Order from a Major Online Bookstore
Ultimate Book Price Comparison Engine
Save Your Time And Money
| AnyBook4Less.com | Order from a Major Online Bookstore |
|
| Home | Store List | FAQ | Contact Us | | ||
| Ultimate Book Price Comparison Engine Save Your Time And Money |
||
 |
Title: Multilevel Secure Transaction Processing (THE KLUWER INTERNATIONAL SERIES ON ADVANCES IN DATABASE) by Vijay Atluri, Sushil Jajodia, Binto George ISBN: 0-7923-7702-8 Publisher: Kluwer Academic Publishers Pub. Date: 01 October, 1999 Format: Hardcover Volumes: 1 List Price(USD): $161.00 |
Average Customer Rating: 1 (1 review)
Rating: 1
Summary: Obsolete and not interesting--not even for specialists
Comment: Multilevel Secure Transaction Processing:
The second paragraph on page 1 begins with the statement "The primary purpose of a security mechanism is to control access to data." This is a typical view of security from the perspective of technologists, but it is an unsophisticated understanding of security in today's wired world of e-commerce. The defense-oriented experience of the authors is clear in this introduction. The third paragraph includes the most obtuse introduction to Mandatory Access Control that I've ever read. The distinction between DAC and MAC is a crucial concept towards understanding the limitations of DAC, which is what virtually all commercial products support, but unfortunately, this explanation would be incomprehensible to anyone who doesn't already understand the difference.
The subsequent section "Why DAC is not enough" is somewhat better, but it still misses one of the fundamental problems with DAC-that of authorized users explicitly making data available to people who aren't authorized to have it. While MAC can indeed prevent the Trojan horse attacks described in this book from succeeding, it is misleading to give the impression that Trojan horses are the only way to defeat DAC.
The section on MLS architectures is short, but useful in understanding multi-tier e-commerce architectures. Beyond that, the book becomes too technical for me, which is what I expected. Given that the authors have such a narrow vision of the field of security-that of the military and intelligence agencies with unlimited budges and insanely sensitive data-it isn't surprising that they lack a useful perspective from a business point of view.
The era of Multi-Level Secure systems is pretty much over, having been so complex that even the intelligence agencies avoided them like the plague. No commercial Unix vendors are currently selling an MLS platform, and if the database vendors mentioned in this book are still selling such products, they certainly are being quiet about it. MLS databases are basically a giant intellectual puzzle, and for those who are interested in this type of intellectual puzzle, there is some value here seeing obscure ways in which a complex system can inadvertently leak data, and clever work arounds to plug these theoretical holes. In the early 90s, a great deal of research was being conducted in this area both in North America and Europe. Today, there is virtually no work being done on this area (outside of the author's university), and it isn't the trendy place for PHd candidates in Computer Science to make their reputation.
This book is of some value to those who are deep into the functioning of highly-secure software (although I could suggest some other areas of research that would be of greater use to humanity). It is of no benefit to the casual reader, or even the CISSP candidate. If you are just looking to learn about the concept of multi-level security, which is an important concept for the security professional to understand, a more cogent explanation can be found in the still-useful text "Computer Security Basics" by Deborah Russell, and G. T. Gangemi.
This book is at least 9 years too late.
Thank you for visiting www.AnyBook4Less.com and enjoy your savings!
Copyright� 2001-2021 Send your comments
