REVIEW: "Security Engineering", Ross Anderson

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Oct 27, 2008.

  1. BKSECENG.RVW 20080929

    "Security Engineering", Ross Anderson, 2008, 978-0-470-06852-6,
    %A Ross Anderson
    %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
    %D 2001
    %G 978-0-470-06852-6 0-470-06852-3
    %I John Wiley & Sons, Inc.
    %O U$70.00 416-236-4433 fax: 416-236-4448
    %O Audience i+ Tech 3 Writing 2 (see revfaq.htm for explanation)
    %P 1040 p.
    %T "Security Engineering: A Guide to Building Dependable Distributed
    Systems, Second Edition"

    Anything written by Gene Spafford is important. Anything written by
    Bruce Schneier is readable, and, even if you disagree with it, worth
    thinking about. Anything written by Ross Anderson is important,
    readable, worth considering, and correct.

    The preface states that this book is intended as a text for self-study
    or for a one term course, a reference for professionals, an
    introduction to the underlying concepts, and an original scientific
    contribution in terms of the foundational principles for security
    engineering. In addition, the preface to the second edition notes
    that these concepts now need to be understood by legal investigators,
    managers, and, in the wake of 9/11, everyone. A very tall order to
    fulfill, but one which, for once, seems to have been accomplished. I
    have often been asked, in regard to these reviews, whether there are,
    in fact, any books that I do like. Well, I like this one. If you are
    involved with security and you haven't read "Security Engineering,"
    you should. And you have no excuse if you haven't. This is the
    second edition to be printed, and the first edition is available
    online, in its entirety.

    (And, if the first edition is available online for free, why should
    you buy the second? Because the second edition has more, in almost
    every respect.)

    Part one deals with the basic concepts of engineering and security.
    Chapter one presents four example situations of security needs.
    Protocols are not limited to the precise but limited structures with
    which computer people are familiar. Security is a people problem, and
    chapter two, entitled "Usability and Psychology," addresses this issue
    up front, along with a set of more conceptual, but more formal,
    authentication problems and protocols. It is unlikely that the models
    presented exhaust the field, but some thought indicates that they are
    pertinent to a wide variety of applications. Much the usual thoughts
    and advice on passwords is issued in chapter three, although the
    research is better documented, and some additional research
    (passphrase generated passwords are as secure as randomly assigned
    ones, and as memorable as naively chosen ones) is presented.
    (Anderson's writing is clear enough, but he does betray a taste for
    symbolic logic that might limit the audience for the book. Still,
    perserverence on the part of the reader will be amply rewarded.) It
    is strange not to see any mention of the work factor of passwords
    overall. Chapter four reviews access control, but primarily from the
    perspective of system and hardware internals. Cryptography, in
    chapter five, is covered reliably and well, although the structure and
    flow of the material is not always in developmental order. The
    problems of distributed systems are examined; in terms of concurrency,
    failure resistance, and naming; in chapter six. Economics can be used
    to examine a great many aspects of security (and insecurity). Chapter
    seven looks at a number, but I was disappointed to note that risk
    analysis was not one of them.

    Part two uses a number of applications of secure systems to introduce
    particular concepts or technologies. Chapter eight discusses
    multilevel security, which encompasses most of the formal security
    models such as Bell-LaPadula. Medical (and census) databases are
    used, in chapter nine, as examples of multilateral, or compartmented,
    security: the need to deal with information of equal sensitivity, but
    restricted to different groups. Controls particularly related to the
    banking system and fraud are presented in chapter ten, although the
    material is long on anecdotes, and contains weaker analysis than the
    preceding text. A somewhat limited, but still interesting, review of
    physical security has been added in chapter eleven. Chapter twelve
    reviews monitoring systems, of both monitoring and metering types. In
    regard to nuclear command and control systems, chapter thirteen
    examines the tension between availability (the ability to fire a
    missile) and confidentiality (or authentication: making sure nobody
    else does). Various aspects of the technology for security printing
    and seals is dealt with in chapter fourteen. Biometrics, in chapter
    fifteen, gets a good, but fairly standard, treatment. Chapter sixteen
    delves into tamper-resistance in cryptographic gear and smartcards
    (expanding on the content of fourteen). The TEMPEST and Teapot (no,
    I'm not kidding) projects on emission security are reviewed in chapter
    seventeen. Chapter eighteen examines the security problems inherent
    in the use of application programming interfaces (APIs). There is
    good coverage of the basics of traditional electronic warfare in
    chapter nineteen, although the material on information warfare is not
    as thorough. Chapter twenty looks at telecommunications system
    security, with some material on phone phreaking and lots on cellular
    encryption. Network attack and defense, in chapter twenty-one, is
    less focussed than other chapters, and adds malware. Copyright and
    DRM (Digital Rights Management) systems are examined in chapter
    twenty-two, with solid coverage of recent controversies. Gaming,
    social networks, elections, and other complex applications are
    discussed in chapter twenty-three.

    Part three turns to politics, management, and assurance. Chapter
    twenty-four, under the title of "Terror, Justice, and Freedom," has a
    fascinating discussion of major issues in public policy. Management
    issues, in chapter twenty-five, are presented in an interesting but
    generic manner. The discussion of system evaluation and assurance
    asks the usual question in regard to how we know our systems are
    secure. In a sense, though, the subtitle of the book is wrong: much
    of the material points out how *not* to build dependable systems, and
    chapter twenty-six is a bit disheartening. The conclusion, in chapter
    twenty-seven, is that we need more engineers and engineering.

    Although the material is presented in a very formal way, the writing
    is usually quite readable, and the exceptional stilted passages are
    still accessible to the determined reader. On occasion, one could
    hope for additional explanations of some items that are mentioned
    briefly and passed over. The constant emphasis on how security
    protections have failed can be depressing, but the examination of the
    errors of others does provide the basis for better designs in the

    copyright Robert M. Slade, 2002, 2008 BKSECENG.RVW 20080929


    "Dictionary of Information Security," Syngress 1597491152
    ============= for back issues:
    [Base URL] site
    CISSP refs: [Base URL]mnbksccd.htm
    Book reviews: [Base URL]mnbk.htm
    Review mailing list: send mail to
    Rob Slade, doting grandpa of Ryan and Trevor, Oct 27, 2008
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nemesis

    Re: Allan Ross Special Event

    Nemesis, Jul 16, 2004, in forum: Computer Support
    Alexandre Dumass
    Jul 16, 2004
  2. Fuzzy Logic

    Ross R1 combines digital with view camera

    Fuzzy Logic, Jun 3, 2004, in forum: Digital Photography
    Fuzzy Logic
    Jun 3, 2004
  3. J Rusnak
    J Rusnak
    Oct 2, 2006
  4. Henri Laitinen

    Re: Breaking News: Jim Ross Nearly Quits WWE Last Night

    Henri Laitinen, Jul 14, 2008, in forum: Microsoft Certification
    Henri Laitinen
    Jul 14, 2008
  5. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Software Security Engineering", Julia H. Allen et al

    Rob Slade, doting grandpa of Ryan and Trevor, Nov 13, 2008, in forum: Computer Security
    Rob Slade, doting grandpa of Ryan and Trevor
    Nov 13, 2008

Share This Page