Security Engineering: A Guide to Building Dependable Distributed Systems [Hardcover]

Ross J. Anderson (Author)

Book Description

Publication Date: April 14, 2008 | ISBN-10: 0470068523 | ISBN-13: 978-0470068526 | Edition: 2

The world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here?s straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.

Editorial Reviews

Review

"At over a thousand pages, this is a comprehensive volume." Engineering & Technology Saturday 7 June 2008

From the Back Cover

"Security engineering is different from any other kind of programming. . . . if you're even thinking of doing any security engineering, you need to read this book."
— Bruce Schneier

"This is the best book on computer security. Buy it, but more importantly, read it and apply it in your work."
— Gary McGraw

This book created the discipline of security engineering

The world has changed radically since the first edition was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy — and as they specialize, they get better. New applications, from search to social networks to electronic voting machines, provide new targets. And terrorism has changed the world. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice.

Here's straight talk about

• Technical engineering basics — cryptography, protocols, access controls, and distributed systems

• Types of attack — phishing, Web exploits, card fraud, hardware hacks, and electronic warfare

• Specialized protection mechanisms — what biometrics, seals, smartcards, alarms, and DRM do, and how they fail

• Security economics — why companies build insecure systems, why it's tough to manage security projects, and how to cope

• Security psychology — the privacy dilemma, what makes security too hard to use, and why deception will keep increasing

• Policy — why governments waste money on security, why societies are vulnerable to terrorism, and what to do about it

See all Editorial Reviews

Product Details

• Hardcover: 1080 pages
• Publisher: Wiley; 2 edition (April 14, 2008)
• Language: English
• ISBN-10: 0470068523
• ISBN-13: 978-0470068526
• Product Dimensions: 7.7 x 2.4 x 9.6 inches
• Shipping Weight: 3.8 pounds (View shipping rates and policies)
• Average Customer Review: 4.5 out of 5 stars  See all reviews (14 customer reviews)
• Amazon Best Sellers Rank: #141,725 in Books (See Top 100 in Books)
  • #23 in Books > Computers & Technology > Certification > CompTIA
  • #63 in Books > Computers & Technology > Security & Encryption > Encryption

More About the Author

Discover books, learn about writers, read author blogs, and more.

Most Helpful Customer Reviews

9 of 9 people found the following review helpful

5.0 out of 5 stars A profoundly influential work written by a world-class security expert November 17, 2008

By Jacob Gajek

Format:Hardcover

For the typical busy security professional, reading a 900-page tome cover to cover represents an investment of time that may be difficult to justify. Frankly, security books that are worth the effort are few and far between. Security Engineering is one such book, for several reasons.

First, Ross Anderson's vast knowledge, experience and insight on the subject are well known, and his reputation as one of the top security experts in the world is well deserved. No doubt a reflection of this, his book covers a very broad range of security topics, the discussions ranging from high-level policy issues, all the way down to details of smartcard hacking and the mathematics of cryptography. The topics are well researched and described at a level of detail useful to the non-specialist. Concise summaries and occasional nuggets of insight indicate an in-depth understanding of the subject matter. The book is well written, easy to follow, and devoid of the vagueness and platitudes so typical of much of the security literature.

Second, the book exposes the sheer difficulty of engineering secure systems in the face of the many forces at play in a typical product development lifecycle. Through many case studies of success and failure, the author illustrates the numerous pitfalls that may befall even a well-intentioned design. Lessons learned from deploying products in the real world include the negative impact of perverse economic incentives, the importance of designing security features for maximum usability, and the need to look at a security problem from many different angles in a holistic manner. The book is a treasure trove of wisdom for the aspiring security engineer.

Lastly, the book brings together insight from many diverse areas of research. Disciplines ranging from economics, psychology, sociology, criminology, banking and bookkeeping, safety research, electronic warfare, to politics are all mined for ideas and results that could yield a better understanding of - and novel approaches to - difficult security problems. It is perhaps in this aspect that the book will prove to be most influential. Since the first edition was published in 2001, security economics, security usability, and security psychology have emerged as fertile areas of research.

4 of 4 people found the following review helpful

5.0 out of 5 stars Excellent, readable, current January 16, 2011

By Greg

Format:Kindle Edition|Amazon Verified Purchase

Certainly a top 5 in its space. Especially notable for its broad coverage and excellent references to other more detailed material. This is a very worthwhile update from the first edition (which is freely available from the author's web site as a PDF).

1 of 1 people found the following review helpful

5.0 out of 5 stars Solid security book March 16, 2013

By Taylor D. Kelley

Format:Hardcover|Amazon Verified Purchase

Houses several of the most concepts in a readily accessible fashion. Outside of the CISSP book this one I a solid second to own.