Security Engineering, 3rd Edition

Security Engineering, 3rd Edition

by Ross Anderson
Released
Publisher(s): Wiley
ISBN: None

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

None

Table of contents

  1. Cover
  2. Title Page
  3. Preface to the Third Edition
  4. Preface to the Second Edition
  5. Preface to the First Edition
  6. For my daughter, and other lawyers…
  7. Foreword
  8. PART I
    1. CHAPTER 1: What Is Security Engineering?
      1. 1.1 Introduction
      2. 1.2 A framework
      3. 1.3 Example 1 – a bank
      4. 1.4 Example 2 – a military base
      5. 1.5 Example 3 – a hospital
      6. 1.6 Example 4 – the home
      7. 1.7 Definitions
      8. 1.8 Summary
      9. Note
    2. CHAPTER 2: Who Is the Opponent?
      1. 2.1 Introduction
      2. 2.2 Spies
      3. 2.3 Crooks
      4. 2.4 Geeks
      5. 2.5 The swamp
      6. 2.6 Summary
      7. Research problems
      8. Further reading
      9. Notes
    3. CHAPTER 3: Psychology and Usability
      1. 3.1 Introduction
      2. 3.2 Insights from psychology research
      3. 3.3 Deception in practice
      4. 3.4 Passwords
      5. 3.5 CAPTCHAs
      6. 3.6 Summary
      7. Research problems
      8. Further reading
      9. Notes
    4. CHAPTER 4: Protocols
      1. 4.1 Introduction
      2. 4.2 Password eavesdropping risks
      3. 4.3 Who goes there? – simple authentication
      4. 4.4 Manipulating the message
      5. 4.5 Changing the environment
      6. 4.6 Chosen protocol attacks
      7. 4.7 Managing encryption keys
      8. 4.8 Design assurance
      9. 4.9 Summary
      10. Research problems
      11. Further reading
      12. Notes
    5. CHAPTER 5: Cryptography
      1. 5.1 Introduction
      2. 5.2 Historical background
      3. 5.3 Security models
      4. 5.4 Symmetric crypto algorithms
      5. 5.5 Modes of operation
      6. 5.6 Hash functions
      7. 5.7 Asymmetric crypto primitives
      8. 5.8 Summary
      9. Research problems
      10. Further reading
      11. Notes
    6. CHAPTER 6: Access Control
      1. 6.1 Introduction
      2. 6.2 Operating system access controls
      3. 6.3 Hardware protection
      4. 6.4 What goes wrong
      5. 6.5 Summary
      6. Research problems
      7. Further reading
      8. Notes
    7. CHAPTER 7: Distributed Systems
      1. 7.1 Introduction
      2. 7.2 Concurrency
      3. 7.3 Fault tolerance and failure recovery
      4. 7.4 Naming
      5. 7.5 Summary
      6. Research problems
      7. Further reading
      8. Notes
    8. CHAPTER 8: Economics
      1. 8.1 Introduction
      2. 8.2 Classical economics
      3. 8.3 Information economics
      4. 8.4 Game theory
      5. 8.5 Auction theory
      6. 8.6 The economics of security and dependability
      7. 8.7 Summary
      8. Research problems
      9. Further reading
      10. Notes
  9. PART II
    1. CHAPTER 9: Multilevel Security
      1. 9.1 Introduction
      2. 9.2 What is a security policy model?
      3. 9.3 Multilevel security policy
      4. 9.4 Historical examples of MLS systems
      5. 9.5 MAC: from MLS to IFC and integrity
      6. 9.6 What goes wrong
      7. 9.7 Summary
      8. Research problems
      9. Further reading
      10. Notes
    2. CHAPTER 10: Boundaries
      1. 10.1 Introduction
      2. 10.2 Compartmentation and the lattice model
      3. 10.3 Privacy for tigers
      4. 10.4 Health record privacy
      5. 10.5 Summary
      6. Research problems
      7. Further reading
      8. Notes
    3. CHAPTER 11: Inference Control
      1. 11.1 Introduction
      2. 11.2 The early history of inference control
      3. 11.3 Differential privacy
      4. 11.4 Mind the gap?
      5. 11.5 Summary
      6. Research problems
      7. Further reading
      8. Notes
    4. CHAPTER 12: Banking and Bookkeeping
      1. 12.1 Introduction
      2. 12.2 Bookkeeping systems
      3. 12.3 Interbank payment systems
      4. 12.4 Automatic teller machines
      5. 12.5 Credit cards
      6. 12.6 EMV payment cards
      7. 12.7 Online banking
      8. 12.8 Nonbank payments
      9. 12.9 Summary
      10. Research problems
      11. Further reading
      12. Notes
    5. CHAPTER 13: Locks and Alarms
      1. 13.1 Introduction
      2. 13.2 Threats and barriers
      3. 13.3 Alarms
      4. 13.4 Summary
      5. Research problems
      6. Further reading
      7. Notes
    6. CHAPTER 14: Monitoring and Metering
      1. 14.1 Introduction
      2. 14.2 Prepayment tokens
      3. 14.3 Taxi meters, tachographs and truck speed limiters
      4. 14.4 Curfew tags: GPS as policeman
      5. 14.5 Postage meters
      6. 14.6 Summary
      7. Research problems
      8. Further reading
      9. Notes
    7. CHAPTER 15: Nuclear Command and Control
      1. 15.1 Introduction
      2. 15.2 The evolution of command and control
      3. 15.3 Unconditionally secure authentication
      4. 15.4 Shared control schemes
      5. 15.5 Tamper resistance and PALs
      6. 15.6 Treaty verification
      7. 15.7 What goes wrong
      8. 15.8 Secrecy or openness?
      9. 15.9 Summary
      10. Research problems
      11. Further reading
      12. Notes
    8. CHAPTER 16: Security Printing and Seals
      1. 16.1 Introduction
      2. 16.2 History
      3. 16.3 Security printing
      4. 16.4 Packaging and seals
      5. 16.5 Systemic vulnerabilities
      6. 16.6 Evaluation methodology
      7. 16.7 Summary
      8. Research problems
      9. Further reading
    9. CHAPTER 17: Biometrics
      1. 17.1 Introduction
      2. 17.2 Handwritten signatures
      3. 17.3 Face recognition
      4. 17.4 Fingerprints
      5. 17.5 Iris codes
      6. 17.6 Voice recognition and morphing
      7. 17.7 Other systems
      8. 17.8 What goes wrong
      9. 17.9 Summary
      10. Research problems
      11. Further reading
      12. Notes
    10. CHAPTER 18: Tamper Resistance
      1. 18.1 Introduction
      2. 18.2 History
      3. 18.3 Hardware security modules
      4. 18.4 Evaluation
      5. 18.5 Smartcards and other security chips
      6. 18.6 The residual risk
      7. 18.7 So what should one protect?
      8. 18.8 Summary
      9. Research problems
      10. Further reading
      11. Notes
    11. CHAPTER 19: Side Channels
      1. 19.1 Introduction
      2. 19.2 Emission security
      3. 19.3 Passive attacks
      4. 19.4 Attacks between and within computers
      5. 19.5 Environmental side channels
      6. 19.6 Social side channels
      7. 19.7 Summary
      8. Research problems
      9. Further reading
    12. CHAPTER 20: Advanced Cryptographic Engineering
      1. 20.1 Introduction
      2. 20.2 Full-disk encryption
      3. 20.3 Signal
      4. 20.4 Tor
      5. 20.5 HSMs
      6. 20.6 Enclaves
      7. 20.7 Blockchains
      8. 20.8 Crypto dreams that failed
      9. 20.9 Summary
      10. Research problems
      11. Further reading
      12. Notes
    13. CHAPTER 21: Network Attack and Defence
      1. 21.1 Introduction
      2. 21.2 Network protocols and service denial
      3. 21.3 The malware menagerie – Trojans, worms and RATs
      4. 21.4 Defense against network attack
      5. 21.5 Cryptography: the ragged boundary
      6. 21.6 CAs and PKI
      7. 21.7 Topology
      8. 21.8 Summary
      9. Research problems
      10. Further reading
      11. Notes
    14. CHAPTER 22: Phones
      1. 22.1 Introduction
      2. 22.2 Attacks on phone networks
      3. 22.3 Going mobile
      4. 22.4 Platform security
      5. 22.5 Summary
      6. Research problems
      7. Further reading
      8. Notes
    15. CHAPTER 23: Electronic and Information Warfare
      1. 23.1 Introduction
      2. 23.2 Basics
      3. 23.3 Communications systems
      4. 23.4 Surveillance and target acquisition
      5. 23.5 IFF systems
      6. 23.6 Improvised explosive devices
      7. 23.7 Directed energy weapons
      8. 23.8 Information warfare
      9. 23.9 Summary
      10. Research problems
      11. Further reading
      12. Note
    16. CHAPTER 24: Copyright and DRM
      1. 24.1 Introduction
      2. 24.2 Copyright
      3. 24.3 DRM on general-purpose computers
      4. 24.4 Information hiding
      5. 24.5 Policy
      6. 24.6 Accessory control
      7. 24.7 Summary
      8. Research problems
      9. Further reading
      10. Notes
    17. CHAPTER 25: New Directions?
      1. 25.1 Introduction
      2. 25.2 Autonomous and remotely-piloted vehicles
      3. 25.3 AI / ML
      4. 25.4 PETS and operational security
      5. 25.5 Elections
      6. 25.6 Summary
      7. Research problems
      8. Further reading
      9. Notes
  10. PART III
    1. CHAPTER 26: Surveillance or Privacy?
      1. 26.1 Introduction
      2. 26.2 Surveillance
      3. 26.3 Terrorism
      4. 26.4 Censorship
      5. 26.5 Forensics and rules of evidence
      6. 26.6 Privacy and data protection
      7. 26.7 Freedom of information
      8. 26.8 Summary
      9. Research problems
      10. Further reading
      11. Notes
    2. CHAPTER 27: Secure Systems Development
      1. 27.1 Introduction
      2. 27.2 Risk management
      3. 27.3 Lessons from safety-critical systems
      4. 27.4 Prioritising protection goals
      5. 27.5 Methodology
      6. 27.6 Managing the team
      7. 27.7 Summary
      8. Research problems
      9. Further reading
      10. Notes
    3. CHAPTER 28: Assurance and Sustainability
      1. 28.1 Introduction
      2. 28.2 Evaluation
      3. 28.3 Metrics and dynamics of dependability
      4. 28.4 The entanglement of safety and security
      5. 28.5 Sustainability
      6. 28.6 Summary
      7. Research problems
      8. Further reading
      9. Notes
    4. CHAPTER 29: Beyond “Computer Says No”
  11. Bibliography
  12. Index
  13. End User License Agreement

Product information

  • Title: Security Engineering, 3rd Edition
  • Author(s): Ross Anderson
  • Release date:
  • Publisher(s): Wiley
  • ISBN: None