About This Book
For decades, computer security has played a critical role in the connected world. The widespread adoption of the internet, smartphones, and cloud services has raised the stakes dramatically: today the average person carries two or three networked computers at all times, and the consequences of a compromise—financial loss, identity theft, disruption of critical infrastructure—affect everyone, not just specialists.
Written for computer science and computer engineering students, this textbook is also readable by anyone who wishes to understand why security matters and how it works. It grew from more than fifteen years of teaching computer security at Chulalongkorn University.
The book is divided into three parts. Part I lays the conceptual groundwork: the CIA triad, the AAA framework, privacy, risk management, and social engineering. Part II equips the reader with the principal technical disciplines used to build and analyse secure systems: Cryptography, Software Security, Network Security, Digital Forensics, and AI & Machine Learning Security. Part III examines recurring vulnerability classes: Buffer Overflow, Input Validation and Injection Attacks, Physical Security, Malware, and Cloud Security.
Every chapter includes Learning Objectives, worked examples, exercises, and an annotated Further Reading list. A Glossary of key terms and an Index appear at the end of the book.
Recommended course focus
Table of Contents
- Ch 1 Introduction to Computer Security
- Ch 2 Authentication
- Ch 3 Authorization
- Ch 4 Auditing
- Ch 5 Integrity
- Ch 6 Cryptography
- Ch 7 Software Security
- Ch 8 Network Security
- Ch 9 Digital Forensics
- Ch 10 AI and Machine Learning Security
- Ch 11 Buffer Overflow
- Ch 12 Input Validation and Injection Attacks
- Ch 13 Physical Security
- Ch 14 Malware
- Ch 15 Cloud Security
- A 2 Hacking Password
- A 6 Fundamental of Cryptography
- A 6b Public Key Infrastructure
- A 7 Secure Software / Simple Web Server
- A 8 Network Scanner with NMAP
- A 9 Digital Forensics
- A 11 Buffer Overflow
- A 13 Physical Security
Activity numbers correspond to their chapter (e.g., Activity 9 supplements Chapter 9).
Class Activities
Hands-on activities accompany several chapters. The exercises below require downloadable files; all other activities use tools installed via the system package manager or freely available online.
Hacking Password
Brute-force and rainbow-table attacks on SHA-1 hashed passwords using a common-credential dictionary.
Fundamental of Cryptography
Statistical analysis of Caesar cipher, Vigenère encryption, ECB/CBC block cipher modes, and digital signatures with OpenSSL.
Public Key Infrastructure
Inspect TLS certificate chains with OpenSSL, explore root and intermediate CAs, and implement certificate validation in Python.
Secure Software / Simple Web Server
Progressively harden a minimalist Java HTTP server against DoS, information disclosure, and tampering attacks.
Network Scanner with NMAP
Host discovery, port scanning (SYN/TCP/UDP), service & version detection, OS fingerprinting, NSE scripts, and output formats.
Digital Forensics
Extract GPS location from EXIF metadata; recover a deleted file from a disk image using TestDisk.
Buffer Overflow
Stack layout analysis, stack smashing to redirect execution, and exploiting a buffer-overflow challenge binary with a Python script.
Physical Security
JavaScript injection via an unattended browser session; reverse-shell trapdoor using Netcat.
Downloads
All activity files are hosted here. Download them with your browser or with curl:
To download from the command line:
curl -O https://www.cp.eng.chula.ac.th/~krerk/books/ComputerSecurity/files/exif-sample.jpg curl -O https://www.cp.eng.chula.ac.th/~krerk/books/ComputerSecurity/files/disk-sample.zip curl -O https://www.cp.eng.chula.ac.th/~krerk/books/ComputerSecurity/files/victim-2020 chmod +x victim-2020 # make the binary executable
About the Author
