4 May
2025
4 May
'25
3:53 a.m.
On Fri, May 2, 2025 at 5:21 AM Aharon Robbins <arnold(a)skeeve.com> wrote:
Hi All.
In a book I'm updating, I have the following references for
Unix security.
1. Practical UNIX & Internet Security, 3rd edition, by Simson Garfinkel,
Gene Spafford, and Alan Schwartz, O’Reilly & Associates, Sebastopol,
CA, USA, 2003. ISBN-10: 0-596-00323-4, ISBN-13: 978-0596003234.
2. Building Secure Software: How to Avoid Security Problems the Right Way,
by John Viega and Gary McGraw. Addison-Wesley, Reading, Massachusetts,
USA, 2001. ISBN- 10: 0-201-72152-X, ISBN-13: 978-0201721522.
3. “Setuid Demystified,” by Hao Chen, David Wagner, and Drew
Dean. Proceedings of the 11th USENIX Security Symposium, August 5–9,
2002. http://www.cs.berkeley. edu/~daw/papers/setuid-usenix02.pdf.
One of my reviewers asked if these weren't "dusty references".
So, before I just refer to them as "classics", can anyone recommend
more recent books? Feel free to answer in private.
I’d have to rummage around for a definitive answer but I think things have
fractured a bit and OS level security is either a chapter or section in
academic or professional books. That is mostly survey or long standing
information, the edge is all in open source code and/or
papers/presentations.
There are several recent cryptography books aimed at a more practitioner
level I can recommend if that is relevant to your quest.
The main book that comes to mind 0321822137 is a C and C++ security survey
that is worthwhile but not OS specific.
I’d also like to know your title so I can add it to my collection when it
is ready!
Thanks,
Arnold