Computer Security: A Hands-on Approach - Couverture souple

Présentation de l'éditeur

This book is for students, computer scientists, computer engineers, programmers, software developers, network and system administrators, and others who want to learn the principles of computer security and understand how various security attacks and countermeasures work. Equipped with the knowledge from this book, readers will be able to design and implement software systems and applications that are secure against attacks. They will also be able to evaluate the risks faced by computer and network systems, detect common vulnerabilities in software, use proper methods to protect their systems and networks, and more importantly, apply the learned security principles to solve real-world problems.

The author strongly believes in "learning by doing", so the book takes a hands-on approach. For each security principle, the book uses a series of hands-on activities to help explain the principle; readers can "touch", play with, and experiment with the principle, instead of just reading about it. For instance, if a security principle involves an attack, the book guides readers to actually launch the attack (in a contained environment). If a principle involves a security mechanism, such as firewall or Virtual Private Network (VPN), the book guides readers to implement a mini-firewall or mini-VPN. Readers can learn better from such hands-on activities.

All the hands-on activities are conducted in a virtual machine image provided by the author. They can be downloaded from this URL: http://www.cis.syr.edu/~wedu/seed/. Everything needed for the activities have already been set up; readers just need to download the VM (free), launch it using VirtualBox, and they can immediately work on the activities covered in the book. This book is based on the Ubuntu12.04 VM image. The author will regularly upgrade the VM image in every few years.

Most of the activities in the book are based on the author's SEED labs, which are widely used by instructors all over the world. These labs are the results of 15 years' research, development, and testing efforts conducted by the author and his students in a project called SEED, which has been funded by the National Science Foundation since 2002.

Biographie de l'auteur

Wenliang (Kevin) Du, PhD, received his bachelor's degree from the University of Science and Technology of China in 1993. After getting a Master's degree from Florida International University, he attended Purdue University from 1996 to 2001, and received his PhD degree in computer science. He became an assistant professor at Syracuse University after the graduation. He is currently a full professor in the Department of Electrical Engineering and Computer Science.

He has taught courses in cybersecurity at both undergraduate and graduate levels since 2001. As a firm believer of "learning by doing", he has developed over 30 hands-on labs called SEED labs, so students can gain first-hand experiences on security attacks, countermeasures, and fundamental security principles. These labs are now widely known; more than six hundred universities, colleges, and high schools worldwide are using or have used these labs. In 2010, the SEED project was highlighted by the National Science Foundation in a report sent to the Congress. The report, titled "New Challenges, New Strategies: Building Excellence in Undergraduate STEM Education (Page 16)", highlights "17 projects that represent cutting-edge creativity in undergraduate STEM classes nationwide". Due to the impact of the SEED labs, he was given the "2017 Academic Leadership" award from the 21st Colloquium for Information System Security Education.

He works in the area of computer and network security, with specific interests in system security. He has published over 100 technical papers. As of October 2017, his research work has been cited for over 12,600 times (based on Google Scholar). He is a recipient of the ACM CCS Test-of-Time Award in 2013 due to the impact of one of his papers published in 2003. His current research focuses on smartphone security. He has identified a number of security problems in the design and implementation of the Android operating system. He also developed novel mechanisms to enhance the system security of smartphones.