Security Engineering: Difference between revisions

From Cybersecurity Wiki
Jump to navigation Jump to search
No edit summary
 
(22 intermediate revisions by the same user not shown)
Line 7: Line 7:


[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&title=Special:Bibliography&view=detailed&action=&keyword=Anderson_RJ:2008 ''BibTeX'']
[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&title=Special:Bibliography&view=detailed&action=&keyword=Anderson_RJ:2008 ''BibTeX'']
[http://books.google.com/books?id=ILaY4jBWXfcC&dq=Security+Engineering&ei=1NFRTNz5KJeMygTr6dDqBQ&cd=1 ''Google Books'']
[http://www.worldcat.org/title/security-engineering-a-guide-to-building-dependable-distributed-systems-second-edition/oclc/639194438&referer=brief_results ''World Cat'']
[http://www.amazon.com/Security-Engineering-Building-Dependable-Distributed/dp/0470068523/ref=sr_1_1?ie=UTF8&s=books&qid=1280430777&sr=8-1 ''Amazon'']


==Categorization==
==Categorization==
 
* Resource by Type: [[Books]]
* Overview: [[Books]]
* Threats and Actors: [[Criminals and Criminal Organizations]]; [[Financial Institutions and Networks]]; [[Military Networks (.mil)]]; [[Public Data Networks]]; [[Telephone]]; [[Terrorists]]
* Threats and Actors: [[Financial Institutions and Networks]]; [[Military Networks (.mil)]]; [[Public Data Networks]]; [[Telephone]]; [[Terrorists]]
 
* Issues: [[Economics of Cybersecurity]]; [[Espionage]]; [[Incentives]]; [[Government to Government]]; [[Cybercrime]]; [[Cyberwar]]
* Issues: [[Economics of Cybersecurity]]; [[Espionage]]; [[Incentives]]; [[Government to Government]]; [[Cybercrime]]; [[Cyberwar]]
* Approaches: [[Regulation/Liability]]
* Approaches: [[Regulation/Liability]]


Line 20: Line 20:


[[Keyword_Index_and_Glossary_of_Core_Ideas#Antivirus | Antivirus]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Antivirus | Antivirus]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Black_Hat | Black Hat]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Botnet | Botnet]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Botnet | Botnet]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Computer_Network_Attack | Computer Network Attack]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Computer_Network_Attack | Computer Network Attack]],
Line 43: Line 44:
[[Keyword_Index_and_Glossary_of_Core_Ideas#Software_Vulnerability | Software Vulnerability]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Software_Vulnerability | Software Vulnerability]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#SPAM | SPAM]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#SPAM | SPAM]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Trojan | Trojan
[[Keyword_Index_and_Glossary_of_Core_Ideas#Trojan | Trojan]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#White_Hat | White Hat]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#White_Hat | White Hat]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Whitelist | Whitelist]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Whitelist | Whitelist]],
Line 51: Line 52:
==Synopsis==
==Synopsis==


This book is a security design manual for embedded systems. The author provides the crucial do's and don'ts of creating high quality security software that works to prevent all manner of security breaches. Topics range from firewalls, through phone phreaking and copyright protection, to frauds against e-businesses. Anderson's book shows how to use a wide range of tools, from cryptology through smartcards to applied psychology. The revisions and updates include more than 200 new pages on Vista, Xen, phishing, Google issues, declassified military doctrine, "Richard Clarke issues," Skype, mobile fraud, music security issues, antitrust issues, and more.   
This book contains a comprehensive introduction to security engineering – the discipline of making systems resilient in the face of malice, error and mischance. The author provides the crucial do's and don'ts of creating high quality security software that works to prevent all manner of security breaches. Topics range from firewalls, through phone phreaking and copyright protection, to frauds against e-businesses. Anderson's book shows how to use a wide range of tools, from cryptology through smartcards to applied psychology.
 
A number of applications are described in some detail. These include the common electronic commerce protocols; copyright protection mechanisms (from pay-TV through DVD); the telephone system (including not just wireline phones but GSM and 3gpp); burglar alarms; medical record systems; banking systems (from automatic teller machines through branch bookkeeping to interbank money transfer); and a number of military systems (ranging from communications and logistics through electronic warfare). These are not just used to teach how tools such as cryptography should be applied, but a number of general system-level lessons – such as what makes systems vulnerable to service denial attacks, and how to manage the trade-off between false alarms and missed alarms.
 
The book also provides a reference to a number of attack and defence technologies. These include anonymity systems (from anonymous remailers through de-identified medical databases); biometrics; security printing and seals; tamper-resistant electronics; emission security (from Tempest protection of PCs through power analysis attacks on smartcards). Although only a few dozen pages are devoted to each topic, there are copious references for readers who need to learn more.
 
The third theme of the book is how the security engineering process can be managed. This includes topics ranging from cryptography policy, through the interaction of information security with economics, to what we can reasonably expect from evaluation and assurance.
 
The subject matter grew out of lectures in security given to students at Cambridge University, however,the material has been rewritten and expanded to be both self-contained and accessible to the working programmer or engineer. It can be used as a self-study guide, and read through from cover to cover; it can be used as a quick reference to particular applications or protection technologies; and it could also be used as a textbook. However, it is aimed at the professional, rather than the academic, market.
The revisions and updates from the [http://www.cl.cam.ac.uk/~rja14/musicfiles/manuscripts/SEv1.pdf first edition] include new pages on Vista, Xen, phishing, Google issues, declassified military doctrine, Skype, mobile fraud, music security issues, antitrust issues, and more.  
 
 
[http://media.wiley.com/product_data/excerpt/23/04700685/0470068523.pdf From the Introduction]
 
<blockquote>
Security engineering is about building systems to remain dependable in the face of malice, error, or mischance. As a discipline, it focuses on the tools, processes, and methods needed to design, implement, and test complete systems, and to adapt existing systems as their environment evolves. Security engineering requires cross-disciplinary expertise, ranging from cryptography and computer security through hardware tamper-resistance and formal methods to a knowledge of economics, applied psychology, organizations and the law. System engineering skills, from business process analysis through software engineering to evaluation and testing, are also important; but they are not sufficient, as they deal only with error and mischance rather than malice.
</blockquote>
<blockquote>
Many security systems have critical assurance requirements. Their failure may endanger human life and the environment (as with nuclear safety and control systems), do serious damage to major economic infrastructure (cash machines and other bank systems), endanger personal privacy (medical record systems), undermine the viability of whole business sectors (pay-TV), and facilitate crime (burglar and car alarms). Even the perception that a system is more vulnerable than it really is (paying with a credit card over the Internet) can significantly hold up economic development.
</blockquote>
<blockquote>
The conventional view is that while software engineering is about ensuring that certain things happen ('John can read this file'), security is about ensuring that they don't ('The Chinese government can't read this file'). Reality is much more complex. Security requirements differ greatly from one system to another. One typically needs some combination of user authentication, transaction integrity and accountability, fault-tolerance, message secrecy, and covertness. But many systems fail because their designers protect the wrong things, or protect the right things but in the wrong way.
</blockquote>
<blockquote>
Good security engineering requires four things to come together. There's policy: what you're supposed to achieve. There's mechanism: the ciphers, access controls, hardware tamper-resistance and other machinery that you assemble in order to implement the policy. There's assurance: the amount of reliance you can place on each particular mechanism. Finally, there's incentive: the motive that the people guarding and maintaining the system have to do their job properly, and also the motive that the attackers have to try to defeat your policy. All of these things interact.
</blockquote>


==Additional Notes and Highlights==
==Additional Notes and Highlights==


[http://www.cl.cam.ac.uk/~rja14/book/notes.html Author's Notes and Addenda to the Second Edition]
Expertise Required: Technology - Moderate; Cryptography - Moderate


Table of Contents with selected chapters available online:
Table of Contents with selected chapters available online:


  [http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-toc.pdf Table of Contents]   [http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-toc.pdf Preface to the Second Edition.]
  [http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-toc.pdf Table of Contents]
[http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-toc.pdf Preface to the Second Edition.]
   Foreword by Bruce Schneier.
   Foreword by Bruce Schneier.
   [http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-pref.pdf Preface.]
   [http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-pref.pdf Preface.]
Line 96: Line 124:
   [http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-index.pdf Index.]
   [http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-index.pdf Index.]


[http://www.cl.cam.ac.uk/~rja14/book/notes.html Author's Notes and Addenda to the Second Edition]


[http://www.cl.cam.ac.uk/~rja14/musicfiles/manuscripts/SEv1.pdf  Full PDF of the First Edition]
[http://www.cl.cam.ac.uk/~rja14/musicfiles/manuscripts/SEv1.pdf  The complete First Edition in PDF format]

Latest revision as of 10:03, 10 August 2010

Full Title of Reference

Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition

Full Citation

Ross J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems (2d ed. 2008)

BibTeX Google Books World Cat Amazon

Categorization

Key Words

Antivirus, Black Hat, Botnet, Computer Network Attack, Credit Card Fraud, Cyber Crime, Cyber Security as an Externality, Cyber Security as a Public Good, Cyber Warfare, DDoS Attack, Hackers, Honeypot, Identity Fraud/Theft, Internet Relay Chat (IRC), Internet Service Providers, Keylogger, Malware, Organized Crime, Password Weakness, Patching, Phishing, Shoulder Surfing, Social Engineering, Software Vulnerability, SPAM, Trojan, White Hat, Whitelist, Worm, Zero-Day Exploit

Synopsis

This book contains a comprehensive introduction to security engineering – the discipline of making systems resilient in the face of malice, error and mischance. The author provides the crucial do's and don'ts of creating high quality security software that works to prevent all manner of security breaches. Topics range from firewalls, through phone phreaking and copyright protection, to frauds against e-businesses. Anderson's book shows how to use a wide range of tools, from cryptology through smartcards to applied psychology.

A number of applications are described in some detail. These include the common electronic commerce protocols; copyright protection mechanisms (from pay-TV through DVD); the telephone system (including not just wireline phones but GSM and 3gpp); burglar alarms; medical record systems; banking systems (from automatic teller machines through branch bookkeeping to interbank money transfer); and a number of military systems (ranging from communications and logistics through electronic warfare). These are not just used to teach how tools such as cryptography should be applied, but a number of general system-level lessons – such as what makes systems vulnerable to service denial attacks, and how to manage the trade-off between false alarms and missed alarms.

The book also provides a reference to a number of attack and defence technologies. These include anonymity systems (from anonymous remailers through de-identified medical databases); biometrics; security printing and seals; tamper-resistant electronics; emission security (from Tempest protection of PCs through power analysis attacks on smartcards). Although only a few dozen pages are devoted to each topic, there are copious references for readers who need to learn more.

The third theme of the book is how the security engineering process can be managed. This includes topics ranging from cryptography policy, through the interaction of information security with economics, to what we can reasonably expect from evaluation and assurance.

The subject matter grew out of lectures in security given to students at Cambridge University, however,the material has been rewritten and expanded to be both self-contained and accessible to the working programmer or engineer. It can be used as a self-study guide, and read through from cover to cover; it can be used as a quick reference to particular applications or protection technologies; and it could also be used as a textbook. However, it is aimed at the professional, rather than the academic, market.

The revisions and updates from the first edition include new pages on Vista, Xen, phishing, Google issues, declassified military doctrine, Skype, mobile fraud, music security issues, antitrust issues, and more.


From the Introduction

Security engineering is about building systems to remain dependable in the face of malice, error, or mischance. As a discipline, it focuses on the tools, processes, and methods needed to design, implement, and test complete systems, and to adapt existing systems as their environment evolves. Security engineering requires cross-disciplinary expertise, ranging from cryptography and computer security through hardware tamper-resistance and formal methods to a knowledge of economics, applied psychology, organizations and the law. System engineering skills, from business process analysis through software engineering to evaluation and testing, are also important; but they are not sufficient, as they deal only with error and mischance rather than malice.

Many security systems have critical assurance requirements. Their failure may endanger human life and the environment (as with nuclear safety and control systems), do serious damage to major economic infrastructure (cash machines and other bank systems), endanger personal privacy (medical record systems), undermine the viability of whole business sectors (pay-TV), and facilitate crime (burglar and car alarms). Even the perception that a system is more vulnerable than it really is (paying with a credit card over the Internet) can significantly hold up economic development.

The conventional view is that while software engineering is about ensuring that certain things happen ('John can read this file'), security is about ensuring that they don't ('The Chinese government can't read this file'). Reality is much more complex. Security requirements differ greatly from one system to another. One typically needs some combination of user authentication, transaction integrity and accountability, fault-tolerance, message secrecy, and covertness. But many systems fail because their designers protect the wrong things, or protect the right things but in the wrong way.

Good security engineering requires four things to come together. There's policy: what you're supposed to achieve. There's mechanism: the ciphers, access controls, hardware tamper-resistance and other machinery that you assemble in order to implement the policy. There's assurance: the amount of reliance you can place on each particular mechanism. Finally, there's incentive: the motive that the people guarding and maintaining the system have to do their job properly, and also the motive that the attackers have to try to defeat your policy. All of these things interact.

Additional Notes and Highlights

Expertise Required: Technology - Moderate; Cryptography - Moderate

Table of Contents with selected chapters available online:

Table of Contents
Preface to the Second Edition.
  Foreword by Bruce Schneier.
  Preface.
  Acknowledgments.
  Part I.
    Chapter 1 What Is Security Engineering?
    Chapter 2 Usability and Psychology.
    Chapter 3 Protocols.
    Chapter 4 Access Control.
    Chapter 5 Cryptography.
    Chapter 6 Distributed Systems.
    Chapter 7 Economics.
  Part II.
    Chapter 8 Multilevel Security.
    Chapter 9 Multilateral Security.
    Chapter 10 Banking and Bookkeeping.
    Chapter 11 Physical Protection.
    Chapter 12 Monitoring and Metering.
    Chapter 13 Nuclear Command and Control.
    Chapter 14 Security Printing and Seals.
    Chapter 15 Biometrics.
    Chapter 16 Physical Tamper Resistance.
    Chapter 17 Emission Security.
    Chapter 18 API Attacks.
    Chapter 19 Electronic and Information Warfare.
    Chapter 20 Telecom System Security.
    Chapter 21 Network Attack and Defense.
    Chapter 22 Copyright and DRM.
    Chapter 23 The Bleeding Edge.
  Part III.
    Chapter 24 Terror, Justice and Freedom.
    Chapter 25 Managing the Development of Secure Systems.
    Chapter 26 System Evaluation and Assurance.
    Chapter 27 Conclusions.
  Bibliography.
  Index.

Author's Notes and Addenda to the Second Edition

The complete First Edition in PDF format