Rating: 
Summary: Great Survey of the Fundamenal Science of Computer Security
Review: Dieter Gollmann's "Computer Security" provides an excellent survey of the fundamental science relating to the book's title. As stated in the Editorial Review, it is intended as a graduate Computer Science textbook. While this may be true, it is also valuable for anyone tasked with designing security into an application or distributed system.The book provides a macro-level introduction to the primary subject areas involved in securing operating, network, and database systems, with varying levels of exposure to theoretical foundations, architectural tradeoffs, and practical implementations. These "varying levels" are perhaps the one difficulty I have with the book, because the treatment of some topic left me with an uneven understanding with respect to other important topics. For example: In PART 1 FUNDAMENTALS, Chapter 3 (Access Control) lays thorough conceptual groundwork for understanding Chapter 4 (Security Models) which covers the theoretical development (Set Theory and Partial Order Relations) of formal Access Control Models. These subjects are "bread and butter" to operating/database system securdesigners and receive very robust treatment given the overall dimensions of the book. However, other primary security topics (e.g. Cryptography) do not get enough fundamental explanation to leave an uninitiated reader with a sense of understanding. Perhaps, this dilemma is endemic to computer security itself - a paradigm that requires deep multi-disciplinary subject understanding to master. However, "Computer Security" does mitigate this apparent deficiency by providing a comprehensive Bibliography complete with 163 separate entries.
Rating:
Summary: Great Survey of the Fundamenal Science of Computer Security
Review: Dieter Gollmann's "Computer Security" provides an excellent survey of the fundamental science relating to the book's title. As stated in the Editorial Review, it is intended as a graduate Computer Science textbook. While this may be true, it is also valuable for anyone tasked with designing security into an application or distributed system. The book provides a macro-level introduction to the primary subject areas involved in securing operating, network, and database systems, with varying levels of exposure to theoretical foundations, architectural tradeoffs, and practical implementations. These "varying levels" are perhaps the one difficulty I have with the book, because the treatment of some topic left me with an uneven understanding with respect to other important topics. For example: In PART 1 FUNDAMENTALS, Chapter 3 (Access Control) lays thorough conceptual groundwork for understanding Chapter 4 (Security Models) which covers the theoretical development (Set Theory and Partial Order Relations) of formal Access Control Models. These subjects are "bread and butter" to operating/database system security designers and receive very robust treatment given the overall dimensions of the book. However, other primary security topics (e.g. Cryptography) do not get enough fundamental explanation to leave an uninitiated reader with a sense of understanding. Perhaps, this dilemma is endemic to computer security itself - a paradigm that requires deep multi-disciplinary subject understanding to master. However, "Computer Security" does mitigate this apparent deficiency by providing a comprehensive Bibliography complete with 163 separate entries.
Rating:
Summary: Great Survey of the Fundamenal Science of Computer Security
Review: Dieter Gollmann's "Computer Security" provides an excellent survey of the fundamental science relating to the book's title. As stated in the Editorial Review, it is intended as a graduate Computer Science textbook. While this may be true, it is also valuable for anyone tasked with designing security into an application or distributed system. The book provides a macro-level introduction to the primary subject areas involved in securing operating, network, and database systems, with varying levels of exposure to theoretical foundations, architectural tradeoffs, and practical implementations. These "varying levels" are perhaps the one difficulty I have with the book, because the treatment of some topic left me with an uneven understanding with respect to other important topics. For example: In PART 1 FUNDAMENTALS, Chapter 3 (Access Control) lays thorough conceptual groundwork for understanding Chapter 4 (Security Models) which covers the theoretical development (Set Theory and Partial Order Relations) of formal Access Control Models. These subjects are "bread and butter" to operating/database system security designers and receive very robust treatment given the overall dimensions of the book. However, other primary security topics (e.g. Cryptography) do not get enough fundamental explanation to leave an uninitiated reader with a sense of understanding. Perhaps, this dilemma is endemic to computer security itself - a paradigm that requires deep multi-disciplinary subject understanding to master. However, "Computer Security" does mitigate this apparent deficiency by providing a comprehensive Bibliography complete with 163 separate entries.
Rating: 
Summary: A university textbook with limited practical relevance
Review: First of all, the book's title is not quite correct. "Some Technical Aspects of Computer Security" would be closer to the truth. It does not cover many important areas of Computer Security, such as IS organization, physical security etc. The book was written based on university lecture notes and it shows. It is quite obvious that Mr. Gollmann has never been in charge of the security of a corporate network (I doubt that he had SEEN one), so his knowledge regarding the real-life issues is rather limited. There are hardly any case studies in the book. Consequently, the usefulness of the book depends on the audience. If you are a university professor, trying to "entertain" your students with theories that they can forget as soon as they graduate, look no further, buy this book NOW. The same thing applies if you are a student wanting to survive such a course. (The back cover of the book quotes someone from Linköping University: "...the book I have been looking for for years". I can easily believe that.) On the other hand, if you are an IS security expert, a security manager or an auditor, I doubt that you will be fired if you know nothing about, say, the Harrison-Ruzzo-Ullmann Model. However, if your knowledge about security policies is limited to what's written in the book, you may be in trouble soon. Those topics that are covered are descriptive and not action-oriented. For example, there is ample information about the types of viruses and anti-virus software that exist, but practically nothing about the controls that should be in place to prevent viruses from spreading. Still, I think everyone interested in computer security will find SOME information in the book that they can use some day.
Rating: 
Summary: Simply unreadable
Review: I can't believe that the original price of this book is $60! I got this book for $24 when amazon had a 70% discount on it. And I still regret paying that much for this book. Even if the discount on this book was 90%, it still won't be worth it!
The explanations in this book are very complicated. (I probably shouldn't call them "explanations" - "complications" would make alot more sense!) You would read the paragraph over and over again to just get a hint on what Mr. Gollmann wants to say. If Mr. Gollmann's intention was to sound vague and ambiguous as much as possible, he succeeded!
The book doesn't draw clear boundaries between the different terms - for example, you won't get a clear idea about the relation and interaction between "security policy", "security mechanism", "security system", "security model", "reference model", "access operations", "access permissions", ... etc. It's as if Mr. Gollmann's objective was actually to confuse the reader rather than guide the reader towards clear understanding.
Many ideas could have been presented in a much simpler way, but the author chose otherwise! Plus the book doesn't include enough examples to clear the fog. Mr. Gollman just slams the reader with dry unreadable material. At the end of day, you are left confused, having many unanswered questions, feeling that you got very little out of the much you've read, and wishing you never bought this book!
Rating:
Summary: Undergraduate Computer Security Textbook
Review: My university has an undergraduate CS major in Computer Security and this is the book we use for our introductory subject. Some reviews here have stated that this book does not deal much about the practical aspects of computer security...true, it doesn't, but I don't think it was supposed to anyway. Our major branches out to more practical areas after this subject including applied cryptography and network security. I haven't finished doing this subject as of this writing but I can see how this book will help anyone who intend on doing serious computer security studies in the future. This isn't a "build a firewall in 24 hours" type of book. It's an academic book for those who want an introductory theoretical approach to computer security. If you cannot appreciate the abstract side of computer science then you're probably in the wrong field, buddy. This book is for people who want to get a good foundation on security before getting their hands dirty. If you're a university student/graduate and serious about further studies in computer security then this book is a must buy. This book is not for people who need a step-by-step tutorial to build a firewall (as I have mentioned). If you're more concerned about which set of applications to use in a particular operating system then look elsewhere.
Rating: 
Summary: Practical Security
Review: The book is wonderful and helpful to users of computers and networ
Rating:
Summary: unlike other books
Review: The reason why I like this book is that its first chapter is *not* on cryptography and *not* on network security. Most other books focus on those issues (or on viruses) and do not deal with various security models in detail. Obviously, this is a theory biased textbook and not a book on 'how to make surfing with browser x version y.z more secure'. :-)
Rating:
Summary: Undergraduate Computer Security Textbook
Review: This book begins with a poem in an unidentified language that is never translated. Take this as a clue to what you're in for throughout the book. Chock full of abbreviations, acronyms, waffles and other items of geekspeak grammar, this book is possibly good reference for super technicians already familiar with the topic. For a user who is taking his first course to become familiar with the basics of computer security, however, this book might as well be in another language. After reading two bad books on this subject, I am beginning to doubt that anyone really knows much about computer security. By the way, I could make the effort to find out what language the poem is in and what it says, but as with the more technical items in this book, isn't that what I paid the author to tell me? This book is a poor value for your money.
Rating: 
Summary: Translation, please!
Review: This book begins with a poem in an unidentified language that is never translated. Take this as a clue to what you're in for throughout the book. Chock full of abbreviations, acronyms, waffles and other items of geekspeak grammar, this book is possibly good reference for super technicians already familiar with the topic. For a user who is taking his first course to become familiar with the basics of computer security, however, this book might as well be in another language. After reading two bad books on this subject, I am beginning to doubt that anyone really knows much about computer security. By the way, I could make the effort to find out what language the poem is in and what it says, but as with the more technical items in this book, isn't that what I paid the author to tell me? This book is a poor value for your money.
| 
