Security Engineering A Guide to Building Dependable Distributed Systems

Name: Security Engineering A Guide to Building Dependable Distributed Systems
Price: 9.89 USD
Availability: InStock
ISBN: 9780471389224

ISBN-10: 0471389226

ISBN-13: 9780471389224

Edition: 2001

Authors: Ross J. Anderson

List price: $80.00

30 day, 100% satisfaction guarantee!

Marketplace

2 new & used from $9.89

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Description:

"If you're even thinking of doing any security engineering, you need to read this book. It's the first, and only, end-to-end modern security design and engineering book ever written."-Bruce Schneier "Many people are anxious about Internet security for PCs and servers," says leading expert Ross Anderson, "as if that's all there is when in reality security problems have just begun. By 2003, there may be more mobile phones on the Net than PCs, and they will be quickly followed by network-connected devices from refrigerators to burglar alarms to heart monitors. How will we manage the risks?" Dense with anecdotes and war stories, readable, up-to-date and full of pointers to recent research,…

Book details

List price: $80.00
Copyright year: 2001
Publisher: John Wiley & Sons, Incorporated
Publication date: 3/23/2001
Binding: Paperback
Pages: 640
Size: 7.75" wide x 9.50" long x 1.50" tall
Weight: 2.332
Language: English

Ross Anderson is Professor of Security Engineering at Cambridge University and a pioneer of security economics. Widely recognized as one of the world's foremost authorities on security, he has published many studies of how real security systems fail and made trailblazing contributions to numerous technologies from peer-to-peer systems and API analysis through hardware security.



Preface


About the Author


Foreword


Acknowledgments


Legal Notice





What Is Security Engineering?


Example 1: A Bank


Example 2: An Air Force Base


Example 3: A Hospital


Example 4: The Home


Definitions


Summary


Protocols


Password Eavesdropping Risks


Who Goes There? Simple Authentication


Manipulating the Message


Changing the Environment


Chosen Protocol Attacks


Managing Encryption Keys


Getting Formal


Summary


Research Problems


Further Reading


Passwords


Basics


Applied Psychology Issues


System Issues


Technical Protection of Passwords


Summary


Research Problems


Further Reading


Access Control


Introduction


Operating System Access Controls


Hardware Protection


What Goes Wrong


Summary


Research Problems


Further Reading


Cryptography


Introduction


Historical Background


The Random Oracle Model


Symmetric Crypto Primitives


Modes of Operation


Hash Functions


Asymmetric Crypto Primitives


Summary


Research Problems


Further Reading


Distributed Systems


Concurrency


Fault Tolerance and Failure Recovery


Naming


Summary


Research Problems


Further Reading





Multilevel Security


Introduction


What Is a Security Policy Model?


The Bell-LaPadula Security Policy Model


Examples of Multilevel Secure Systems


What Goes Wrong


Broader Implications of MLS


Summary


Research Problems


Further Reading


Multilateral Security


Introduction


Compartmentation, the Chinese Wall, and the BMA Model


Inference Control


The Residual Problem


Summary


Research Problems


Further Reading


Banking and Bookkeeping


Introduction


How Bank Computer Systems Work


Wholesale Payment Systems


Automatic Teller Machines


Summary


Research Problems


Further Reading


Monitoring Systems


Introduction


Alarms


Prepayment Meters


Taximeters, Tachographs, and Truck Speed Limiters


Summary


Research Problems


Further Reading


Nuclear Command and Control


Introduction


The Kennedy Memorandum


Unconditionally Secure Authentication Codes


Shared Control Schemes


Tamper Resistance and PALs


Treaty Verification


What Goes Wrong


Secrecy or Openness?


Summary


Research Problem


Further Reading


Security Printing and Seals


Introduction


History


Security Printing


Packaging and Seals


Systemic Vulnerabilities


Evaluation Methodology


Summary


Research Problems


Further Reading


Biometrics


Introduction


Handwritten Signatures


Face Recognition


Fingerprints


Iris Codes


Voice Recognition


Other Systems


What Goes Wrong


Summary


Research Problems


Further Reading


Physical Tamper Resistance


Introduction


History


High-End Physically Secure Processors


Evaluation


Medium-Security Processors


Smartcards and Microcontrollers


What Goes Wrong


What Should Be Protected?


Summary


Research Problems


Further Reading


Emission Security


Introduction


History


Technical Surveillance and Countermeasures


Passive Attacks


Active Attacks


How Serious Are Emsec Attacks?


Summary


Research Problems


Further Reading


Electronic and Information Warfare


Introduction


Basics


Communications Systems


Surveillance and Target Acquisition


IFF Systems


Directed Energy Weapons


Information Warfare


Summary


Research Problems


Further Reading


Telecom System Security


Introduction


Phone Phreaking


Mobile Phones


Corporate Fraud


Summary


Research Problems


Further Reading


Network Attack and Defense


Introduction


Vulnerabilities in Network Protocols


Defense against Network Attack


Trojans, Viruses, and Worms


Intrusion Detection


Summary


Research Problems


Further Reading


Protecting E-Commerce Systems


Introduction


A Telegraphic History of E-Commerce


An Introduction to Credit Cards


Online Credit Card Fraud: The Hype and the Reality


Cryptographic Protection Mechanisms


Network Economics


Competitive Applications and Corporate Warfare


What Else Goes Wrong


What Can a Merchant Do?


Summary


Research Problems


Further Reading


Copyright and Privacy Protection


Introduction


Copyright


Information Hiding


Privacy Mechanisms


Summary


Research Problems


Further Reading





E-Policy


Introduction


Cryptography Policy


Copyright


Data Protection


Evidential Issues


Other Public Sector Issues


Summary


Research Problems


Further Reading


Management Issues


Introduction


Managing a Security Project


Methodology


Security Requirements Engineering


Risk Management


Economic Issues


Summary


Research Problems


Further Reading


System Evaluation and Assurance


Introduction


Assurance


Evaluation


Ways Forward


Summary


Research Problems


Further Reading


Conclusions


Bibliography


Index