CSM27 : Reading List

Core reading

• Dieter Gollmann: Computer Security This book is concise and formal. The module mainly follows this book, but it may be a bit too concise and formal to use as the only textbook.

Background reading

• Pfleeger and Pfleeger: Security in Computing This book is going to be a useful supplement to Gollmann, as it is a bit more verbose and likely to provide supplementary examples. It also uses more figures and visual diagrams than Gollmann.
• IEEE Security and Privacy (electronically available from IEEE Explore) is a professional magazine on computer security. The articles are very readable, and useful background reading.

Suggested reading

• Matt Bishop: Computer Security A second alternative to Pfleeger & Pfleeger as a source of an alternative view on the topic.
• Robert C. Seacord: Secure Coding in C and C++ This book specialises on the topic of software security, which will deal with in 1-2 lectures at the end of the term.
• Ross Anderson: Security Engineering.
• Schneider (2000) `enforceable security policies'
• Vulnerabilities in E-governments by Vebjørn Moen et al. `This paper shows that 80% of the E-governments in the world are vulnerable to common Web Application attacks such as Cross Site Scription and SQL injection.' If you are particularly interested in the SQL injection problem discussed in the first session, I suggest that you have a look at this paper. Other papers by the same group are also available.
• The Chinese Wall Security Policy by Dr. David F.C. Brewer and Dr. Michael J. Nash

$Id: reading.php 351 2008-09-12 16:17:39Z css1hs $

Disclaimer

Every effort has been made to ensure the accuracy of the information contained in the University's web pages and in the associated School/Department pages. The University reserves the right to make changes to the information given. Applicants will receive additional, current information during the admissions process and on joining the University.