© 2020

Computer Security and the Internet

Tools and Jewels


Part of the Information Security and Cryptography book series (ISC)

Table of contents

  1. Front Matter
    Pages i-xxii
  2. Paul C. van Oorschot
    Pages 1-28
  3. Paul C. van Oorschot
    Pages 29-53
  4. Paul C. van Oorschot
    Pages 91-124
  5. Paul C. van Oorschot
    Pages 125-154
  6. Paul C. van Oorschot
    Pages 155-182
  7. Paul C. van Oorschot
    Pages 183-211
  8. Paul C. van Oorschot
    Pages 213-244
  9. Paul C. van Oorschot
    Pages 245-279
  10. Paul C. van Oorschot
    Pages 281-308
  11. Paul C. van Oorschot
    Pages 309-338
  12. Back Matter
    Pages 339-365

About this book


This book provides a concise yet comprehensive overview of computer and Internet security, suitable for a one-term introductory course for junior/senior undergrad or first-year graduate students. It is also suitable for self-study by anyone seeking a solid footing in security – including software developers and computing professionals, technical managers and government staff. An overriding focus is on brevity, without sacrificing breadth of core topics or technical detail within them. The aim is to enable a broad understanding in roughly 350 pages. Further prioritization is supported by designating as optional selected content within this. Fundamental academic concepts are reinforced by specifics and examples, and related to applied problems and real-world incidents.


The first chapter provides a gentle overview and 20 design principles for security. The ten chapters that follow provide a framework for understanding computer and Internet security. They regularly refer back to the principles, with supporting examples. These principles are the conceptual counterparts of security-related error patterns that have been recurring in software and system designs for over 50 years.


The book is “elementary” in that it assumes no background in security, but unlike “soft” high-level texts it does not avoid low-level details, instead it selectively dives into fine points for exemplary topics to concretely illustrate concepts and principles. The book is rigorous in the sense of being technically sound, but avoids both mathematical proofs and lengthy source-code examples that typically make books inaccessible to general audiences. Knowledge of elementary operating system and networking concepts is helpful, but review sections summarize the essential background. For graduate students, inline exercises and supplemental references provided in per-chapter endnotes provide a bridge to further topics and a springboard to the research literature; for those in industry and government, pointers are provided to helpful surveys and relevant standards, e.g., documents from the Internet Engineering Task Force (IETF), and the U.S. National Institute of Standards and Technology.


Information Security Cryptography User Authentication Passwords Biometrics Authentication Protocols Key Establishment Operating System Security Access Control Software Security Web Security Firewalls Intrusion Detection Network Security Computer Security

Authors and affiliations

  1. 1.School of Computer ScienceCarleton UniversityOttawaCanada

About the authors

Paul C. van Oorschot is a Professor of Computer Science at Carleton University (Ottawa), where he is Canada Research Chair in Authentication and Computer Security. He is an ACM Fellow, an IEEE Fellow, and a Fellow of the Royal Society of Canada. He was Program Chair of NSPW 2014-2015, USENIX Security 2008, NDSS 2001-2002, and co-author of the Handbook of Applied Cryptography (1996). He has served on the editorial boards of IEEE TDSC, IEEE TIFS, and ACM TISSEC/TOPS. His research interests include authentication and identity management, computer security, Internet security, security and usability, software security, and applied cryptography. His academic career was preceded by 14 years of industrial research and development in telecommunications and software security.

Bibliographic information

Industry Sectors
Chemical Manufacturing
IT & Software
Consumer Packaged Goods
Finance, Business & Banking
Energy, Utilities & Environment


“This excellent book covers several useful and very practical topics in computer security, from cryptographic protocols to software vulnerabilities and malware. It is full of very thoughtful examples, lots of handy illustrations, and even small exercises for teaching purposes. … the book is a good compromise between understanding the essentials of computer security and giving concise yet useful examples and explanations. I really enjoyed reading it.” (Santiago Escobar, Computing Reviews, January 4, 2021)