[from Risks] Book: Security Engineering, Ross Anderson

Jeff.Hodges at kingsmountain.com Jeff.Hodges at kingsmountain.com
Fri Apr 6 12:09:49 EDT 2001

[risks] Risks Digest 21.31

Date: Thu, 29 Mar 2001 16:12:17 PST
From: "Peter G. Neumann" <neumann at csl.sri.com>
Subject: Book: Security Engineering, Ross Anderson

Ross Anderson
Security Engineering: A Guide to Building Dependable Distributed Systems
John Wiley & Sons
March 2001
xxviii+612 pp.
ISBN 0-471-38922-6

This book is an enormous undertaking.  The chapter titles suggest the
breadth of coverage.

Part 1 (basic concepts)
 1. What is security engineering
 2. Protocols
 3. Passwords
 4. Access controls
 5. Cryptography
 6. Distributed systems

Part 2 (important applications)
 7, Multilevel security
 8. Multilateral security
 9. Banking and bookkeeping
10. Monitoring systems
11. Nuclear command and control
12. Security printing and seals
13. Biometrics
14. Physical tamper resistance
15. Emission security
16. Electronic and information warfare
17. Telcom system security
18. Network attack and defense
19. Protecting e-commerce systems
20. Copyright and privacy protection

Part 3 (organizational and policy issues)
21. E-policy
22. Management issues
23. System evaluation and assurance
24. Conclusions

Although there are other books that delve into greater detail on specific
topics, this book should be extremely useful to many people who need the
overall system perspective that Ross provides.

Ross's preface concludes with this sentence:

  "I believe that building systems that continue to perform robustly
  in the face of malice is one of the most important, interesting, 
  and difficult tasks facing engineers in the twenty-first century."

I could not agree more, although I would add that building systems to
perform robustly in the face of arbitrary adversities (accommodating power
and communication losses, rodents, bad software engineering, user errors,
etc. -- that is, not merely accounting for malice) is even more challenging.
Many systems in common use tend to fall apart all by themselves -- without
any malice!


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list