Cover image for Security Engineering, 3rd Edition

Security Engineering, 3rd Edition

Release Date: 2020/12/01
ISBN: 9781119642787
Topic:
0%
47
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Now that there’s software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic  

In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.  

This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability.  

Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including: 

  • How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of Things 
  • Who the attackers are – from nation states and business competitors through criminal gangs to stalkers and playground bullies 
  • What they do – from phishing and carding through SIM swapping and software exploits to DDoS and fake news
  • Security psychology, from privacy through ease-of-use to deception  
  • The economics of security and dependability – why companies build vulnerable systems and governments look the other way 
  • How dozens of industries went online – well or badly

Table of Contents

  1. Cover
  2. Title Page
  3. Preface to the Third Edition
  4. Preface to the Second Edition
  5. Preface to the First Edition
  6. For my daughter, and other lawyers…
  7. Foreword
  8. PART I
    1. CHAPTER 1: What Is Security Engineering?
    2. 1.1 Introduction
    3. 1.2 A framework
    4. 1.3 Example 1 – a bank
    5. 1.4 Example 2 – a military base
    6. 1.5 Example 3 – a hospital
    7. 1.6 Example 4 – the home
    8. 1.7 Definitions
    9. 1.8 Summary
    10. Note
    11. CHAPTER 2: Who Is the Opponent?
    12. 2.1 Introduction
    13. 2.2 Spies
    14. 2.3 Crooks
    15. 2.4 Geeks
    16. 2.5 The swamp
    17. 2.6 Summary
    18. Research problems
    19. Further reading
    20. Notes
    21. CHAPTER 3: Psychology and Usability
    22. 3.1 Introduction
    23. 3.2 Insights from psychology research
    24. 3.3 Deception in practice
    25. 3.4 Passwords
    26. 3.5 CAPTCHAs
    27. 3.6 Summary
    28. Research problems
    29. Further reading
    30. Notes
    31. CHAPTER 4: Protocols
    32. 4.1 Introduction
    33. 4.2 Password eavesdropping risks
    34. 4.3 Who goes there? – simple authentication
    35. 4.4 Manipulating the message
    36. 4.5 Changing the environment
    37. 4.6 Chosen protocol attacks
    38. 4.7 Managing encryption keys
    39. 4.8 Design assurance
    40. 4.9 Summary
    41. Research problems
    42. Further reading
    43. Notes
    44. CHAPTER 5: Cryptography
    45. 5.1 Introduction
    46. 5.2 Historical background
    47. 5.3 Security models
    48. 5.4 Symmetric crypto algorithms
    49. 5.5 Modes of operation
    50. 5.6 Hash functions
    51. 5.7 Asymmetric crypto primitives
    52. 5.8 Summary
    53. Research problems
    54. Further reading
    55. Notes
    56. CHAPTER 6: Access Control
    57. 6.1 Introduction
    58. 6.2 Operating system access controls
    59. 6.3 Hardware protection
    60. 6.4 What goes wrong
    61. 6.5 Summary
    62. Research problems
    63. Further reading
    64. Notes
    65. CHAPTER 7: Distributed Systems
    66. 7.1 Introduction
    67. 7.2 Concurrency
    68. 7.3 Fault tolerance and failure recovery
    69. 7.4 Naming
    70. 7.5 Summary
    71. Research problems
    72. Further reading
    73. Notes
    74. CHAPTER 8: Economics
    75. 8.1 Introduction
    76. 8.2 Classical economics
    77. 8.3 Information economics
    78. 8.4 Game theory
    79. 8.5 Auction theory
    80. 8.6 The economics of security and dependability
    81. 8.7 Summary
    82. Research problems
    83. Further reading
    84. Notes
  9. PART II
    1. CHAPTER 9: Multilevel Security
    2. 9.1 Introduction
    3. 9.2 What is a security policy model?
    4. 9.3 Multilevel security policy
    5. 9.4 Historical examples of MLS systems
    6. 9.5 MAC: from MLS to IFC and integrity
    7. 9.6 What goes wrong
    8. 9.7 Summary
    9. Research problems
    10. Further reading
    11. Notes
    12. CHAPTER 10: Boundaries
    13. 10.1 Introduction
    14. 10.2 Compartmentation and the lattice model
    15. 10.3 Privacy for tigers
    16. 10.4 Health record privacy
    17. 10.5 Summary
    18. Research problems
    19. Further reading
    20. Notes
    21. CHAPTER 11: Inference Control
    22. 11.1 Introduction
    23. 11.2 The early history of inference control
    24. 11.3 Differential privacy
    25. 11.4 Mind the gap?
    26. 11.5 Summary
    27. Research problems
    28. Further reading
    29. Notes
    30. CHAPTER 12: Banking and Bookkeeping
    31. 12.1 Introduction
    32. 12.2 Bookkeeping systems
    33. 12.3 Interbank payment systems
    34. 12.4 Automatic teller machines
    35. 12.5 Credit cards
    36. 12.6 EMV payment cards
    37. 12.7 Online banking
    38. 12.8 Nonbank payments
    39. 12.9 Summary
    40. Research problems
    41. Further reading
    42. Notes
    43. CHAPTER 13: Locks and Alarms
    44. 13.1 Introduction
    45. 13.2 Threats and barriers
    46. 13.3 Alarms
    47. 13.4 Summary
    48. Research problems
    49. Further reading
    50. Notes
    51. CHAPTER 14: Monitoring and Metering
    52. 14.1 Introduction
    53. 14.2 Prepayment tokens
    54. 14.3 Taxi meters, tachographs and truck speed limiters
    55. 14.4 Curfew tags: GPS as policeman
    56. 14.5 Postage meters
    57. 14.6 Summary
    58. Research problems
    59. Further reading
    60. Notes
    61. CHAPTER 15: Nuclear Command and Control
    62. 15.1 Introduction
    63. 15.2 The evolution of command and control
    64. 15.3 Unconditionally secure authentication
    65. 15.4 Shared control schemes
    66. 15.5 Tamper resistance and PALs
    67. 15.6 Treaty verification
    68. 15.7 What goes wrong
    69. 15.8 Secrecy or openness?
    70. 15.9 Summary
    71. Research problems
    72. Further reading
    73. Notes
    74. CHAPTER 16: Security Printing and Seals
    75. 16.1 Introduction
    76. 16.2 History
    77. 16.3 Security printing
    78. 16.4 Packaging and seals
    79. 16.5 Systemic vulnerabilities
    80. 16.6 Evaluation methodology
    81. 16.7 Summary
    82. Research problems
    83. Further reading
    84. CHAPTER 17: Biometrics
    85. 17.1 Introduction
    86. 17.2 Handwritten signatures
    87. 17.3 Face recognition
    88. 17.4 Fingerprints
    89. 17.5 Iris codes
    90. 17.6 Voice recognition and morphing
    91. 17.7 Other systems
    92. 17.8 What goes wrong
    93. 17.9 Summary
    94. Research problems
    95. Further reading
    96. Notes
    97. CHAPTER 18: Tamper Resistance
    98. 18.1 Introduction
    99. 18.2 History
    100. 18.3 Hardware security modules
    101. 18.4 Evaluation
    102. 18.5 Smartcards and other security chips
    103. 18.6 The residual risk
    104. 18.7 So what should one protect?
    105. 18.8 Summary
    106. Research problems
    107. Further reading
    108. Notes
    109. CHAPTER 19: Side Channels
    110. 19.1 Introduction
    111. 19.2 Emission security
    112. 19.3 Passive attacks
    113. 19.4 Attacks between and within computers
    114. 19.5 Environmental side channels
    115. 19.6 Social side channels
    116. 19.7 Summary
    117. Research problems
    118. Further reading
    119. CHAPTER 20: Advanced Cryptographic Engineering
    120. 20.1 Introduction
    121. 20.2 Full-disk encryption
    122. 20.3 Signal
    123. 20.4 Tor
    124. 20.5 HSMs
    125. 20.6 Enclaves
    126. 20.7 Blockchains
    127. 20.8 Crypto dreams that failed
    128. 20.9 Summary
    129. Research problems
    130. Further reading
    131. Notes
    132. CHAPTER 21: Network Attack and Defence
    133. 21.1 Introduction
    134. 21.2 Network protocols and service denial
    135. 21.3 The malware menagerie – Trojans, worms and RATs
    136. 21.4 Defense against network attack
    137. 21.5 Cryptography: the ragged boundary
    138. 21.6 CAs and PKI
    139. 21.7 Topology
    140. 21.8 Summary
    141. Research problems
    142. Further reading
    143. Notes
    144. CHAPTER 22: Phones
    145. 22.1 Introduction
    146. 22.2 Attacks on phone networks
    147. 22.3 Going mobile
    148. 22.4 Platform security
    149. 22.5 Summary
    150. Research problems
    151. Further reading
    152. Notes
    153. CHAPTER 23: Electronic and Information Warfare
    154. 23.1 Introduction
    155. 23.2 Basics
    156. 23.3 Communications systems
    157. 23.4 Surveillance and target acquisition
    158. 23.5 IFF systems
    159. 23.6 Improvised explosive devices
    160. 23.7 Directed energy weapons
    161. 23.8 Information warfare
    162. 23.9 Summary
    163. Research problems
    164. Further reading
    165. Note
    166. CHAPTER 24: Copyright and DRM
    167. 24.1 Introduction
    168. 24.2 Copyright
    169. 24.3 DRM on general-purpose computers
    170. 24.4 Information hiding
    171. 24.5 Policy
    172. 24.6 Accessory control
    173. 24.7 Summary
    174. Research problems
    175. Further reading
    176. Notes
    177. CHAPTER 25: New Directions?
    178. 25.1 Introduction
    179. 25.2 Autonomous and remotely-piloted vehicles
    180. 25.3 AI / ML
    181. 25.4 PETS and operational security
    182. 25.5 Elections
    183. 25.6 Summary
    184. Research problems
    185. Further reading
    186. Notes
  10. PART III
    1. CHAPTER 26: Surveillance or Privacy?
    2. 26.1 Introduction
    3. 26.2 Surveillance
    4. 26.3 Terrorism
    5. 26.4 Censorship
    6. 26.5 Forensics and rules of evidence
    7. 26.6 Privacy and data protection
    8. 26.7 Freedom of information
    9. 26.8 Summary
    10. Research problems
    11. Further reading
    12. Notes
    13. CHAPTER 27: Secure Systems Development
    14. 27.1 Introduction
    15. 27.2 Risk management
    16. 27.3 Lessons from safety-critical systems
    17. 27.4 Prioritising protection goals
    18. 27.5 Methodology
    19. 27.6 Managing the team
    20. 27.7 Summary
    21. Research problems
    22. Further reading
    23. Notes
    24. CHAPTER 28: Assurance and Sustainability
    25. 28.1 Introduction
    26. 28.2 Evaluation
    27. 28.3 Metrics and dynamics of dependability
    28. 28.4 The entanglement of safety and security
    29. 28.5 Sustainability
    30. 28.6 Summary
    31. Research problems
    32. Further reading
    33. Notes
    34. CHAPTER 29: Beyond “Computer Says No”
  11. Bibliography
  12. Index
  13. End User License Agreement
18.189.2.122