Book
Description
The first quick reference guide to the do's and don'ts of creating
high quality security systems.
Ross Anderson, widely recognized as one of the world's foremost
authorities on security engineering, presents a comprehensive
design tutorial that covers a wide range of applications. Designed
for today's programmers who need to build systems that withstand
malice as well as error (but have no time to go do a PhD in
security), this book illustrates basic concepts through many
real-world system design successes and failures. Topics range from
firewalls, through phone phreaking and copyright protection, to
frauds against e-businesses. Anderson's book shows how to use a
wide range of tools, from cryptology through smartcards to applied
psychology. As everything from burglar alarms through heart
monitors to bus ticket dispensers starts talking IP, the
techniques taught in this book will become vital to everyone who
wants to build systems that are secure, dependable and manageable.
Synopsis
Security engineering is about building systems to remain
dependable in the face of malice, error or mischance. It requires
cross-disciplinary expertise, ranging from cryptography and
computer security to a knowledge of applied psychology, management
and the law. This book brings them together into a comprehensive
guide to building complete systems. Written for the working
programmer or engineer who needs to learn the subject quickly but
has no time to do a PhD in it, there are detailed descriptions of
automatic teller machines, burglar alarms, copyright protection
mechanisms, de-identified medical record databases, electronic
warfare systems, and other critical applications. It also covers a
lot of technology such as biometrics, tamper-resistant electronics
and the tricks used in phone fraud. Over the next few years it is
predicted that: the Internet will grow to include all sorts of
things besides PCs; by 2003, there will be more mobile phones
connected than computers; and within a few years we'll see many of
the world's fridges, heart monitors, bus ticket dispensers and
burglar alarms talking IP. Things will be further complicated by
the spread of peer-to-peer models of networking. Securing real
applications in this sort of environment is one of the biggest
engineering challenges to 2010. This book aims to help meet the
challenge.
From the Publisher
Security engineering is about building systems to remain
dependable in the face of malice, error or mischance. It requires
cross-disciplinary expertise, ranging from cryptography and
computer security to a knowledge of applied psychology, management
and the law. Although there are good books on many of these
disciplines, this book is the first to bring them together into a
comprehensive guide to building complete systems. Written for the
working programmer or engineer who needs to learn the subject
quickly but has no time to do a PhD in it, the book brings the
subject to life with detailed descriptions of automatic teller
machines, burglar alarms, copyright protection mechanisms,
de-identified medical record databases, electronic warfare
systems, and other critical applications. It also covers a lot of
technology for which there isn't any good introductory text, such
as biometrics, tamper-resistant electronics and the tricks used in
phone fraud.
Over the next few years, the Internet will grow to include all
sorts of things besides PCs. By 2003, there will be more mobile
phones connected than computers, and within a few years we'll see
many of the world's fridges, heart monitors, bus ticket dispensers
and burglar alarms talking IP. Things will be further complicated
by the spread of peer-to-peer models of networking. Securing real
applications in this sort of environment is one of the biggest
engineering challenges of the next ten years. This book will help
you to meet the challenge.
From the Author
This is the book I wish had been around in the early 1980s when I
started earning my living doing security engineering. Then, there
were plenty books and research papers on theory, but little on the
actual practice. Nowadays, the situation is still much the same.
And just as bridge builders learn more from the one bridge that
falls down than from the hundreds that don't, so security
engineers can learn much more from studying how real systems have
been built - and, especially, how they have failed. The real
problems have to do with system-level concepts; they lie in
understanding what your application's protection requirements
really are, and how you can combine the available mechanisms
intelligently to meet them.
This book distills the system know-how I've learnt in years as
a banker, in more years as a security consultant, and in still
more years as an academic. Putting it together has been fun. It's
also been a valuable research exercise: there's no better way of
finding out what you don't know than trying to write down what you
do. With luck, this book will serve as a snapshot of what we know
- and of what we don't - at the beginning of the twenty-first
century.
I hope you have as much fun reading it as I had writing it!
|
