The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Security Engineering: A Guide to Building Dependable Distributed Systems'

Cover of Security Engineering: A Guide to Building Dependable Distributed Systems
TitleSecurity Engineering: A Guide to Building Dependable Distributed Systems
Author(s)Ross J. Anderson, Ross Anderson
ISBN0471389226
LanguageEnglish
PublishedJanuary 2001
PublisherJohn Wiley & Sons
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer security
Amazon.com info for Security Engineering: A Guide to Building Dependable Distributed Systems

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Security Engineering: A Guide to Building Dependable Distributed Systems':

Reviewer amazon.com wrote:
Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorized use, and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions about. Be aware: This is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenious ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the cold war brought on a decline in defenses against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say), and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables. A terrific read for security professionals and general readers alike. --David Wall Topics covered: How some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the U.S. Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology, and legal matters.
Reviewer Rob Slade wrote:
The preface states that this book is intended as a text for self-study or for a one term course, a reference for professionals, an introduction to the underlying concepts, and an original scientific contribution in terms of the foundational principles for security engineering. A very tall order to promise, but one which, for once, seems to have been fulfilled. I have often been asked, in regard to these reviews, whether there are, in fact, any books that I like. Well, I like this one. If you are involved with security and you haven't read it, you should. Part one deals with the basic concepts of engineering and security. Chapter one presents four example situations of security needs. Protocols are not limited to the precise but limited structures computer people are familiar with. A set of more conceptual, but more formal, authentication problems and protocols are advanced in chapter two. It is unlikely that the models presented exhaust the field, but some thought indicates that they are applicable to a wide variety of applications. (Anderson's writing is clear enough, but he does betray a taste for symbolic logic that might limit the audience for the book. Still, perserverence on the part of the reader will be amply rewarded.) Much the usual thoughts and advice on passwords is issued in chapter three, although the research is better documented, and some additional research (passphrase generated passwords are as secure as randomly assigned ones, and as memorable as naively chosen ones) is presented. It is strange not to see any mention of the work factor of passwords overall. Chapter four reviews access control, but primarily from the perspective of system and hardware internals. Cryptography, in chapter five, is covered reliably and well, although Anderson does not work overly hard to make the material easy to follow. The problems of distributed systems are examined; in terms of concurrency, failure resistance, and naming; in chapter six. Part two uses a number of applications of secure systems to introduce particular concepts or technologies. Chapter seven discusses multi- level security, which encompasses most of the formal security models such as Bell-LaPadula. Medical (and census) databases are used, in chapter eight, as examples of multilateral, or compartmented, security: the need to deal with information of equal sensitivity, but restricted to different groups. There is good discussion of inference and aggregation problems. Integrity controls, particularly related to the banking system and fraud, are presented in chapter nine, although the material is long on anecdotes, and contains weaker analysis than the preceding text. Chapter ten reviews monitoring systems, of both monitoring and metering types. In regard to nuclear command and control systems, chapter eleven examines the tension between availability (the ability to fire a missile) and confidentiality (or authentication: making sure nobody else does). Various aspects of the technology for security printing and seals is dealt with in chapter twelve. Biometrics, in chapter thirteen, gets a good, but fairly standard, treatment. Chapter fourteen delves into tamper-resistance in cryptographic gear and smartcards. The TEMPEST and Teapot (no, I'm not kidding) projects on emission security are reviewed in chapter fifteen. There is good coverage of the basics of traditional electronic warfare in chapter sixteen, although the material on information warfare is not as thorough. Chapter seventeen looks at telecommunications system security, with some material on phone phreaking and lots on cellular encryption. Network attack and defense, in chapter eighteen, is less focussed than other chapters, and adds malware. (There is an odd, and unexplained, assertion that malware would formerly have merited a full chapter: In correspondence, Anderson has said that the new email viruses show less diversity than the old DOS versions. I disagree. But then, I would, wouldn't I? :-) The relation of types of antiviral and intrusion detection systems is good. Chapter nineteen, on protecting e-commerce systems, has good information but mixed in a bit of a grab bag: e-commerce is always a bit of a fuzzy topic. There is solid coverage of recent controversies in regard to copyright and privacy protection, in chapter twenty. Part three turns to politics, management, and assurance. Chapter twenty one has a fascinating discussion of major issues in public policy. Management issues, in chapter twenty two, are presented in an interesting but generic manner. The discussion of system evaluation and assurance asks the usual question of how we know our systems are secure. In a sense, though, the subtitle of the book is wrong: much of the material points out how *not* to build dependable systems, and chapter twenty three is a bit disheartening. The conclusion, in chapter twenty four, is that we need more engineers and engineering. Although the material is presented in a very formal way, the writing is usually quite readable, and the exceptional stilted passages are still accessible to the determined reader. On occasion, one could hope for additional explanations of some items that are mentioned briefly and passed over, but, by and large, one has to agree with Bruce Schneier's assessment, reprinted on the book jacket, that this is one of the most comprehensive works on security concepts that is available. The constant emphasis on how security protections have failed can be depressing, but the examination of the errors of others does provide the basis for better designs in the future. copyright Robert M. Slade, 2002
Add my review for Security Engineering: A Guide to Building Dependable Distributed Systems

Book description:

The first quick reference guide to the do's and don'ts of creating high quality security systems. Ross Anderson, widely recognized as one of the world's foremost authorities on security engineering, presents a comprehensive design tutorial that covers a wide range of applications. Designed for today's programmers who need to build systems that withstand malice as well as error (but have no time to go do a PhD in security), this book illustrates basic concepts through many real-world system design successes and failures. Topics range from firewalls, through phone phreaking and copyright protection, to frauds against e-businesses. Anderson's book shows how to use a wide range of tools, from cryptology through smartcards to applied psychology. As everything from burglar alarms through heart monitors to bus ticket dispensers starts talking IP, the techniques taught in this book will become vital to everyone who wants to build systems that are secure, dependable and manageable.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement