944 945
945 946
946 947
947 948
948 949
949 950
950 951
951 952
952 953
953 954
954 955
955 956
956 957
957 958
958 959
959 960
960 961
961 962
962 963
963 965
964 966
965 967
966 968
967 969
968 970
969 971
970 972
971 973
972 974
973 975
974 976
975 977
976 978
977 979
978 980
979 981
980 982
981 983
982 984
983 985
984 986
985 987
986 988
987 989
988 990
989 991
990 992
991 993
992 994
993 995
994 996
995 997
996 998
997 999
998 1000
999 1001
1000 1002
1001 1003
1002 1004
1003 1005
1004 1006
1005 1007
1006 1008
1007 1009
1008 1010
1009 1011
1010 1012
1011 1013
1012 1015
1013 1016
1014 1017
1015 1018
1016 1019
1017 1020
1018 1021
1019 1022
1020 1023
1021 1024
1022 1025
1023 1026
1024 1027
1025 1028
1026 1029
1027 1030
1028 1031
1029 1032
1030 1033
1031 1034
1032 1035
1033 1036
1034 1037
1035 1038
1036 1039
1037 1040
1038 1041
1039 1042
1040 1043
1041 1044
1042 1045
1043 1046
1044 1047
1045 1048
1046 1049
1047 1050
1048 1051
1049 1052
1050 1053
1051 1054
1052 1055
1053 1056
1054 1057
1055 1058
1056 1059
1057 1060
1058 1061
1059 1062
1060 1063
1061 1064
1062 1065
1063 1066
1064 1067
1065 1068
1066 1069
1067 1070
1068 1071
1069 1072
1070 1073
1071 1074
1072 1075
1073 1076
1074 1077
1075 1078
1076 1079
1077 1080
1078 1081
1079 1082
1080 1083
1081 1084
1082 1085
1083 1086
1084 1087
1085 1088
1086 1089
1087 1090
1088 1091
1089 1092
1090 1093
1091 1094
1092 1095
1093 1096
1094 1097
1095 1098
1096 1099
1097 1100
1098 1101
1099 1102
1100 1103
1101 1104
1102 1105
1103 1106
1104 1107
1105 1108
1106 1109
1107 1110
1108 1111
1109 1112
1110 1113
1111 1114
1112 1115
1113 1116
1114 1117
1115 1118
1116 1119
1117 1120
1118 1121
1119 1122
1120 1123
1121 1124
1122 1125
1123 1126
1124 1127
1125 1128
1126 1129
1127 1130
1128 1131
1129 1132
1130 1133
1131 1134
1132 1135
1133 1136
1134 1137
1135 1138
1136 1139
1137 1140
1138 1141
1139 1143
1140 1144
1141 1145
1142 1146
1143 1147
1144 1148
1145 1149
1146 1150
1147 1151
1148 1152
1149 1153
1150 1154
1151 1155
1152 1156
1153 1157
1154 1158
1155 1159
1156 1160
1157 1161
1158 1162
1159 1163
1160 1164
1161 1165
1162 1166
1163 1167
1164 1168
1165 1169
1166 1170
1167 1171
1168 1172
1169 1173
1170 1174
1171 1175
1172 1176
1173 1177
1174 1178
1175 1179
1176 1180
1177 1181
1178 1182
1179 iv
1180 v
1181 vii
1182 viii
1183 ix
1184 x
1185 xi
1186 1183

Security Engineering
A Guide to Building Dependable Distributed Systems
Third Edition
Ross Anderson

Preface to the Third Edition
The first edition of Security Engineering was published in 2001 and the second in 2008. Since then there have been huge changes.
The most obvious is that the smartphone has displaced the PC and laptop. Most of the world's population now walk around with a computer that's also a phone, a camera and a satnav; and the apps that run on these magic devices have displaced many of the things we were building ten years ago. Taxi rides are now charged by ride-hailing apps rather than by taxi meters. Banking has largely gone online, with phones starting to displace credit cards. Energy saving is no longer about your meter talking to your heating system but about both talking to your phone. Social networking has taken over many people's lives, driving everything from advertising to politics.
A related but less visible change is the move to large server farms. Sensitive data have moved from servers in schools, doctors' offices and law firms to cloud service providers. Many people no longer do their writing on word processing software on their laptop but on Google Docs or Office365 (I'm writing this book on Overleaf). This has consequences. Security breaches can happen at a scale no-one would have imagined twenty years ago. Compromises of tens of millions of passwords, or credit cards, have become almost routine. And in 2013, we discovered that fifteen years' worth of UK hospital medical records had been sold to 1200 organisations worldwide without the consent of the patients (who were still identifable via their postcodes and dates of birth).
A real game-changer of the last decade was the Snowden revelations, also in 2013, when over 50,000 Top Secret documents about the NSA's signals intelligence activities were leaked to the press. The scale and intrusiveness of government surveillance surprised even cynical security engineers. It followed on from Stuxnet, where America attacked Iran's nuclear weapons program using malware, and was followed by NotPetya, where a Russian cyberweapon, deployed against the Ukraine, inflicted hundreds of millions of dollars' worth of collateral damage on firms elsewhere. This brings us to the third big change, which is a much better understanding of nation-state security threats. In addition to understanding the capabilities and priorities of western intelligence agencies, we have a reasonably good idea of what the Chinese, the Russians and even the Syrians get up to.
And where the money is, the crooks follow too. The last decade has also seen the emergence of a cyber-crime ecosystem, with malware writers providing the tools to subvert millions of machines, many of which are used as criminal infrastructure while others are subverted in various ways into defrauding their users. We have a team at Cambridge that studies this, and so do dozens of other research groups worldwide. The rise of cybercrime is changing policing, and other state activity too: cryptocurrencies are not just making it easier to write ransomware, but undermining financial regulation. And then there are non-financial threats from cyber-bullying up through hate speech to election manipulation and videos of rape and murder.
So online harms now engage all sorts of people from teachers and the police to banks and the military. It is ever more important to measure the costs of these harms, and the effectiveness of the measures we deploy to mitigate them.
Some of the changes would have really surprised someone who read my book ten years ago and then spent a decade in solitary confinement. For example, the multilevel security industry is moribund, despite being the beneficiary of billions of dollars of US government funding over forty years; the Pentagon's entire information security philosophy – of mandating architectures to stop information flowing downward from Top Secret to Secret to Confidential to Unclassified – has been abandoned as unworkable. While architecture still matters, the emphasis has shifted to ecosystems. Given that bugs are ubiquitous and exploits inevitable, we had better be good at detecting exploits, fixing bugs and recovering from attacks. The game is no longer trusted systems but coordinated disclosure, DevSecOps and resilience.
Читать дальше