DescriptionThe world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here's straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.
Preface to the Second Edition xxv
Foreword by Bruce Schneier xxvii
Chapter 1 What Is Security Engineering? 3
Chapter 2 Usability and Psychology 17
Chapter 3 Protocols 63
Chapter 4 Access Control 93
Chapter 5 Cryptography 129
Chapter 6 Distributed Systems 185
Chapter 7 Economics 215
Chapter 8 Multilevel Security 239
Chapter 9 Multilateral Security 275
Chapter 10 Banking and Bookkeeping 313
Chapter 11 Physical Protection 365
Chapter 12 Monitoring and Metering 389
Chapter 13 Nuclear Command and Control 415
Chapter 14 Security Printing and Seals 433
Chapter 15 Biometrics 457
Chapter 16 Physical Tamper Resistance 483
Chapter 17 Emission Security 523
Chapter 18 API Attacks 547
Chapter 19 Electronic and Information Warfare 559
Chapter 20 Telecom System Security 595
Chapter 21 Network Attack and Defense 633
Chapter 22 Copyright and DRM 679
Chapter 23 The Bleeding Edge 727
Chapter 24 Terror, Justice and Freedom 769
Chapter 25 Managing the Development of Secure Systems 815
Chapter 26 System Evaluation and Assurance 857
Chapter 27 Conclusions 889
- Covers the basic concepts of Security Engineering (including examples of systems and failures).
- New applications - what people try to do with security: military, medical records, banking, burglar alarms, telephone systems, cash machines, hardware, copyright, seals, biometrics, counterfeit, Internet intrusion detection.
- Tools - how they do it: cryptography, DES, AES, Skipjack, Unix passwords, hash functions, stream ciphers, public key basics.
- What it all means to designing secure distributed systems for real-world applications.