Security Engineering: Difference between revisions

Revision as of 10:19, 28 June 2010

Full Title of Reference

Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition

Full Citation

Ross J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems (2d ed. 2008)

BibTeX

Categorization

Overview: Books
Threats and Actors: Financial Institutions and Networks; Military Networks (.mil); Public Data Networks; Telephone; Terrorists

Issues: Economics of Cybersecurity; Espionage; Incentives; Government to Government; Cybercrime; Cyberwar

Approaches: Regulation/Liability

Key Words

Antivirus, Botnet, Computer Network Attack, Credit Card Fraud, Cyber Crime, Cyber Security as an Externality, Cyber Security as a Public Good, Cyber Warfare, DDoS Attack, Hackers, Honeypot, Identity Fraud/Theft, Internet Relay Chat (IRC), Internet Service Providers, Keylogger, Malware, Organized Crime, Password Weakness, Patching, Phishing, Shoulder Surfing, Social Engineering, Software Vulnerability, SPAM, Trojan, White Hat, Whitelist, Worm, Zero-Day Exploit

Synopsis

This book is a security design manual for embedded systems. The author provides the crucial do's and don'ts of creating high quality security software that works to prevent all manner of security breaches. Topics range from firewalls, through phone phreaking and copyright protection, to frauds against e-businesses. Anderson's book shows how to use a wide range of tools, from cryptology through smartcards to applied psychology. The revisions and updates include more than 200 new pages on Vista, Xen, phishing, Google issues, declassified military doctrine, "Richard Clarke issues," Skype, mobile fraud, music security issues, antitrust issues, and more.

Additional Notes and Highlights

Table of Contents with selected chapters available online:

Table of Contents
Preface to the Second Edition.
  Foreword by Bruce Schneier.
  Preface.
  Acknowledgments.
  Part I.
    Chapter 1 What Is Security Engineering?
    Chapter 2 Usability and Psychology.
    Chapter 3 Protocols.
    Chapter 4 Access Control.
    Chapter 5 Cryptography.
    Chapter 6 Distributed Systems.
    Chapter 7 Economics.
  Part II.
    Chapter 8 Multilevel Security.
    Chapter 9 Multilateral Security.
    Chapter 10 Banking and Bookkeeping.
    Chapter 11 Physical Protection.
    Chapter 12 Monitoring and Metering.
    Chapter 13 Nuclear Command and Control.
    Chapter 14 Security Printing and Seals.
    Chapter 15 Biometrics.
    Chapter 16 Physical Tamper Resistance.
    Chapter 17 Emission Security.
    Chapter 18 API Attacks.
    Chapter 19 Electronic and Information Warfare.
    Chapter 20 Telecom System Security.
    Chapter 21 Network Attack and Defense.
    Chapter 22 Copyright and DRM.
    Chapter 23 The Bleeding Edge.
  Part III.
    Chapter 24 Terror, Justice and Freedom.
    Chapter 25 Managing the Development of Secure Systems.
    Chapter 26 System Evaluation and Assurance.
    Chapter 27 Conclusions.
  Bibliography.
  Index.

Author's Notes and Addenda to the Second Edition

The complete First Edition in PDF format

Revision as of 10:19, 28 June 2010 (view source) WikiSysop (talk \| contribs) No edit summary ← Older edit		Revision as of 10:19, 28 June 2010 (view source) WikiSysop (talk \| contribs) No edit summary Newer edit →
Line 99:		Line 99:
	[http://www.cl.cam.ac.uk/~rja14/book/notes.html Author's Notes and Addenda to the Second Edition]		[http://www.cl.cam.ac.uk/~rja14/book/notes.html Author's Notes and Addenda to the Second Edition]

	[http://www.cl.cam.ac.uk/~rja14/musicfiles/manuscripts/SEv1.pdf ~~Full PDF of the~~ First Edition]		[http://www.cl.cam.ac.uk/~rja14/musicfiles/manuscripts/SEv1.pdf The complete First Edition in PDF format]