Security Engineering, 2nd Edition
“Security engineering is different from any other kind of programming. . . . if you’re even thinking of doing any security engineering, you need to read this book.”
— Bruce Schneier
“This is the best book on computer security. Buy it, but more importantly, read it and apply it in your work.”
— Gary McGraw
This book created the discipline of security engineering
The world has changed radically since the first edition was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy — and as they specialize, they get better. New applications, from search to social networks to electronic voting machines, provide new targets. And terrorism has changed the world. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice.
Here’s straight talk about
- Technical engineering basics — cryptography, protocols, access controls, and distributed systems
- Types of attack — phishing, Web exploits, card fraud, hardware hacks, and electronic warfare
- Specialized protection mechanisms — what biometrics, seals, smartcards, alarms, and DRM do, and how they fail
- Security economics — why companies build insecure systems, why it’s tough to manage security projects, and how to cope
- Security psychology — the privacy dilemma, what makes security too hard to use, and why deception will keep increasing
- Policy — why governments waste money on security, why societies are vulnerable to terrorism, and what to do about it
Table of Contents
Part I:
Chapter 1. What Is Security Engineering?
Chapter 2. Usability and Psychology
Chapter 3. Protocols
Chapter 4. Access Control
Chapter 5. Cryptography
Chapter 6. Distributed Systems
Chapter 7. Economics
Part II:
Chapter 8. Multilevel Security
Chapter 9. Multilateral Security
Chapter 10. Banking and Bookkeeping
Chapter 11. Physical Protection
Chapter 12. Monitoring and Metering
Chapter 13. Nuclear Command and Control
Chapter 14. Security Printing and Seals
Chapter 15. Biometrics
Chapter 16. Physical Tamper Resistance
Chapter 17. Emission Security
Chapter 18. API Attacks
Chapter 19. Electronic and Information Warfare
Chapter 20. Telecom System Security
Chapter 21. Network Attack and Defense
Chapter 22. Copyright and DRM
Chapter 23. The Bleeding Edge
Part III:
Chapter 24. Terror, Justice and Freedom
Chapter 25. Managing the Development of Secure Systems
Chapter 26. System Evaluation and Assurance
Chapter 27. Conclusions
Book Details
- Hardcover: 1080 pages
- Publisher: Wiley; 2nd Edition (April 2008)
- Language: English
- ISBN-10: 0470068523
- ISBN-13: 978-0470068526