This is an HTML rendering of a working paper draft that led to a publication. The publication should always be cited in preference to this draft using the following reference:
Charles P. Pfleeger and Shari Lawrence Pfleeger
Security in Computing, Fourth edition
Englewood Cliffs, NJ: Prentice Hall, 2007
D.E.R. Denning’s classic 1982 book “Cryptography and Data Security” is 400 pages long. If a field’s importance can be judged by the size of its textbooks, then security is certainly in the spotlight. At 845 pages Charles and Shari Pfleeger’s “Security in Computing” will require me to rearrange my bookshelf of security books to make space for it. Yet, I would be hard-pressed to find material in it that could be removed. True, when the Pfleegers can choose between elaborating and outlining a topic, they will typically elaborate, adding examples, diagrams, and sidebars to illustrate its significance. Security experts may find this level of detail tiresome, but I’m sure that students and unversed professionals will appreciate it when trying to grapple the hundreds of security concepts discussed in the book.
The book’s organization is eminently practical. After two chapters covering the problem of security in computing and the basics of cryptography, the next chapters of the book address security in specific fields: program code, general-purpose operating systems, trusted systems, databases, and networks. The relevant theory is covered close to the point where it applies. Although a separate discussion of security’s terms and theoretical underpinnings may be more elegant, I’ve seen that students find such an approach tiring, if not sleep-inducing. The four next chapters are less technical, dealing with security administration, the economics of cybersecurity, privacy in computing, and legal and ethical issues. A final chapter titled “cryptography explained” contains the nitty-gritty details of cryptographic algorithms, that mercifully weren’t covered in the book’s second chapter. A further 32 pages of bibliographic references and a 29-page index complete the offering.
All chapters end with a summary, an index of terms and concepts, a discussion of where the particular field is headed, references for further reading, and plentiful exercises. The exposition is aided by numerous clear diagrams, sidebars, and many examples. Some of the examples are oversimplified: for instance, in modern systems a buffer overflow in a user’s data area can’t overwrite system data or program code, as shown on page 105. Nevertheless, a simplified example is better than an inscrutable one: readers wishing an in-depth treatment of a particular topic can seek that in more specialized sources.
This book’s fourth edition adds new material in many of the previous edition’s chapters: networking, operating system attacks and controls, and data mining. More significantly, the book also includes two new chapters, one on the economics of cybersecurity and one on privacy. Both are hot topics that merit the treatment they get in the book. In a summary, “Security in computing” is a valuable textbook, bringing a large, diverse field under one comfortable and spacious roof.