Ross Anderson - Security Engineering

Здесь есть возможность читать онлайн «Ross Anderson - Security Engineering» — ознакомительный отрывок электронной книги совершенно бесплатно, а после прочтения отрывка купить полную версию. В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Жанр: unrecognised, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.

Security Engineering: краткое содержание, описание и аннотация

Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «Security Engineering»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.

Now that there’s software in everything, how can you make anything
 secure? Understand how to engineer dependable systems with this newly updated classic 
In 
Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack. 
This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability. 
Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including: 
How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of Things Who the attackers are – from nation states and business competitors through criminal gangs to stalkers and playground bullies What they do – from phishing and carding through SIM swapping and software exploits to DDoS and fake news Security psychology, from privacy through ease-of-use to deception The economics of security and dependability – why companies build vulnerable systems and governments look the other way How dozens of industries went online – well or badly <l

Security Engineering — читать онлайн ознакомительный отрывок

Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «Security Engineering», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.

Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать

Table of Contents

1 Cover

2 Title Page

3 Preface to the Third Edition

4 Preface to the Second Edition

5 Preface to the First Edition

6 For my daughter, and other lawyers…

7 Foreword

8 PART I CHAPTER 1: What Is Security Engineering? 1.1 Introduction 1.2 A framework 1.3 Example 1 – a bank 1.4 Example 2 – a military base 1.5 Example 3 – a hospital 1.6 Example 4 – the home 1.7 Definitions 1.8 Summary Note CHAPTER 2: Who Is the Opponent? 2.1 Introduction 2.2 Spies 2.3 Crooks 2.4 Geeks 2.5 The swamp 2.6 Summary Research problems Further reading Notes CHAPTER 3: Psychology and Usability 3.1 Introduction 3.2 Insights from psychology research 3.3 Deception in practice 3.4 Passwords 3.5 CAPTCHAs 3.6 Summary Research problems Further reading Notes CHAPTER 4: Protocols 4.1 Introduction 4.2 Password eavesdropping risks 4.3 Who goes there? – simple authentication 4.4 Manipulating the message 4.5 Changing the environment 4.6 Chosen protocol attacks 4.7 Managing encryption keys 4.8 Design assurance 4.9 Summary Research problems Further reading Notes CHAPTER 5: Cryptography 5.1 Introduction 5.2 Historical background 5.3 Security models 5.4 Symmetric crypto algorithms 5.5 Modes of operation 5.6 Hash functions 5.7 Asymmetric crypto primitives 5.8 Summary Research problems Further reading Notes CHAPTER 6: Access Control 6.1 Introduction 6.2 Operating system access controls 6.3 Hardware protection 6.4 What goes wrong 6.5 Summary Research problems Further reading Notes CHAPTER 7: Distributed Systems 7.1 Introduction 7.2 Concurrency 7.3 Fault tolerance and failure recovery 7.4 Naming 7.5 Summary Research problems Further reading Notes CHAPTER 8: Economics 8.1 Introduction 8.2 Classical economics 8.3 Information economics 8.4 Game theory 8.5 Auction theory 8.6 The economics of security and dependability 8.7 Summary Research problems Further reading Notes

9 PART II CHAPTER 9: Multilevel Security 9.1 Introduction 9.2 What is a security policy model? 9.3 Multilevel security policy 9.4 Historical examples of MLS systems 9.5 MAC: from MLS to IFC and integrity 9.6 What goes wrong 9.7 Summary Research problems Further reading Notes CHAPTER 10: Boundaries 10.1 Introduction 10.2 Compartmentation and the lattice model 10.3 Privacy for tigers 10.4 Health record privacy 10.5 Summary Research problems Further reading Notes CHAPTER 11: Inference Control 11.1 Introduction 11.2 The early history of inference control 11.3 Differential privacy 11.4 Mind the gap? 11.5 Summary Research problems Further reading Notes CHAPTER 12: Banking and Bookkeeping 12.1 Introduction 12.2 Bookkeeping systems 12.3 Interbank payment systems 12.4 Automatic teller machines 12.5 Credit cards 12.6 EMV payment cards 12.7 Online banking 12.8 Nonbank payments 12.9 Summary Research problems Further reading Notes CHAPTER 13: Locks and Alarms 13.1 Introduction 13.2 Threats and barriers 13.3 Alarms 13.4 Summary Research problems Further reading Notes CHAPTER 14: Monitoring and Metering 14.1 Introduction 14.2 Prepayment tokens 14.3 Taxi meters, tachographs and truck speed limiters 14.4 Curfew tags: GPS as policeman 14.5 Postage meters 14.6 Summary Research problems Further reading Notes CHAPTER 15: Nuclear Command and Control 15.1 Introduction 15.2 The evolution of command and control 15.3 Unconditionally secure authentication 15.4 Shared control schemes 15.5 Tamper resistance and PALs 15.6 Treaty verification 15.7 What goes wrong 15.8 Secrecy or openness? 15.9 Summary Research problems Further reading Notes CHAPTER 16: Security Printing and Seals 16.1 Introduction 16.2 History 16.3 Security printing 16.4 Packaging and seals 16.5 Systemic vulnerabilities 16.6 Evaluation methodology 16.7 Summary Research problems Further reading CHAPTER 17: Biometrics 17.1 Introduction 17.2 Handwritten signatures 17.3 Face recognition 17.4 Fingerprints 17.5 Iris codes 17.6 Voice recognition and morphing 17.7 Other systems 17.8 What goes wrong 17.9 Summary Research problems Further reading Notes CHAPTER 18: Tamper Resistance 18.1 Introduction 18.2 History 18.3 Hardware security modules 18.4 Evaluation 18.5 Smartcards and other security chips 18.6 The residual risk 18.7 So what should one protect? 18.8 Summary Research problems Further reading Notes CHAPTER 19: Side Channels 19.1 Introduction 19.2 Emission security 19.3 Passive attacks 19.4 Attacks between and within computers 19.5 Environmental side channels 19.6 Social side channels 19.7 Summary Research problems Further reading CHAPTER 20: Advanced Cryptographic Engineering 20.1 Introduction 20.2 Full-disk encryption 20.3 Signal 20.4 Tor 20.5 HSMs 20.6 Enclaves 20.7 Blockchains 20.8 Crypto dreams that failed 20.9 Summary Research problems Further reading Notes CHAPTER 21: Network Attack and Defence 21.1 Introduction 21.2 Network protocols and service denial 21.3 The malware menagerie – Trojans, worms and RATs 21.4 Defense against network attack 21.5 Cryptography: the ragged boundary 21.6 CAs and PKI 21.7 Topology 21.8 Summary Research problems Further reading Notes CHAPTER 22: Phones 22.1 Introduction 22.2 Attacks on phone networks 22.3 Going mobile 22.4 Platform security 22.5 Summary Research problems Further reading Notes CHAPTER 23: Electronic and Information Warfare 23.1 Introduction 23.2 Basics 23.3 Communications systems 23.4 Surveillance and target acquisition 23.5 IFF systems 23.6 Improvised explosive devices 23.7 Directed energy weapons 23.8 Information warfare 23.9 Summary Research problems Further reading Note CHAPTER 24: Copyright and DRM 24.1 Introduction 24.2 Copyright 24.3 DRM on general-purpose computers 24.4 Information hiding 24.5 Policy 24.6 Accessory control 24.7 Summary Research problems Further reading Notes CHAPTER 25: New Directions? 25.1 Introduction 25.2 Autonomous and remotely-piloted vehicles 25.3 AI / ML 25.4 PETS and operational security 25.5 Elections 25.6 Summary Research problems Further reading Notes

10 PART III CHAPTER 26: Surveillance or Privacy? 26.1 Introduction 26.2 Surveillance 26.3 Terrorism 26.4 Censorship 26.5 Forensics and rules of evidence 26.6 Privacy and data protection 26.7 Freedom of information 26.8 Summary Research problems Further reading Notes CHAPTER 27: Secure Systems Development 27.1 Introduction 27.2 Risk management 27.3 Lessons from safety-critical systems 27.4 Prioritising protection goals 27.5 Methodology 27.6 Managing the team 27.7 Summary Research problems Further reading Notes CHAPTER 28: Assurance and Sustainability 28.1 Introduction 28.2 Evaluation 28.3 Metrics and dynamics of dependability 28.4 The entanglement of safety and security 28.5 Sustainability 28.6 Summary Research problems Further reading Notes CHAPTER 29: Beyond “Computer Says No”

11 Bibliography

12 Index

13 End User License Agreement

List of Illustrations

1 Chapter 1 Figure 1.1: – Security Engineering Analysis Framework

2 Chapter 2 Figure 2.1: Muscular – the slide

3 Chapter 4 Figure 4.1: Password generator use Figure 4.2: The MIG-in-the middle attack Figure 4.3: The Mafia-in-the-middle attack

4 Chapter 5 Figure 5.1: Monoalphabetic substitution cipher Figure 5.9: The random oracle Figure 5.10: A simple 16-bit SP-network block cipher Figure 5.11: The AES linear transformation, illustrated by its effect on byt... Figure 5.12: The Feistel cipher structure Figure 5.13: The DES round function Figure 5.14: The Linux penguin, in clear and ECB encrypted (from Wikipedia, ... Figure 5.15: Cipher Block Chaining (CBC) mode Figure 5.16: Feedforward mode (hash function)

5 Chapter 6 Figure 6.5: Stack smashing attack

6 Chapter 8Figure 8.1: The market for apartments

7 Chapter 9Figure 9.1: typical corporate policy languageFigure 9.3: The NRL pumpFigure 9.4: Insecure composition of secure systems with feedbackFigure 9.5: The cascade problem

8 Chapter 10Figure 10.3: A lattice of security labels

Читать дальше
Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать

Похожие книги на «Security Engineering»

Представляем Вашему вниманию похожие книги на «Security Engineering» списком для выбора. Мы отобрали схожую по названию и смыслу литературу в надежде предоставить читателям больше вариантов отыскать новые, интересные, ещё непрочитанные произведения.


Отзывы о книге «Security Engineering»

Обсуждение, отзывы о книге «Security Engineering» и просто собственные мнения читателей. Оставьте ваши комментарии, напишите, что Вы думаете о произведении, его смысле или главных героях. Укажите что конкретно понравилось, а что нет, и почему Вы так считаете.

x