Book Review on Zero Day Secure: A Radical Guide to Successful Computer Security

Zero Day Secure: A Radical Guide to Successful Computer Security

The author’s aim in this text is to supply new information about a different approach to computer security, a topic most regarded as imperative in the present  environment. Her main aim is to explore the concept of the Computer Operations Continuum of Power (COCOP), And this is explained in 10 chapters with text and excellent diagrams illustrating the procedures. We thought this was an interesting concept, mainly how can one secure something from a threat you know nothing about – i.e., a Zero Day Attack? Enclosed is our review by chapters:

Chapter 1 outlines the principles of COCOP where three Principles are outlined:

  • Prohibit ordinary application programs from accessing plenary power; in other words, the user must be authorized.
  • Contain contemporaneous expansive operations
  • Guarantee internal operations.

Chapter 2 called "Plenary Power Vulnerabilities" examines three flaws of computing:

  • Erroneously opening a file with a similar name.
  • Erroneously connecting with an incorrect network.
  • Not quite sure about this one – input data should be verified.

And from this comes two rules that are essential in this radical approach, mainly:

  • Remove Plenary Powers from ordinary programs.
  • Supply a utility that allows only users to start the program.

The author then goes on to Guarding File Access, and another 10 rules that are fully illustrated in flow diagrams and demonstrate how these rules are extended in the further chapters.

Chapter 3 "Expansive Power Vulnerabilities", deals with Unnecessary Multipurpose Programs, Network Status, Exfiltration to Unrelated Servers, Maintaining Offline Confidentiality, Preventing Surreptitious Access, Copying of User Files, and Global Access to Ancillary Files.

Chapter 4 "Internal Power Vulnerabilities" provides a number are a number of examples of reading and writing data to the wrong location, creating new instructions, misinterpreting data, reading vestigial sensitive data, plus other errors in logic. A number of situations are examined, such as buffer overflow attacks, specifically where Stack types are examined and reinforced with textual and diagrammatic explanations.

Chapter 5 "Genetic Installation Infrastructure" concentrates on malicious attacks by social engineering, as well as installing original programs and updates, and their malicious equivalents are covered.

Chapter 6 "Advanced Measures" discusses the splitting and diffusion of privilege.

Chapter 7 "Bandages for Short Term Relief" looks at End User and Server computer for end use access and activities such as deletions, updates, backups, and network connections.

Chapter 8 ‘Computer Languages’ looks at the choice of language used.

Chapter 9 "Identification Issues" examines Remote Computer and User Identitification.

Chapter 10 "Incentives and Disincentives" the final chapter looks at putting pressure on software developers to raise the standard of security of their products. Disincentives, such as enforcing legal liability should be used.

The author certainly has a passion for computer security. This text has been created with obvious care, with each chapter having diagrammatic explanations for many of the points. Also, each chapter has a comprehensive reference list.

The people who could benefit are information security specialists, information security auditors, security system designers, and technical security managers. Dare I say it, some upper management as well as the network, information/data, and program systems are essential to the survival of most organisations.

Author: Karen Heart
Publisher: Mongoose Press
Publication date : October 14, 2025
ISBN-10 : 1968865071
ISBN-13 : 978-1968865078
 

AUTHORS

Photo of William (Bill) Hutchinson

William (Bill) Hutchinson

Security Research Institute Edith Cowan University 
Perth, Australia.

Professor Bill Hutchinson was Foundation IBM Chair in Information Security at Edith Cowan University in Western Australia. He was Director of SECAU (Security Research Centre) and was coordinator of the Information Operations and Security programmes. From 2000 to 2010, he was the Chief Editor and founder of the Journal of Information Warfare.


Published In

Volume 25, Issue 1

Keywords

Book Review

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

(

2

3

4

8

9

A
AI
APT

a

B

C
C2
C2S
CDX
CIA
CIP
CPS

D
DNS
DoD
DoS

E

e

F

G

H

I
IA
ICS

i

J

K

L

M

N

O

P
PDA

Q

R

S
SOA

T

t

U

V

W

X
XRY

Y

Z

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com