Security Engineering - The Book

Also available in Chinese and Japanese

If you've already bought my book, you should look occasionally at the errata. There is a top-level errata page here, and since 21 May 2004 there are now additional, more detailed, pages of errata and new material for part 1, part 2, and part 3. I will update these from time to time.

There are many books on security tools, such as cryptology, access controls and intrusion detection systems, but so far there has been almost nothing on how to use them in real systems. As a result, most security systems don't fail because the protection mechanisms were weak, but because they weren't used right. Dealing with such failures has frustrated me so much, and for so many years, that I finally wrote a book.

`Security Engineering - a Guide to Building Dependable Distributed Systems' goes down into the details of applications such as automatic teller machines, burglar alarms, copyright protection mechanisms, de-identified medical record databases and electronic warfare systems. It also covers a lot of technology for which there isn't any good introductory text, such as biometrics, emission security, tamper-resistant electronics and the tricks used in phone fraud. These real-world examples not only let me explain when certain types of cipher or auditing mechanism should or shouldn't be used; they also bring out a lot of system-level engineering issues, such as false alarm rates, protection versus resilience, naming, security usability, reliability, and assurance.

Although the book grew out of notes for security courses I teach at Cambridge, I've rewritten the material to ensure it's accessible to the working programmer, and added lots of case histories and practical advice drawn from fifteen years' experience as an information security consultant. Check out the following:

Here is the foreword, written by Bruce Schneier.
Here is the table of contents.
Here is a sample chapter (chapter 10) on the protection of burglar alarms and other monitoring systems.
Here is another sample chapter (chapter 18) on network attack and defense.
You can read chapter 1 and part of chapter 2 as excerpts on Amazon (though the graphics quality here has been deliberately downgraded).
Here is the bibliography.

The first three items are from the raw version of the book, as I sent it off to the publishers; chapter 18 and the bibliography are from the published version, which has been copyedited but not had its content change significantly. (The bibliography numbering changed though.) The last two are excerpts that appeared in unixreview.com.

Here are the reviews and the publicity material.

What is Security Engineering?

Security engineering is about building systems to remain dependable in the face of malice, error or mischance. As a discipline, it focuses on the tools, processes and methods needed to design, implement and test complete systems, and to adapt existing systems as their environment evolves.

It requires cross-disciplinary expertise, ranging from cryptography and computer security, through hardware tamper-resistance and formal methods, to a knowledge of applied psychology, organizational methods, audit and the law. System engineering skills - from business process analysis through software engineering to evaluation and testing - are also important, but they are not sufficient. They only deal with error and mischance rather than with malice.

Why is Security Engineering Important?

For generations, people have defined and protected their property and their privacy using locks, fences, signatures, seals, account books, and meters. These have been supported by a whole host of social constructs ranging from international treaties through national laws to manners and customs.

This is changing, and quickly. Most records are now electronic, from bank accounts to registers of company shares and real property; and transactions are increasingly electronic, as shopping moves to the Internet. Just as important, but less obvious, are the many everyday systems that have been quietly automated. Burglar alarms no longer wake up the neighborhood but send silent messages to the police; students no longer fill their dormitory washers and dryers with coins but credit them using a smartcard they recharge at the college bookstore; locks are no longer simple mechanical affairs but are operated by electronic remote controls or swipe cards; and instead of renting videocassettes, millions of people get their movies from satellite or cable channels. Even the humble banknote is no longer just ink on paper, but may use tricks such as digital watermarks to enable many forgeries to be detected by machine.

How good is all this new security technology? Unfortunately, the honest answer is `nowhere near as good as it should be'. New systems are often rapidly broken, and the same elementary mistakes are repeated in one application after another. It often takes four or five attempts to get a security design right, and that is far too much.

A common view of the Internet divides its history into three waves, the first being centered around mainframes and terminals, and the second (from about 1992 until now) on PCs, browsers, and a GUI. The third wave, starting now, will see the connection of all sorts of devices that are currently in proprietary networks, standalone, and non-computerized. By 2003, there will be more mobile phones connected to the Internet than computers. Within a few years we will see many of the world's fridges, heart monitors, bus ticket dispensers, burglar alarms, and electricity meters talking IP. By 2010, `ubiquitous computing' will be part of our lives. This is the world for which I've written my book. We already have a number of the component technologies required to make ubiquitous computing dependable; the last twenty years have seen much work on the theoretical aspects of computer security and cryptology. But there has been much less on the practice. Many insecure systems are built, and the resulting safety, privacy and crime prevention problems (both real and perceived) are a significant impediment to building the `electronic society'. Once communicating embedded systems become both ubiquitous and critical, we will simply have to do better.

Why do We Need Another Book on Security Engineering?

I don't know of any existing textbook that's adequate. Although there are good books some of the component technologies, such as cryptography, and adequate textbooks on some others, there is no good introduction to the discipline as a whole, and large sections of it are completely uncovered. For example, much of the research in computer security focuses on information flow controls, yet there isn't any introduction to it that's both comprehensive and accessible to a working programmer. (In fact, even bright graduate students have a hard time finding their way into the subject.) For technologies such as Tempest, for attacks on smartcards, for how cash machines work, for the vulnerabilties of seals, for the interaction between computer security and economics - and for many other important topics - there are at most a few research publications, often in conference proceedings that are out of print.

Even where solid textbooks exist, they often use too much mathematics and too few examples. They can be very valuable to a graduate student working under the guidance of a professor who can provide the motivation and describe the big picture, but for poor old Dilbert - or any working programmer or engineer who suddenly needs to learn a lot about security engineering, and quickly - they are too heavy going. (In fact, even I find many of them to be rather turgid.)

My book is based on industrial consulting I've done over the last fifteen years, the lessons from which are written up in a number of papers on my home page; on lecture notes I've developed over five years at Cambridge to teach courses for our students; and on training I've done for all sorts of clients from consulting firms through medics, and in a number of countries round the world. So the material has been piloted all the way from the research lab to the classroon to the server room. I hope you find it useful!

How can I get my hands on a copy?

The best deal may depend on where you are, what else you're buying and whether you're in a hurry. The largest sales outlet overall since publication has been Amazon.com, who sometimes give quite big discounts (try clicking on the book's title from that link). Even if they don't, using them may make sense if you're buying other stuff from them and can amortize the shipping cost. If you're in Europe, the Middle East or Africa, try Amazon.co.uk which is offering over twelve pounds off. The cheapest in the USA may be Bookpool, which offers eight dollars off, but seems to have the highest shipping costs of any online bookseller.

In the UK, Student Book World gives almost ten pounds off; if you're in a hurry, PC BookShops offer free same-day delivery by courier in London, and next-day delivery throughout the UK. Barnes and Noble offers same-day delivery in Manhattan, plus three dollars off if you're in their club; while in Germany, Amazon.de will do free shipping. If you're in Oregon, or not in a hurry, look at Powells - they are in Portland, and also offer free shipment within the USA (albeit by fourth-class post).

Availability and discounts vary continually - even Amazon were out of stock for most of the first month the book was on sale. For up-to-date data on stock and discounts, you can try BestBookBuys.

Return to Ross Anderson's home page