Security Engineering: A Guide to Building Dependable Distributed Systems Hardcover – Apr 14 2008
Frequently Bought Together
Customers Who Bought This Item Also Bought
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
To get the free app, enter your mobile phone number.
"At over a thousand pages, this is a comprehensive volume." Engineering & Technology Saturday 7 June 2008
From the Back Cover
"Security engineering is different from any other kind of programming. . . . if you're even thinking of doing any security engineering, you need to read this book."
— Bruce Schneier
"This is the best book on computer security. Buy it, but more importantly, read it and apply it in your work."
— Gary McGraw
This book created the discipline of security engineering
The world has changed radically since the first edition was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy — and as they specialize, they get better. New applications, from search to social networks to electronic voting machines, provide new targets. And terrorism has changed the world. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice.
Here's straight talk about
- Technical engineering basics — cryptography, protocols, access controls, and distributed systems
Types of attack — phishing, Web exploits, card fraud, hardware hacks, and electronic warfare
Specialized protection mechanisms — what biometrics, seals, smartcards, alarms, and DRM do, and how they fail
Security economics — why companies build insecure systems, why it's tough to manage security projects, and how to cope
Security psychology — the privacy dilemma, what makes security too hard to use, and why deception will keep increasing
Policy — why governments waste money on security, why societies are vulnerable to terrorism, and what to do about it
What Other Items Do Customers Buy After Viewing This Item?
Top Customer Reviews
First, Ross Anderson's vast knowledge, experience and insight on the subject are well known, and his reputation as one of the top security experts in the world is well deserved. No doubt a reflection of this, his book covers a very broad range of security topics, the discussions ranging from high-level policy issues, all the way down to details of smartcard hacking and the mathematics of cryptography. The topics are well researched and described at a level of detail useful to the non-specialist. Concise summaries and occasional nuggets of insight indicate an in-depth understanding of the subject matter. The book is well written, easy to follow, and devoid of the vagueness and platitudes so typical of much of the security literature.
Second, the book exposes the sheer difficulty of engineering secure systems in the face of the many forces at play in a typical product development lifecycle. Through many case studies of success and failure, the author illustrates the numerous pitfalls that may befall even a well-intentioned design. Lessons learned from deploying products in the real world include the negative impact of perverse economic incentives, the importance of designing security features for maximum usability, and the need to look at a security problem from many different angles in a holistic manner. The book is a treasure trove of wisdom for the aspiring security engineer.
Lastly, the book brings together insight from many diverse areas of research.Read more ›
Ross Anderson has a unique perspective to offer. He explains complex information, such as the inner working of cryptographic functions, with a clear and precise manner, while at the same time always relating the content to the real world. He possess a rare combination of expertise in theory and experience in practice.
This book covers everything from security of ATM machines, to secure printing; from multi-level security to information warfare; from hardware security to e-commerce; from legal issues to intellectual property protection; from biometrics to tamper resistance. In short, Anderson's book basically covers the entire field of computer security. It is also refreshing that the book is as deep as it is broad.
I will use this book to teach and also to learn. It is a good read cover to cover, and I imagine it will make a fine textbook for many classes on computer security. Every chapter ends with suggestions for interesting research problems and further reading.
As I was reading this book, I kept asking myself how one person could have produced such a comprehensive and complete book. It is indeed a treasure.
Two elements combine make this book unique: first, the book manages to cover all of the major topics in the field, and second, the book covers the whole range of attacks that systems can face: technical, procedural and physical. Historically, writers on information security have focused on computers and disembodied "users," downplaying the crucial issues of physical security, perimeters, operating procedures, and the limits of human behavior. This book tries to integrate such concerns into information security thinking, instead of treating them as "special concerns that computer geeks don't really care about."
Best of all, the book is a great read. Ross has a fine way of drawing out the irony we encounter in user behavior, enterprise behavior, and even in the actions of presumed authorities in industry and government. At one point he discusses a government endorsed security evaluation process "which, as mentioned, is sufficient to keep out all attackers but the competent ones."
Ross unabashedly explains several aspects of information security that most writers ignore entirely, like security printing, seals, tamper resistance, and associated procedures. In my own books, reviewers have chided me for including such "irrelevant" topics, even though they play an essential part in making a real system work. As Ross ably points out, most successful attacks these days are pretty mundane and don't involve cryptanalysis or sophisticated protocol hacking. ATM fraud, for example, often relies on pre-computer technology like binoculars to pick up a victim's PIN. This book should open a lot of peoples' eyes.
The book is very dense in information and at first, its format was making it tedious for me to read. It did take around 3 chapters before I get accustomed to the format. Once, this aspect was out of the way, this book became amazingly interesting. It describes systems used in banking, by diplomats, military, for nuclear weapons, police, set-up box TV decoders smart cards and anti tampering devices in general, spies, biometric authentication, etc.. and focus on the security protocols used by these systems and then highlights the weaknesses of the systems and how people have figured out how to workaround these protocols.
The best quality of the book is that it will help you to better understand the mindset of a secure system designer and a system hacker.
Most recent customer reviews
People love this book. There's no doubt about it, it is a good book and an important work in the field. Read morePublished 27 days ago by Karim Sultan
Anderson has successfully synthesized an incredibly diverse set of literature and, as a result, the book is useful for any person who is involved in security. Read morePublished on Sept. 24 2011 by Christopher Parsons
This is the book where anybody in the field can find something to learn.
Deep and wide coverage of a broad range of topics with extended bibliography for further reading... Read more
Mr. Anderson is a first rate, major league expert in his field and this comes across in the substantive, technical content of his writing. Read morePublished on June 20 2004 by Chas
Security Engineering is clearly one of the most definitive security books ever!
Ross Anderson writes on nearly every major security topic in great depth and with vast insight.
Five stars for Ross Anderson's Security Engineering are just not enough - you have to read the book to understand what I mean. Read morePublished on July 2 2003 by Ed
This book changes everything. "Security Engineering" is the new must-read book for any serious information security professional. Read morePublished on June 26 2002 by Richard Bejtlich
Ross Anderson's research group at Cambridge University is one of the best known in the computer security community, regularly winning best paper awards at the most prestigious... Read morePublished on June 7 2002 by Stuart E. Schechter
Look for similar items by category
- Books > Business & Investing > Industries & Professions > E-commerce
- Books > Computers & Technology > Certification Central > Exams > Security+
- Books > Computers & Technology > Databases > Distributed Databases
- Books > Computers & Technology > Networking & Cloud Computing > Network Security
- Books > Computers & Technology > Networking & Cloud Computing > Networks, Protocols & APIs
- Books > Computers & Technology > Programming > Algorithms
- Books > Computers & Technology > Web Development > Security & Encryption > Encryption
- Books > Textbooks > Computer Science & Information Systems > Algorithms
- Books > Textbooks > Computer Science & Information Systems > Networking