Book description
The world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here?s straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.
Table of contents
- Copyright
- Credits
- Preface to the Second Edition
- Foreword
- Preface
- About the Author
- Acknowledgments
- Further Acknowledgments for the Second Edition
- Legal Notice
-
I. PART I
- 1. What Is Security Engineering?
-
2. Usability and Psychology
- 2.1. Introduction
- 2.2. Attacks Based on Psychology
- 2.3. Insights from Psychology Research
-
2.4. Passwords
- 2.4.1. Difficulties with Reliable Password Entry
- 2.4.2. Difficulties with Remembering the Password
- 2.4.3. Naive Password Choice
- 2.4.4. User Abilities and Training
- 2.4.5. Social-Engineering Attacks
- 2.4.6. Trusted Path
-
2.4.7. Phishing Countermeasures
- 2.4.7.1. Password Manglers
- 2.4.7.2. Client Certs or Specialist Apps
- 2.4.7.3. Using the Browser's Password Database
- 2.4.7.4. Soft Keyboards
- 2.4.7.5. Customer Education
- 2.4.7.6. Microsoft Passport
- 2.4.7.7. Phishing Alert Toolbars
- 2.4.7.8. Two-Factor Authentication
- 2.4.7.9. Trusted Computing
- 2.4.7.10. Fortified Password Protocols
- 2.4.7.11. Two-Channel Authentication
- 2.4.8. The Future of Phishing
- 2.5. System Issues
- 2.6. CAPTCHAs
- 2.7. Summary
- 2.8. Research Problems
- 2.9. Further Reading
- 3. Protocols
-
4. Access Control
- 4.1. Introduction
-
4.2. Operating System Access Controls
- 4.2.1. Groups and Roles
- 4.2.2. Access Control Lists
- 4.2.3. Unix Operating System Security
- 4.2.4. Apple's OS/X
- 4.2.5. Windows – Basic Architecture
- 4.2.6. Capabilities
- 4.2.7. Windows – Added Features
- 4.2.8. Middleware
- 4.2.9. Sandboxing and Proof-Carrying Code
- 4.2.10. Virtualization
- 4.2.11. Trusted Computing
- 4.3. Hardware Protection
- 4.4. What Goes Wrong
- 4.5. Summary
- 4.6. Research Problems
- 4.7. Further Reading
-
5. Cryptography
- 5.1. Introduction
- 5.2. Historical Background
- 5.3. The Random Oracle Model
- 5.4. Symmetric Crypto Primitives
- 5.5. Modes of Operation
- 5.6. Hash Functions
- 5.7. Asymmetric Crypto Primitives
- 5.8. Summary
- 5.9. Research Problems
- 5.10. Further Reading
- 6. Distributed Systems
- 7. Economics
-
II. PART II
- 8. Multilevel Security
-
9. Multilateral Security
- 9.1. Introduction
- 9.2. Compartmentation, the Chinese Wall and the BMA Model
- 9.3. Inference Control
- 9.4. The Residual Problem
- 9.5. Summary
- 9.6. Research Problems
- 9.7. Further Reading
- 10. Banking and Bookkeeping
- 11. Physical Protection
- 12. Monitoring and Metering
-
13. Nuclear Command and Control
- 13.1. Introduction
- 13.2. The Evolution of Command and Control
- 13.3. Unconditionally Secure Authentication
- 13.4. Shared Control Schemes
- 13.5. Tamper Resistance and PALs
- 13.6. Treaty Verification
- 13.7. What Goes Wrong
- 13.8. Secrecy or Openness?
- 13.9. Summary
- 13.10. Research Problems
- 13.11. Further Reading
- 14. Security Printing and Seals
- 15. Biometrics
-
16. Physical Tamper Resistance
- 16.1. Introduction
- 16.2. History
-
16.3. High-End Physically Secure Processors
-
16.3.1.
-
16.3.1.1.
- 16.3.1.1.1. How to hack a cryptoprocessor (1)
- 16.3.1.1.2. How to hack a cryptoprocessor (2)
- 16.3.1.1.3. How to hack a cryptoprocessor (3)
- 16.3.1.1.4. How to hack a cryptoprocessor (4)
- 16.3.1.1.5. How to hack a cryptoprocessor (5)
- 16.3.1.1.6. How to hack a cryptoprocessor (6)
- 16.3.1.1.7. How to hack a cryptoprocessor (7)
-
16.3.1.1.
-
16.3.1.
- 16.4. Evaluation
- 16.5. Medium Security Processors
-
16.6. Smartcards and Microcontrollers
- 16.6.1. History
- 16.6.2. Architecture
-
16.6.3. Security Evolution
-
16.6.3.1.
- 16.6.3.1.1. How to hack a smartcard (1)
- 16.6.3.1.2. How to hack a smartcard (2)
- 16.6.3.1.3. How to hack a smartcard (3)
- 16.6.3.1.4. How to hack a smartcard (4)
- 16.6.3.1.5. How to hack a smartcard (5)
- 16.6.3.1.6. How to hack a smartcard (6)
- 16.6.3.1.7. How to hack a smartcard (7)
- 16.6.3.1.8. How to hack a smartcard (8)
- 16.6.3.1.9. How to hack a smartcard (9)
- 16.6.3.1.10. How to hack a smartcard (10)
-
16.6.3.1.
- 16.6.4. The State of the Art
- 16.7. What Goes Wrong
- 16.8. So What Should One Protect?
- 16.9. Summary
- 16.10. Research Problems
- 16.11. Further Reading
- 17. Emission Security
- 18. API Attacks
- 19. Electronic and Information Warfare
- 20. Telecom System Security
-
21. Network Attack and Defense
- 21.1. Introduction
- 21.2. Vulnerabilities in Network Protocols
- 21.3. Trojans, Viruses, Worms and Rootkits
- 21.4. Defense Against Network Attack
- 21.5. Topology
- 21.6. Summary
- 21.7. Research Problems
- 21.8. Further Reading
- 22. Copyright and DRM
- 23. The Bleeding Edge
-
III. PART III
-
24. Terror, Justice and Freedom
- 24.1. Introduction
- 24.2. Terrorism
-
24.3. Surveillance
- 24.3.1. The History of Government Wiretapping
- 24.3.2. The Growing Controversy about Traffic Analysis
- 24.3.3. Unlawful Surveillance
- 24.3.4. Access to Search Terms and Location Data
- 24.3.5. Data Mining
- 24.3.6. Surveillance via ISPs — Carnivore and its Offspring
- 24.3.7. Communications Intelligence on Foreign Targets
- 24.3.8. Intelligence Strengths and Weaknesses
- 24.3.9. The Crypto Wars
- 24.3.10. Did the Crypto Wars Matter?
- 24.3.11. Export Control
- 24.4. Censorship
- 24.5. Forensics and Rules of Evidence
- 24.6. Privacy and Data Protection
- 24.7. Summary
- 24.8. Research Problems
- 24.9. Further Reading
-
25. Managing the Development of Secure Systems
- 25.1. Introduction
- 25.2. Managing a Security Project
- 25.3. Methodology
- 25.4. Security Requirements Engineering
- 25.5. Risk Management
- 25.6. Managing the Team
- 25.7. Summary
- 25.8. Research Problems
- 25.9. Further Reading
- 26. System Evaluation and Assurance
- 27. Conclusions
-
24. Terror, Justice and Freedom
- Bibliography
Product information
- Title: Security Engineering: A Guide to Building Dependable Distributed Systems, Second Edition
- Author(s):
- Release date: April 2008
- Publisher(s): Wiley
- ISBN: 9780470068526
You might also like
audiobook
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide 9th Edition
(ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated …
book
Building Secure and Reliable Systems
Can a system be considered truly reliable if it isn't fundamentally secure? Or can it be …
book
Security Engineering, 3rd Edition
Now that there’s software in everything, how can you make anything secure? Understand how to engineer …
book
TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition
“For an engineer determined to refine and secure Internet operation or to explore alternative solutions to …