book

Security Engineering, 3rd Edition

Name: Security Engineering, 3rd Edition
Author: Ross Anderson
ISBN: 9781119642787

by Ross Anderson

December 2020

Intermediate to advanced

1232 pages

43h 39m

English

Wiley

Read now

Unlock full access

Cover
Title Page
Preface to the Third Edition
Preface to the Second Edition
Preface to the First Edition
For my daughter, and other lawyers…
Foreword
PART I
CHAPTER 1: What Is Security Engineering?
1.1 Introduction1.2 A framework1.3 Example 1 – a bank1.4 Example 2 – a military base1.5 Example 3 – a hospital1.6 Example 4 – the home1.7 Definitions1.8 SummaryNote
CHAPTER 2: Who Is the Opponent?
2.1 Introduction2.2 Spies2.3 Crooks2.4 Geeks2.5 The swamp2.6 SummaryResearch problemsFurther readingNotes

CHAPTER 3: Psychology and Usability
3.1 Introduction3.2 Insights from psychology research3.3 Deception in practice3.4 Passwords3.5 CAPTCHAs3.6 SummaryResearch problemsFurther readingNotes
CHAPTER 4: Protocols
4.1 Introduction4.2 Password eavesdropping risks4.3 Who goes there? – simple authentication4.4 Manipulating the message4.5 Changing the environment4.6 Chosen protocol attacks4.7 Managing encryption keys4.8 Design assurance4.9 SummaryResearch problemsFurther readingNotes
CHAPTER 5: Cryptography
5.1 Introduction5.2 Historical background5.3 Security models5.4 Symmetric crypto algorithms5.5 Modes of operation5.6 Hash functions5.7 Asymmetric crypto primitives5.8 SummaryResearch problemsFurther readingNotes
CHAPTER 6: Access Control
6.1 Introduction6.2 Operating system access controls6.3 Hardware protection6.4 What goes wrong6.5 SummaryResearch problemsFurther readingNotes
CHAPTER 7: Distributed Systems
7.1 Introduction7.2 Concurrency7.3 Fault tolerance and failure recovery7.4 Naming7.5 SummaryResearch problemsFurther readingNotes
CHAPTER 8: Economics
8.1 Introduction8.2 Classical economics8.3 Information economics8.4 Game theory8.5 Auction theory8.6 The economics of security and dependability8.7 SummaryResearch problemsFurther readingNotes
PART II
CHAPTER 9: Multilevel Security
9.1 Introduction9.2 What is a security policy model?9.3 Multilevel security policy9.4 Historical examples of MLS systems9.5 MAC: from MLS to IFC and integrity9.6 What goes wrong9.7 SummaryResearch problemsFurther readingNotes
CHAPTER 10: Boundaries
10.1 Introduction10.2 Compartmentation and the lattice model10.3 Privacy for tigers10.4 Health record privacy10.5 SummaryResearch problemsFurther readingNotes
CHAPTER 11: Inference Control
11.1 Introduction11.2 The early history of inference control11.3 Differential privacy11.4 Mind the gap?11.5 SummaryResearch problemsFurther readingNotes
CHAPTER 12: Banking and Bookkeeping
12.1 Introduction12.2 Bookkeeping systems12.3 Interbank payment systems12.4 Automatic teller machines12.5 Credit cards12.6 EMV payment cards12.7 Online banking12.8 Nonbank payments12.9 SummaryResearch problemsFurther readingNotes
CHAPTER 13: Locks and Alarms
13.1 Introduction13.2 Threats and barriers13.3 Alarms13.4 SummaryResearch problemsFurther readingNotes
CHAPTER 14: Monitoring and Metering
14.1 Introduction14.2 Prepayment tokens14.3 Taxi meters, tachographs and truck speed limiters14.4 Curfew tags: GPS as policeman14.5 Postage meters14.6 SummaryResearch problemsFurther readingNotes
CHAPTER 15: Nuclear Command and Control
15.1 Introduction15.2 The evolution of command and control15.3 Unconditionally secure authentication15.4 Shared control schemes15.5 Tamper resistance and PALs15.6 Treaty verification15.7 What goes wrong15.8 Secrecy or openness?15.9 SummaryResearch problemsFurther readingNotes
CHAPTER 16: Security Printing and Seals
16.1 Introduction16.2 History16.3 Security printing16.4 Packaging and seals16.5 Systemic vulnerabilities16.6 Evaluation methodology16.7 SummaryResearch problemsFurther reading
CHAPTER 17: Biometrics
17.1 Introduction17.2 Handwritten signatures17.3 Face recognition17.4 Fingerprints17.5 Iris codes17.6 Voice recognition and morphing17.7 Other systems17.8 What goes wrong17.9 SummaryResearch problemsFurther readingNotes
CHAPTER 18: Tamper Resistance
18.1 Introduction18.2 History18.3 Hardware security modules18.4 Evaluation18.5 Smartcards and other security chips18.6 The residual risk18.7 So what should one protect?18.8 SummaryResearch problemsFurther readingNotes
CHAPTER 19: Side Channels
19.1 Introduction19.2 Emission security19.3 Passive attacks19.4 Attacks between and within computers19.5 Environmental side channels19.6 Social side channels19.7 SummaryResearch problemsFurther reading
CHAPTER 20: Advanced Cryptographic Engineering
20.1 Introduction20.2 Full-disk encryption20.3 Signal20.4 Tor20.5 HSMs20.6 Enclaves20.7 Blockchains20.8 Crypto dreams that failed20.9 SummaryResearch problemsFurther readingNotes
CHAPTER 21: Network Attack and Defence
21.1 Introduction21.2 Network protocols and service denial21.3 The malware menagerie – Trojans, worms and RATs21.4 Defense against network attack21.5 Cryptography: the ragged boundary21.6 CAs and PKI21.7 Topology21.8 SummaryResearch problemsFurther readingNotes
CHAPTER 22: Phones
22.1 Introduction22.2 Attacks on phone networks22.3 Going mobile22.4 Platform security22.5 SummaryResearch problemsFurther readingNotes
CHAPTER 23: Electronic and Information Warfare
23.1 Introduction23.2 Basics23.3 Communications systems23.4 Surveillance and target acquisition23.5 IFF systems23.6 Improvised explosive devices23.7 Directed energy weapons23.8 Information warfare23.9 SummaryResearch problemsFurther readingNote
CHAPTER 24: Copyright and DRM
24.1 Introduction24.2 Copyright24.3 DRM on general-purpose computers24.4 Information hiding24.5 Policy24.6 Accessory control24.7 SummaryResearch problemsFurther readingNotes
CHAPTER 25: New Directions?
25.1 Introduction25.2 Autonomous and remotely-piloted vehicles25.3 AI / ML25.4 PETS and operational security25.5 Elections25.6 SummaryResearch problemsFurther readingNotes
PART III
CHAPTER 26: Surveillance or Privacy?
26.1 Introduction26.2 Surveillance26.3 Terrorism26.4 Censorship26.5 Forensics and rules of evidence26.6 Privacy and data protection26.7 Freedom of information26.8 SummaryResearch problemsFurther readingNotes
CHAPTER 27: Secure Systems Development
27.1 Introduction27.2 Risk management27.3 Lessons from safety-critical systems27.4 Prioritising protection goals27.5 Methodology27.6 Managing the team27.7 SummaryResearch problemsFurther readingNotes
CHAPTER 28: Assurance and Sustainability
28.1 Introduction28.2 Evaluation28.3 Metrics and dynamics of dependability28.4 The entanglement of safety and security28.5 Sustainability28.6 SummaryResearch problemsFurther readingNotes
CHAPTER 29: Beyond “Computer Says No”
Bibliography
Index
End User License Agreement

Overview

Now that there’s software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic

In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.

This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability.

Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including:

How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of Things
Who the attackers are – from nation states and business competitors through criminal gangs to stalkers and playground bullies
What they do – from phishing and carding through SIM swapping and software exploits to DDoS and fake news
Security psychology, from privacy through ease-of-use to deception
The economics of security and dependability – why companies build vulnerable systems and governments look the other way
How dozens of industries went online – well or badly

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781119642787Purchase Link

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills