Security Engineering: A Guide to Building Dependable Distributed Systems - Softcover

Review

Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorized use, and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions about.

Be aware: This is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenious ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the cold war brought on a decline in defenses against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say), and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables. A terrific read for security professionals and general readers alike. --David Wall

Topics covered: How some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the U.S. Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology, and legal matters.

From the Publisher

Security engineering is about building systems to remain dependable in the face of malice, error or mischance. It requires cross-disciplinary expertise, ranging from cryptography and computer security to a knowledge of applied psychology, management and the law. Although there are good books on many of these disciplines, this book is the first to bring them together into a comprehensive guide to building complete systems. Written for the working programmer or engineer who needs to learn the subject quickly but has no time to do a PhD in it, the book brings the subject to life with detailed descriptions of automatic teller machines, burglar alarms, copyright protection mechanisms, de-identified medical record databases, electronic warfare systems, and other critical applications. It also covers a lot of technology for which there isn't any good introductory text, such as biometrics, tamper-resistant electronics and the tricks used in phone fraud.

Over the next few years, the Internet will grow to include all sorts of things besides PCs. By 2003, there will be more mobile phones connected than computers, and within a few years we'll see many of the world's fridges, heart monitors, bus ticket dispensers and burglar alarms talking IP. Things will be further complicated by the spread of peer-to-peer models of networking. Securing real applications in this sort of environment is one of the biggest engineering challenges of the next ten years. This book will help you to meet the challenge.