設計中不斷出現。
這本書是「基礎性的」,因為它不假設讀者有安全方面的背景,但與「軟性」的高層次文本不同,它不會避免低層次的細節,而是選擇性地深入探討一些具體主題,以具體說明概念和原則。這本書在技術上是嚴謹的,但避免了數學證明和冗長的源代碼示例,這些通常使書籍對一般讀者難以接觸。對於基本的作業系統和網路概念的了解是有幫助的,但回顧部分總結了必要的背景。對於研究生,書中每章末尾提供的內嵌練習和補充參考資料為進一步主題提供了橋樑,並作為研究文獻的跳板;對於業界和政府的人員,則提供了有用的調查和相關標準的指引,例如來自網際網路工程任務組(IETF)和美國國家標準與技術研究所的文件。
作者簡介
Paul C. van Oorschot is a Professor of Computer Science at Carleton University (Ottawa), where he is Canada Research Chair in Authentication and Computer Security. He is an ACM Fellow, an IEEE Fellow, and a Fellow of the Royal Society of Canada. He was Program Chair of NSPW 2014-2015, USENIX Security 2008, NDSS 2001-2002, and co-author of the Handbook of Applied Cryptography (1996). He has served on the editorial boards of IEEE TDSC, IEEE TIFS, and ACM TISSEC/TOPS. His research interests include authentication and identity management, computer security, Internet security, security and usability, software security, and applied cryptography. His academic career was preceded by 14 years of industrial research and development in telecommunications and software security.
作者簡介(中文翻譯)
保羅·C·范奧爾肖特(Paul C. van Oorschot)是卡爾頓大學(Carleton University,位於渥太華)的計算機科學教授,並擔任加拿大研究主席,專注於身份驗證和計算機安全。他是ACM會士、IEEE會士以及加拿大皇家學會會士。他曾擔任NSPW 2014-2015、USENIX Security 2008、NDSS 2001-2002的程序主席,並共同撰寫了《應用密碼學手冊》(Handbook of Applied Cryptography,1996)。他曾在IEEE TDSC、IEEE TIFS和ACM TISSEC/TOPS的編輯委員會任職。他的研究興趣包括身份驗證和身份管理、計算機安全、網際網路安全、安全性與可用性、軟體安全以及應用密碼學。他的學術生涯之前有14年的電信和軟體安全的產業研究與開發經驗。
