Security Engineering: A Guide to Building Dependable Distributed Systems Hardcover – 11 Apr 2008
|New from||Used from|
- Choose from over 13,000 locations across the UK
- Prime members get unlimited deliveries at no additional cost
- Find your preferred location and add it to your address book
- Dispatch to this address when you check out
Frequently bought together
Customers who bought this item also bought
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Would you like to tell us about a lower price?
If you are a seller for this product, would you like to suggest updates through seller support?
At over a thousand pages, this is a comprehensive volume. Engineering & Technology Saturday 7 June 2008
From the Back Cover
"Security engineering is different from any other kind of programming. . . . if you′re even thinking of doing any security engineering, you need to read this book."
"This is the best book on computer security. Buy it, but more importantly, read it and apply it in your work."
This book created the discipline of security engineering
The world has changed radically since the first edition was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. New applications, from search to social networks to electronic voting machines, provide new targets. And terrorism has changed the world. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice.
Here′s straight talk about
- Technical engineering basics cryptography, protocols, access controls, and distributed systems
Types of attack phishing, Web exploits, card fraud, hardware hacks, and electronic warfare
Specialized protection mechanisms what biometrics, seals, smartcards, alarms, and DRM do, and how they fail
Security economics why companies build insecure systems, why it′s tough to manage security projects, and how to cope
Security psychology the privacy dilemma, what makes security too hard to use, and why deception will keep increasing
Policy why governments waste money on security, why societies are vulnerable to terrorism, and what to do about it
What other items do customers buy after viewing this item?
Top customer reviews
It was an eye opener, I bought the book and I haven't regretted it. The scope covered all the application areas in which I was interested, and added new ones.
It is well written to the extent that I found myself reading it for entertainment. Nevertheless it is also a solid academic book with plenty of references to other materials. It is also telling that this book is referenced by every other book on security and cryptography that I have since read.
The way Ross Anderson goes about this task is systematic and pedagogical. He has obviously been lecturing for many years and is both an excellent presenter and a person demonstrating a good understanding of learning curves. Both the book as a whole and the individual chapters have been constructed in such a way that the reader can give up at various points of complexity without losing the plot altogether and simply start at the beginning of the following chapter for a less deep education than if he read and understood everything but nevertheless gaining a comprehensive feel for the nature of security and how to tackle its implementation. This design also enables the book to be used either as a textbook or as a reference work. Very smart - many technical authors could learn something from observing how Ross goes about it.
I also like that each chapter ends with a discussion of possible research projects, literature recommendations and of course a summary. The only irritating thing is that there are too many stupid typos such as missing words, things which another read-through by the editor should have caught. An example: `...using the key in Figure 5.7, it enciphers to TB while rf enciphers to OB...' should be `...using the key in Figure 5.7, rd enciphers to TB while rf enciphers to OB...' It is fine to use typographic tricks for illustrative purposes but you must make sure they make it into print if you do. I'm certain many readers will find the chapter on cryptography difficult enough without errors. Well, next edition...
The book consists of three parts. The first is a quite basic intro to security concepts, protocols, human-to-computer interfaces, access control, cryptography and distributed systems. I think that perhaps Ross gets a little bit carried away in Chapter 5 on crypt - I mean, why is a proof for Fermat's little theorem included? There are no other mathematical proofs anywhere. I also think that parts of this chapter could benefit from added verbosity or perhaps a few more illustrations. Whereas in this context it is not so important how crypt primitives function internally it is of course very important how they behave as system components. Just a suggestion - no real criticism.
In the second part of the book the author ingeniously uses a whole range of well-known systems incorporating security to illustrate both analytical methods and security engineering fundamentals. Using this pedagogical method, moving from the concrete and well-known to the abstract and general is good engineering practice. Almost every main section contains a subsection called What Goes Wrong in which the author analyses and presents architectural and design weaknesses in everything from ATMs to nuclear systems. I find this approach incredibly valuable, not only because it teaches good engineering methodology but also because it gives the author an opportunity to present a huge number of security problems at the implementation level in a context, from which they can be lifted, cross-referenced and placed in different contexts. This method, combined with the informed and intelligent analysis is what makes this book such a brilliant generator of understanding of security, the broad and full concept.
Also in this part of the book there is a clear line which is not only technological but which serves to place security concepts in organisational frameworks, another very strong point in favour of this work. This leads to the third part of the book, which in the words of the author deals with politics, management and assurance. Very good entertainment as well. The book ends with one of the best bibliographies that I have ever seen in the field.
Kudos to Ross Anderson for writing such a fantastic book - highly recommended reading!
Ross Anderson surveys the entire spectrum of contemporary techno-security, from nuclear weapons to the electric meters used in South Africa, and tells you the nuts-n-bolts of how they are architected, and where things fall apart. What becomes clear is that perfect security doesn't exist in the real world, so you need to create "security in depth", where you secure all aspects of your enterprise. Attacks can come from the CEO, your customer, the janitor, the designer, or a passing crack head. In fact, the biggest threat is time itself -- a procedure secure today will become vulnerable in a couple of years if you don't treat security as a living, growing, changing, high-priority part of your enterprise.
Early in the book he opened my eyes -- I know a thing or two about security, yet his example of a military IFF system blew me away. If I had been asked, I would have swore it was a perfect system. Yet, with a simple little trick, the enemy not only defeated it but used it as a weapon. There's a hundred head-slapping moments in this book where you mutter "holy crap!" when you see how vulnerable some things have been.
Look, just buy the damn book, ok? If you have any responsibility for security, you need it. End of story..
It focuses very much on secure systems and their implementation, while at the same time acknowledging the drawbacks that plague secure systems every day. The topic range is extremely broad and the author does indeed have great knowledge regarding all the topics he writes about.
If you're unsure if this book is for you you should go to Robert Andersons website and download the 1st edition for free.
Would you like to see more reviews about this item?
Most recent customer reviews
Look for similar items by category