Security Engineering

cover

Reviews and Publicity Material

`If you're even thinking of doing any security engineering, you need to read this book' ... Bruce Schneier

August 2003 brought a very nice review in Information security Magazine: `Even after two years on the shelf, Security Engineering remains the most important security text published in the last several years.'

Here's the review that appeared in Slashdot, and scan of a review from PC Pro magazine.


Engineering Security

Niels Bjergstrom, Information Security Bulletin

I have to apologise to the readers up front for again presenting them with a must read work. In this case it is Ross Anderson's new book Security Engineering with the subtitle A Guide to Building Dependable Distributed Systems, in fact a very modest subtitle because this book does so much more than guiding the reader through the design of distributed systems. It is the most comprehensive and general definition and illustration of information security that I have ever seen in one place. This is a book that can teach you to look at the world through security glasses so to speak and that of course is a prerequisite for security engineering. It is also a good thing to be able to do if you need to evaluate security measures for quality and appropriateness.

The way Ross Anderson goes about this task is systematic and pedagogical. He has obviously been lecturing for many years and is both an excellent presenter and a person demonstrating a good understanding of learning curves. Both the book as a whole and the individual chapters have been constructed in such a way that the reader can give up at various points of complexity without losing the plot altogether and simply start at the beginning of the following chapter for a less deep education than if he read and understood everything but nevertheless gaining a comprehensive feel for the nature of security and how to tackle its implementation. This design also enables the book to be used either as a textbook or as a reference work. Very smart - many technical authors could learn something from observing how Ross goes about it.

I also like that each chapter ends with a discussion of possible research projects, literature recommendations and of course a summary. The only irritating thing is that there are too many stupid typos such as missing words, things which another read-through by the editor should have caught. An example: `...using the key in Figure 5.7, it enciphers to TB while rf enciphers to OB...' should be `...using the key in Figure 5.7, rd enciphers to TB while rf enciphers to OB...' It is fine to use typographic tricks for illustrative purposes but you must make sure they make it into print if you do. I'm certain many readers will find the chapter on cryptography difficult enough without errors. Well, next edition...

The book consists of three parts. The first is a quite basic intro to security concepts, protocols, human-to-computer interfaces, access control, cryptography and distributed systems. I think that perhaps Ross gets a little bit carried away in Chapter 5 on crypt - I mean, why is a proof for Fermats little theorem included? There are no other mathematical proofs anywhere. I also think that parts of this chapter could benefit from added verbosity or perhaps a few more illustrations. Whereas in this context it is not so important how crypt primitives function internally it is of course very important how they behave as system components. Just a suggestion - no real criticism.

In the second part of the book the author ingeniously uses a whole range of well-known systems incorporating security to illustrate both analytical methods and security engineering fundamentals. Using this pedagogical method, moving from the concrete and well-known to the abstract and general is good engineering practice. Almost every main section contains a subsection called What Goes Wrong in which the author analyses and presents architectural and design weaknesses in everything from ATMs to nuclear systems. I find this approach incredibly valuable, not only because it teaches good engineering methodology but also because it gives the author an opportunity to present a huge number of security problems at the implementation level in a context, from which they can be lifted, cross-referenced and placed in different contexts. This method, combined with the informed and intelligent analysis is what makes this book such a brilliant generator of understanding of security, the broad and full concept.

Also in this part of the book there is a clear line which is not only technological but which serves to place security concepts in organisational frameworks, another very strong point in favour of this work. This leads to the third part of the book, which in the words of the author deals with politics, management and assurance. Very good entertainment as well. The book ends with one of the best bibliographies that I have ever seen in the field.

Kudos to Ross Anderson for writing such a fantastic book - highly recommended reading!


Grok This Now!

Duncan Graham-Rowe, New Scientist, 16 June 2001, p 49

At a time when the Internet's emergency warning centre (CERT) can be brought down by online `denial of service' attacks, and when cheeky hackers out to improve their Net cred daily mount multiple assaults on the Pentagon, keeping abreast of Internet security is more important than ever.

Regardless of President Bush's plans for a National Missile Defence System, governments are fast realising that they are more vulnerable to foreign aggressors on the electronic front than almost anywhere else.

And with the growth of e-commerce and the slow but sure emergence of `mobile networks', the world is becoming one massive network. How do we stay connected without sacrificing security?

Network administrators should be forced to to have a copy of Ross Anderson's Security Engineering on their shelves. And anyone with the slightest interest in finding out just how vulnerable they are to one form of electronic infiltration or another must secure themselves a copy immediately. Read it fro cover to cover or use it as a reference - it is encyclopaedic in its coverage of electronic security issues.

Anderson covers computer security subjects that normally reside only in esoteric texts, from cryptography and biometrics to information warfare, nuclear command and e-policy. Ho skilfully uses anecdote and a minimum of jargon to guide the reader through the trickiest of subjects.


Review by Avi Rubin, AT&T Labs Research, on amazon.com

It is about time that this book has been written!

Ross Anderson has a unique perspective to offer. He explains complex information, such as the inner working of cryptographic functions, with a clear and precise manner, while at the same time always relating the content to the real world. He possess a rare combination of expertise in theory and experience in practice.

This book covers everything from security of ATM machines, to secure printing; from multi-level security to information warfare; from hardware security to e-commerce; from legal issues to intellectual property protection; from biometrics to tamper resistance. In short, Anderson's book basically covers the entire field of computer security. It is also refreshing that the book is as deep as it is broad.

I will use this book to teach and also to learn. It is a good read cover to cover, and I imagine it will make a fine textbook for many classes on computer security. Every chapter ends with suggestions for interesting research problems and further reading.

As I was reading this book, I kept asking myself how one person could have produced such a comprehensive and complete book. It is indeed a treasure.


Review by Chris Avram, Monash University, on amazon.com

The review copy of Security Engineering (still not finished reading) will soon take pride of place in my book case, next to Schneier's Applied Cryptography. I have now found a pair of books to suit my Master of Information Technology semester subject "Advances in Information Security". My students, many commercial data processing people with IT degrees, can take this book to work after class. It will help them answer competently many questions of the "how do they..." type.

This book is current. For example in relation to SET Anderson says "...is being allowed to expire quietly". Often conference, web and journal research fails to pick up the demise of an idea, research is swamped by the proposal. In my class I set research topics and get papers reporting what was to be, and rarely, what is. This book will replace most of my paper readings and, if I am not mindful, replace my role as skeptic before my class.

My pet topic traffic analysis gets a solid mention. Look, this book is comprehensive. There are 823 items in the bibliography. What would you expect from the foundation editor of Computer & Communications Security Abstracts.

The style is that of a self confident expert. There are many anecdotes of protocol failure with analysis.

I think it may be time to put book indexes online. I would love to see a search engine, returning key word in context with page references for this book. It is 612 pages long and I found the 18 page index insufficient. If my wishes came true, I would also have some discussion questions and exercises at the end of chapters. Each chapter has a summary, research problems and further readings, but no simple exercises.

The maths and BAN notation is kept to a minimum.

In summary, in my opinion, this book met three of its stated purposes, as a text, a reference and a significant contribution to the science (some might say art) of security engineering. It is a bit light on as an introduction to crypto, but good as an introduction to other fundamental security tools like tamper resistance, authentication, multilevel security and models.

I agree with Schneier who says in the foreword "It's the first, and only, end-to-end modern security design and engineering book ever written."

I will prescribe this book to my next class, and I strongly recommend it to you "dear reader".


clive-nospam-amazon@nsict.org from Cambridgeshire, UK, on amazon.co.uk

This book is superbly good - at once an introduction for those new to the field and an easy reference for experts. As would be expected of Ross Anderson, the book is full of well-chosen examples of real systems.

It is an important book; a lot of people should read it. There is malice in the world, and this must be taken into account when designing almost any system of any kind.

The most valuable perspective, for me, was seeing designs broken by shifting environmental assumptions. It's very educating to find that in many cases what previously looked like boneheaded stupidity was actually a valid decision that later turned sour.

As a minor caveat I did find numerous misprints in the book, some of which were material errors. Since the book is designed as an overview, the mistakes can easily be spotted once you turn to more detailed works on particular topics, however. Therefore the book is still easily worth the full five stars.


Inside-flap copy

`Many people are anxious about Internet security', says leading expert Ross Anderson, `and that's with just PCs and servers attached. But over the next few years a huge range of devices is going to come online. By 2003 there may well be more mobile phones on the net than PCs, and they will be followed by everything from fridges through burglar alarms to heart monitors. How will we manage the risks?'

Dense with anecdotes and war stories, readable, up to date and full of pointers to recent research, this book will be invaluable to you if you have to design systems to be resilient in the face of malice as well as error. Anderson provides the tools and techniques you'll need, discusses what's gone wrong in the past, and shows you how to get your design right the first time around.

You don't need to be a security expert to understand Anderson's truly accessible discussion of:


Author's comments

This is the book I wish had been around in the early 1980s when I started earning my living doing security engineering. Then, there were plenty books and research papers on theory, but little on the actual practice. Nowadays, the situation is still much the same. And just as bridge builders learn more from the one bridge that falls down than from the hundreds that don't, so security engineers can learn much more from studying how real systems have been built - and, especially, how they have failed. The real problems have to do with system-level concepts; they lie in understanding what your application's protection requirements really are, and how you can combine the available mechanisms intelligently to meet them.

This book distills the system know-how I've learnt in years as a banker, in more years as a security consultant, and in still more years as an academic. Putting it together has been fun. It's also been a valuable research exercise: there's no better way of finding out what you don't know than trying to write down what you do. With luck, this book will serve as a snapshot of what we know - and of what we don't - at the beginning of the twenty-first century.

I hope you have as much fun reading it as I had writing it!


Author's biography

Ross Anderson teaches and directs research in security, cryptography and software engineering at Cambridge University, England. He is recognised as one of the world's leading authorities on security engineering, and has published extensive studies on how real security systems fail - on bank card fraud, phone phreaking, pay-TV hacking, ways to cheat metering systems and breaches of medical privacy. His paper on the `Eternity Service' has been one of the inspirations for recent developments in peer-to-peer networking, such as gnutella and mojonation, while his writings on subjects such as Tempest and tamper-resistance have become standard references.

He graduated in mathematics and natural science in 1978, got a qualification in computer engineering, and worked with a number of systems from avionics to banking and from burglar alarms to vehicle monitoring systems. He moved to Cambridge University in 1992, earned a doctorate in computer security, and joined the faculty. He has consulted to a wide range of organizations, large and small, and been an expert witness in a number of the critical court cases that have influenced the development of the industry.


Publisher's description

This book contains a comprehensive introduction to security engineering - the discipline of making systems resilient in the face of malice, error and mischance. While there are good books on many of the tools that security engineers use - such as cryptography and computer access controls - this is the first book that teaches how to use these tools intelligently to protect a wide range of systems.

A number of applications are described in some detail. These include the common electronic commerce protocols; copyright protection mechanisms (from pay-TV through DVD); the telephone system (including not just wireline phones but GSM and 3gpp); burglar alarms; medical record systems; banking systems (from automatic teller machines through branch bookkeeping to interbank money transfer); and a number of military systems (ranging from communications and logistics through electronic warfare). These are not just used to teach how tools such as cryptography should be applied, but a number of general system-level lessons - such as what makes systems vulnerable to service denial attacks, and how to manage the trade-off between false alarms and missed alarms.

The book also provides a reference to a number of attack and defence technologies that are not covered well (or at all) in readily available books. These include anonymity systems (from anonymous remailers through de-identified medical databases); biometrics; security printing and seals; tamper-resistant electronics; emission security (from Tempest protection of PCs through power analysis attacks on smartcards). Although only a few dozen pages can be devoted to each topic, there are copious references for readers who need to learn more.

The third theme of the book is how the security engineering process can be managed. This includes topics ranging from cryptography policy, through the interaction of information security with economics, to what we can reasonably expect from evaluation and assurance.

Although it grew out of lectures in security given to students at Cambridge University, the material has been rewritten and expanded to be both self-contained and accessible to the working programmer or engineer. It can be used as a self-study guide, and read through from cover to cover; it can be used as a quick reference to particular applications or protection technologies; and it could also be used as a textbook. However, it is aimed solidly at the professional, rather than the academic, market.


Publisher's comments

Security engineering is about building systems to remain dependable in the face of malice, error or mischance. It requires cross-disciplinary expertise, ranging from cryptography and computer security to a knowledge of applied psychology, management and the law. Although there are good books on many of these disciplines, this book is the first to bring them together into a comprehensive guide to building complete systems. Written for the working programmer or engineer who needs to learn the subject quickly but has no time to do a PhD in it, the book brings the subject to life with detailed descriptions of automatic teller machines, burglar alarms, copyright protection mechanisms, de-identified medical record databases, electronic warfare systems, and other critical applications. It also covers a lot of technology for which there isn't any good introductory text, such as biometrics, tamper-resistant electronics and the tricks used in phone fraud.

Over the next few years, the Internet will grow to include all sorts of things besides PCs. By 2003, there will be more mobile phones connected than computers, and within a few years we'll see many of the world's fridges, heart monitors, bus ticket dispensers and burglar alarms talking IP. Things will be further complicated by the spread of peer-to-peer models of networking. Securing real applications in this sort of environment is one of the biggest engineering challenges of the next ten years. This book will help you to meet the challenge.

Return to the book's home page.