Hi All.
In a book I'm updating, I have the following references for
Unix security.
1. Practical UNIX & Internet Security, 3rd edition, by Simson Garfinkel,
Gene Spafford, and Alan Schwartz, O’Reilly & Associates, Sebastopol,
CA, USA, 2003. ISBN-10: 0-596-00323-4, ISBN-13: 978-0596003234.
2. Building Secure Software: How to Avoid Security Problems the Right Way,
by John Viega and Gary McGraw. Addison-Wesley, Reading, Massachusetts,
USA, 2001. ISBN- 10: 0-201-72152-X, ISBN-13: 978-0201721522.
3. “Setuid Demystified,” by Hao Chen, David Wagner, and Drew
Dean. Proceedings of the 11th USENIX Security Symposium, August 5–9,
2002. http://www.cs.berkeley. edu/~daw/papers/setuid-usenix02.pdf.
One of my reviewers asked if these weren't "dusty references".
So, before I just refer to them as "classics", can anyone recommend
more recent books? Feel free to answer in private.
I’d have to rummage around for a definitive answer but I think things have fractured a bit and OS level security is either a chapter or section in academic or professional books. That is mostly survey or long standing information, the edge is all in open source code and/or papers/presentations.
There are several recent cryptography books aimed at a more practitioner level I can recommend if that is relevant to your quest.
The main book that comes to mind 0321822137 is a C and C++ security survey that is worthwhile but not OS specific.
I’d also like to know your title so I can add it to my collection when it is ready!
Thanks,
Arnold