Ross Anderson - Security Engineering

Здесь есть возможность читать онлайн «Ross Anderson - Security Engineering» — ознакомительный отрывок электронной книги совершенно бесплатно, а после прочтения отрывка купить полную версию. В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Жанр: unrecognised, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.

Security Engineering: краткое содержание, описание и аннотация

Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «Security Engineering»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.

Now that there’s software in everything, how can you make anything
 secure? Understand how to engineer dependable systems with this newly updated classic 
In 
Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack. 
This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability. 
Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including: 
How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of Things Who the attackers are – from nation states and business competitors through criminal gangs to stalkers and playground bullies What they do – from phishing and carding through SIM swapping and software exploits to DDoS and fake news Security psychology, from privacy through ease-of-use to deception The economics of security and dependability – why companies build vulnerable systems and governments look the other way How dozens of industries went online – well or badly <l

Security Engineering — читать онлайн ознакомительный отрывок

Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «Security Engineering», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.

Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать

944 945

945 946

946 947

947 948

948 949

949 950

950 951

951 952

952 953

953 954

954 955

955 956

956 957

957 958

958 959

959 960

960 961

961 962

962 963

963 965

964 966

965 967

966 968

967 969

968 970

969 971

970 972

971 973

972 974

973 975

974 976

975 977

976 978

977 979

978 980

979 981

980 982

981 983

982 984

983 985

984 986

985 987

986 988

987 989

988 990

989 991

990 992

991 993

992 994

993 995

994 996

995 997

996 998

997 999

998 1000

999 1001

1000 1002

1001 1003

1002 1004

1003 1005

1004 1006

1005 1007

1006 1008

1007 1009

1008 1010

1009 1011

1010 1012

1011 1013

1012 1015

1013 1016

1014 1017

1015 1018

1016 1019

1017 1020

1018 1021

1019 1022

1020 1023

1021 1024

1022 1025

1023 1026

1024 1027

1025 1028

1026 1029

1027 1030

1028 1031

1029 1032

1030 1033

1031 1034

1032 1035

1033 1036

1034 1037

1035 1038

1036 1039

1037 1040

1038 1041

1039 1042

1040 1043

1041 1044

1042 1045

1043 1046

1044 1047

1045 1048

1046 1049

1047 1050

1048 1051

1049 1052

1050 1053

1051 1054

1052 1055

1053 1056

1054 1057

1055 1058

1056 1059

1057 1060

1058 1061

1059 1062

1060 1063

1061 1064

1062 1065

1063 1066

1064 1067

1065 1068

1066 1069

1067 1070

1068 1071

1069 1072

1070 1073

1071 1074

1072 1075

1073 1076

1074 1077

1075 1078

1076 1079

1077 1080

1078 1081

1079 1082

1080 1083

1081 1084

1082 1085

1083 1086

1084 1087

1085 1088

1086 1089

1087 1090

1088 1091

1089 1092

1090 1093

1091 1094

1092 1095

1093 1096

1094 1097

1095 1098

1096 1099

1097 1100

1098 1101

1099 1102

1100 1103

1101 1104

1102 1105

1103 1106

1104 1107

1105 1108

1106 1109

1107 1110

1108 1111

1109 1112

1110 1113

1111 1114

1112 1115

1113 1116

1114 1117

1115 1118

1116 1119

1117 1120

1118 1121

1119 1122

1120 1123

1121 1124

1122 1125

1123 1126

1124 1127

1125 1128

1126 1129

1127 1130

1128 1131

1129 1132

1130 1133

1131 1134

1132 1135

1133 1136

1134 1137

1135 1138

1136 1139

1137 1140

1138 1141

1139 1143

1140 1144

1141 1145

1142 1146

1143 1147

1144 1148

1145 1149

1146 1150

1147 1151

1148 1152

1149 1153

1150 1154

1151 1155

1152 1156

1153 1157

1154 1158

1155 1159

1156 1160

1157 1161

1158 1162

1159 1163

1160 1164

1161 1165

1162 1166

1163 1167

1164 1168

1165 1169

1166 1170

1167 1171

1168 1172

1169 1173

1170 1174

1171 1175

1172 1176

1173 1177

1174 1178

1175 1179

1176 1180

1177 1181

1178 1182

1179 iv

1180 v

1181 vii

1182 viii

1183 ix

1184 x

1185 xi

1186 1183

Security Engineering A Guide to Building Dependable Distributed Systems Third - фото 1

Security Engineering

A Guide to Building Dependable Distributed Systems

Third Edition

Ross Anderson

Preface to the Third Edition The first edition of Security Engineering was - фото 2

Preface to the Third Edition

The first edition of Security Engineering was published in 2001 and the second in 2008. Since then there have been huge changes.

The most obvious is that the smartphone has displaced the PC and laptop. Most of the world's population now walk around with a computer that's also a phone, a camera and a satnav; and the apps that run on these magic devices have displaced many of the things we were building ten years ago. Taxi rides are now charged by ride-hailing apps rather than by taxi meters. Banking has largely gone online, with phones starting to displace credit cards. Energy saving is no longer about your meter talking to your heating system but about both talking to your phone. Social networking has taken over many people's lives, driving everything from advertising to politics.

A related but less visible change is the move to large server farms. Sensitive data have moved from servers in schools, doctors' offices and law firms to cloud service providers. Many people no longer do their writing on word processing software on their laptop but on Google Docs or Office365 (I'm writing this book on Overleaf). This has consequences. Security breaches can happen at a scale no-one would have imagined twenty years ago. Compromises of tens of millions of passwords, or credit cards, have become almost routine. And in 2013, we discovered that fifteen years' worth of UK hospital medical records had been sold to 1200 organisations worldwide without the consent of the patients (who were still identifable via their postcodes and dates of birth).

A real game-changer of the last decade was the Snowden revelations, also in 2013, when over 50,000 Top Secret documents about the NSA's signals intelligence activities were leaked to the press. The scale and intrusiveness of government surveillance surprised even cynical security engineers. It followed on from Stuxnet, where America attacked Iran's nuclear weapons program using malware, and was followed by NotPetya, where a Russian cyberweapon, deployed against the Ukraine, inflicted hundreds of millions of dollars' worth of collateral damage on firms elsewhere. This brings us to the third big change, which is a much better understanding of nation-state security threats. In addition to understanding the capabilities and priorities of western intelligence agencies, we have a reasonably good idea of what the Chinese, the Russians and even the Syrians get up to.

And where the money is, the crooks follow too. The last decade has also seen the emergence of a cyber-crime ecosystem, with malware writers providing the tools to subvert millions of machines, many of which are used as criminal infrastructure while others are subverted in various ways into defrauding their users. We have a team at Cambridge that studies this, and so do dozens of other research groups worldwide. The rise of cybercrime is changing policing, and other state activity too: cryptocurrencies are not just making it easier to write ransomware, but undermining financial regulation. And then there are non-financial threats from cyber-bullying up through hate speech to election manipulation and videos of rape and murder.

So online harms now engage all sorts of people from teachers and the police to banks and the military. It is ever more important to measure the costs of these harms, and the effectiveness of the measures we deploy to mitigate them.

Some of the changes would have really surprised someone who read my book ten years ago and then spent a decade in solitary confinement. For example, the multilevel security industry is moribund, despite being the beneficiary of billions of dollars of US government funding over forty years; the Pentagon's entire information security philosophy – of mandating architectures to stop information flowing downward from Top Secret to Secret to Confidential to Unclassified – has been abandoned as unworkable. While architecture still matters, the emphasis has shifted to ecosystems. Given that bugs are ubiquitous and exploits inevitable, we had better be good at detecting exploits, fixing bugs and recovering from attacks. The game is no longer trusted systems but coordinated disclosure, DevSecOps and resilience.

Читать дальше
Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать

Похожие книги на «Security Engineering»

Представляем Вашему вниманию похожие книги на «Security Engineering» списком для выбора. Мы отобрали схожую по названию и смыслу литературу в надежде предоставить читателям больше вариантов отыскать новые, интересные, ещё непрочитанные произведения.


Отзывы о книге «Security Engineering»

Обсуждение, отзывы о книге «Security Engineering» и просто собственные мнения читателей. Оставьте ваши комментарии, напишите, что Вы думаете о произведении, его смысле или главных героях. Укажите что конкретно понравилось, а что нет, и почему Вы так считаете.

x