Security Engineering — The Book

‘There is an extraordinary textbook written by Ross Anderson, professor of computer security at University of Cambridge. It’s called Security Engineering, and despite being more than 1,000 pages long, it’s one of the most readable pop-science slogs of the decade.’
Ben Goldacre

‘I'm incredibly impressed that one person could produce such a thorough coverage. Moreover, you make the stuff easy and enjoyable to read. I find it just as entertaining — and far more useful — than novels (and my normal science fiction). When I first got it in the mail, I said to myself "I'm never going to read all of that." But once I started reading I just kept going and going. Fantastic: well done. Now, let's hope that all those in charge of security for information technology will also read the book and heed the lessons.’
Don Norman

‘The book that you MUST READ RIGHT NOW is the second edition of Ross Anderson's Security Engineering book. Ross did a complete pass on his classic tome and somehow made it even better...’
Gary McGraw

‘It's beautiful. This is the best book on the topic there is’
Bruce Schneier

All chapters from the second edition now available free online!

Table of contents

Preface

Acknowledgements

Chapter 1: What is Security Engineering?

Chapter 2: Usability and Psychology

Chapter 3: Protocols

Chapter 4: Access Control

Chapter 5: Cryptography

Chapter 6: Distributed Systems

Chapter 7: Economics

Chapter 8: Multilevel Security

Chapter 9: Multilateral Security

Chapter 10: Banking and Bookkeeping

Chapter 11: Physical Protection

Chapter 12: Monitoring and Metering

Chapter 13: Nuclear Command and Control

Chapter 14: Security Printing and Seals

Chapter 15: Biometrics

Chapter 16: Physical Tamper Resistance

Chapter 17: Emission Security

Chapter 18: API Security

Chapter 19: Electronic and Information Warfare

Chapter 20: Telecom System Security

Chapter 21: Network Attack and Defence

Chapter 22: Copyright and DRM

Chapter 23: The Bleeding Edge

Chapter 24: Terror, Justice and Freedom

Chapter 25: Managing the Development of Secure Systems

Chapter 26: System Evaluation and Assurance

Chapter 27: Conclusions

Bibliography

Index

When I wrote the first edition, we put the chapters online free after four years and found that this boosted sales of the paper edition. People would find a useful chapter online and then buy the book to have it as a reference. Wiley and I agreed to do the same with the second edition, and now, four years after publication, I am putting all the chapters online for free. Enjoy them – and I hope you'll buy the paper version to sit on your shelf and impress the boss (as well as warding off the evil eye):

Buy from Amazon.com

Buy from Wiley

Buy from Amazon.co.uk (Kindle version)

Here are the errata for the second edition, and here's a page of notes and links concerning relevant topics that I've come across since publication.

Supplementary materials: If you're a college professor thinking of using my book in class, note that we use my book in three courses at Cambridge:

the first part in second-year Introduction to Security (course material and past exam questions)
the second in third-year Security (course material and questions), and
the third part in our second-year Software Engineering (course, questions and still more questions).

I hope you find these useful. You're welcome to use and adapt any of my slides if you wish under this Creative Commons license. Also, if you're an instructor at an accredited institution, you can request an evaluation copy via Wiley's website.

The first edition (2001)

You can also download all of the first edition for free:

The foreword, preface and other front matter

What is Security Engineering?

Multilateral Security

Banking and Bookkeeping

Monitoring Systems

Nuclear Command and Control

Security Printing and Seals

Biometrics

Physical Tamper Resistance

Emission Security

Electronic and Information Warfare

Telecom System Security

Network Attack and Defense

Protecting E-Commerce Systems

E-Policy

Management Issues

System Evaluation and Assurance

Conclusions

Bibliography

Finally, here's a single pdf of the whole book. It's 17Mb, but a number of people asked me for it.

My goal in making the first edition freely available five years after publication was twofold. First, I wanted to reach the widest possible audience, especially among poor students. Second, I am a pragmatic libertarian on free culture and free software issues; I think that many publishers (especially of music and software) are too defensive of copyright. (My colleague David MacKay found that putting his book on coding theory online actually helped its sales. Book publishers are getting the message faster than the music or software folks.) I expect to put the whole second edition online too in a few years.

If you own the first edition of my book, I hope you liked it enough to upgrade to the second edition. I also have online errata for the first edition here.

Following enquiries from blind students, Jose C. Lacal has contributed these MP3 files of the first edition: preface, chapter 1, chapter 2, chapter 3, chapter 4, chapter 6, and chapter 7.

Where to buy the second edition

Amazon.com
Buy from Wiley
Amazon.co.uk
BestBookBuys (for secondhand)

There are reviews of the first edition, which was translated into Japanese, Chinese and Polish.

Return to Ross Anderson's home page