• List Price: CDN$ 94.00
  • You Save: CDN$ 13.79 (15%)
Only 4 left in stock (more on the way).
Ships from and sold by Amazon.ca. Gift-wrap available.
Security Engineering: A G... has been added to your Cart
+ CDN$ 6.49 shipping
Used: Very Good | Details
Sold by Prabh Books-CA
Condition: Used: Very Good
Comment: P/B Low price Student edition in almost new condition. Delievery in 4-6 days
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 3 images

Security Engineering: A Guide to Building Dependable Distributed Systems Hardcover – Apr 14 2008

4.8 out of 5 stars 25 customer reviews

See all 4 formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
"Please retry"
CDN$ 80.21
CDN$ 55.03 CDN$ 36.74

Unlimited FREE Two-Day Shipping for Six Months When You Try Amazon Student
click to open popover

Frequently Bought Together

  • Security Engineering: A Guide to Building Dependable Distributed Systems
  • +
  • Cryptography Engineering: Design Principles and Practical Applications
Total price: CDN$ 119.01
Buy the selected items together

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Product Details

  • Hardcover: 1080 pages
  • Publisher: Wiley; 2 edition (April 14 2008)
  • Language: English
  • ISBN-10: 0470068523
  • ISBN-13: 978-0470068526
  • Product Dimensions: 19.6 x 6.1 x 24.2 cm
  • Shipping Weight: 1.8 Kg
  • Average Customer Review: 4.8 out of 5 stars 25 customer reviews
  • Amazon Bestsellers Rank: #141,230 in Books (See Top 100 in Books)
  •  Would you like to update product info, give feedback on images, or tell us about a lower price?

  • See Complete Table of Contents

Product Description


"At over a thousand pages, this is a comprehensive volume." Engineering & Technology Saturday 7 June 2008

From the Back Cover

"Security engineering is different from any other kind of programming. . . . if you're even thinking of doing any security engineering, you need to read this book."
— Bruce Schneier

"This is the best book on computer security. Buy it, but more importantly, read it and apply it in your work."
— Gary McGraw

This book created the discipline of security engineering

The world has changed radically since the first edition was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy — and as they specialize, they get better. New applications, from search to social networks to electronic voting machines, provide new targets. And terrorism has changed the world. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice.

Here's straight talk about

  • Technical engineering basics — cryptography, protocols, access controls, and distributed systems
  • Types of attack — phishing, Web exploits, card fraud, hardware hacks, and electronic warfare

  • Specialized protection mechanisms — what biometrics, seals, smartcards, alarms, and DRM do, and how they fail

  • Security economics — why companies build insecure systems, why it's tough to manage security projects, and how to cope

  • Security psychology — the privacy dilemma, what makes security too hard to use, and why deception will keep increasing

  • Policy — why governments waste money on security, why societies are vulnerable to terrorism, and what to do about it

See all Product Description

Customer Reviews

4.8 out of 5 stars
Share your thoughts with other customers

Top Customer Reviews

Format: Hardcover
For the typical busy security professional, reading a 900-page tome cover to cover represents an investment of time that may be difficult to justify. Frankly, security books that are worth the effort are few and far between. Security Engineering is one such book, for several reasons.

First, Ross Anderson's vast knowledge, experience and insight on the subject are well known, and his reputation as one of the top security experts in the world is well deserved. No doubt a reflection of this, his book covers a very broad range of security topics, the discussions ranging from high-level policy issues, all the way down to details of smartcard hacking and the mathematics of cryptography. The topics are well researched and described at a level of detail useful to the non-specialist. Concise summaries and occasional nuggets of insight indicate an in-depth understanding of the subject matter. The book is well written, easy to follow, and devoid of the vagueness and platitudes so typical of much of the security literature.

Second, the book exposes the sheer difficulty of engineering secure systems in the face of the many forces at play in a typical product development lifecycle. Through many case studies of success and failure, the author illustrates the numerous pitfalls that may befall even a well-intentioned design. Lessons learned from deploying products in the real world include the negative impact of perverse economic incentives, the importance of designing security features for maximum usability, and the need to look at a security problem from many different angles in a holistic manner. The book is a treasure trove of wisdom for the aspiring security engineer.

Lastly, the book brings together insight from many diverse areas of research.
Read more ›
One person found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse
Format: Paperback
It is about time that this book has been written!
Ross Anderson has a unique perspective to offer. He explains complex information, such as the inner working of cryptographic functions, with a clear and precise manner, while at the same time always relating the content to the real world. He possess a rare combination of expertise in theory and experience in practice.
This book covers everything from security of ATM machines, to secure printing; from multi-level security to information warfare; from hardware security to e-commerce; from legal issues to intellectual property protection; from biometrics to tamper resistance. In short, Anderson's book basically covers the entire field of computer security. It is also refreshing that the book is as deep as it is broad.
I will use this book to teach and also to learn. It is a good read cover to cover, and I imagine it will make a fine textbook for many classes on computer security. Every chapter ends with suggestions for interesting research problems and further reading.
As I was reading this book, I kept asking myself how one person could have produced such a comprehensive and complete book. It is indeed a treasure.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse
Format: Paperback
Those of us in the computer security business have been mining Ross Anderson's web site for years, since he's done some really unique and important work in the field. Finally he's pulled it into an incredible book, one that's essential for anyone interested in information security.
Two elements combine make this book unique: first, the book manages to cover all of the major topics in the field, and second, the book covers the whole range of attacks that systems can face: technical, procedural and physical. Historically, writers on information security have focused on computers and disembodied "users," downplaying the crucial issues of physical security, perimeters, operating procedures, and the limits of human behavior. This book tries to integrate such concerns into information security thinking, instead of treating them as "special concerns that computer geeks don't really care about."
Best of all, the book is a great read. Ross has a fine way of drawing out the irony we encounter in user behavior, enterprise behavior, and even in the actions of presumed authorities in industry and government. At one point he discusses a government endorsed security evaluation process "which, as mentioned, is sufficient to keep out all attackers but the competent ones."
Ross unabashedly explains several aspects of information security that most writers ignore entirely, like security printing, seals, tamper resistance, and associated procedures. In my own books, reviewers have chided me for including such "irrelevant" topics, even though they play an essential part in making a real system work. As Ross ably points out, most successful attacks these days are pretty mundane and don't involve cryptanalysis or sophisticated protocol hacking. ATM fraud, for example, often relies on pre-computer technology like binoculars to pick up a victim's PIN. This book should open a lot of peoples' eyes.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse
Format: Paperback
The title is maybe misleading. It is not really a guide that will show you a procedure step by step 'how to do' to build secure systems as most engineering books do. It is rather a survey of the different security protocols used in various fields. Of course, you can learn from the success and errors described in the book and use this knowledge for developing a new system but you will have to connect the dots yourself.

The book is very dense in information and at first, its format was making it tedious for me to read. It did take around 3 chapters before I get accustomed to the format. Once, this aspect was out of the way, this book became amazingly interesting. It describes systems used in banking, by diplomats, military, for nuclear weapons, police, set-up box TV decoders smart cards and anti tampering devices in general, spies, biometric authentication, etc.. and focus on the security protocols used by these systems and then highlights the weaknesses of the systems and how people have figured out how to workaround these protocols.

The best quality of the book is that it will help you to better understand the mindset of a secure system designer and a system hacker.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse

Most recent customer reviews