Now that there's software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic

In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.

This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability.

Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including:

• How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of Things
• Who the attackers are – from nation states and business competitors through criminal gangs to stalkers and playground bullies
• What they do – from phishing and carding through SIM swapping and software exploits to DDoS and fake news
• Security psychology, from privacy through ease-of-use to deception
• The economics of security and dependability – why companies build vulnerable systems and governments look the other way
• How dozens of industries went online – well or badly
• How to manage security and safety engineering in a world of agile development – from reliability engineering to DevSecOps

The third edition of Security Engineering ends with a grand challenge: sustainable security. As we build ever more software and connectivity into safety-critical durable goods like cars and medical devices, how do we design systems we can maintain and defend for decades? Or will everything in the world need monthly software upgrades, and become unsafe once they stop?

Contents

Chapter 1 What Is Security Engineering?

Chapter 2 Who Is the Opponent?

Chapter 3 Psychology and Usability

Chapter 4 Protocols

Chapter 5 Cryptography

Chapter 6 Access Control

Chapter 7 Distributed Systems

Chapter 8 Economics

Chapter 9 Multilevel Security

Chapter 1 0 Boundaries

Chapter 11 Inference Control

Chapter 12 Banking and Bookkeeping

Chapter 13 Locks and Alarms

Chapter 14 Monitoring and Metering

Chapter 15 Nuclear Command and Control

Chapter 16 Security Printing and Seals

Chapter 17 Biometrics

Chapter 18 Tamper Resistance

Chapter 19 Side Channels

Chapter 20 Advanced Cryptographic Engineering

Chapter 21 Network Attack and Defence

Chapter 22 Phones

Chapter 23 Electronic and Information Warfare

Chapter 24 Copyright and DRM

Chapter 20 Advanced Cryptographic Engineering

Chapter 21 Network Attack and Defence

Chapter 22 Phones

Chapter 23 Electronic and Information Warfare

Chapter 24 Copyright and ORM

Chapter 25 New Directions?

Chapter 26 Surveillance or Privacy?

Chapter 27 Secure Systems Development

Chapter 28 Assurance and Sustainability

Chapter 29 Beyond "Computer Says No"

Editorial Reviews

Security Engineering became a classic because it covers not just the technical basics, such as cryptography, access controls and tamper-resistance, but also how they're used in real life. Real-world case studies – of the security of payment systems, military systems, the phone app ecosystems and now self-driving cars – demonstrate how to use security technology in practice, and what can go wrong.

Filled with actionable advice and the latest research, this Third Edition brings a classic book up to date with the modern world of smartphones, cloud computing and AI. As everything gets connected to the Internet, security engineering has come to require inter-disciplinary expertise, ranging from physics to psychology and applied economics. Security Engineering is the only textbook on the market to explain all these aspects of protecting real systems, while still remaining easily accessible.

Perfect for computer science students and practicing cybersecurity professionals, as well as systems engineers of all sorts, this latest edition of Security Engineering also belongs on the bookshelves of candidates for professional certification such as CISSP.

You'll learn what makes a system secure and reliable and what can render it vulnerable, from phones and laptops through cars and payment terminals to cloud services and corporate networks. You'll find:

• The basics: cryptography, protocols, access controls and usability
• The attacks: phishing, software exploits and the cybercrime ecosystem
• The responses: biometrics, smartcards, enclaves, app stores and the patch cycle
• The psychology of security: what makes security hard for users and engineers
• The economics of security: how large systems fail, and what to do about it
• The big policy questions: from surveillance through censorship to sustainability

Security Engineering is the book that created the discipline. It will continue to define the discipline for the 2020s and beyond.

About the Author

Ross Anderson is Professor of Security Engineering at Cambridge University in England. He is widely recognized as one of the world's foremost authorities on security. In 2015 he won the Lovelace Medal, Britain's top award in computing. He is a Fellow of the Royal Society and the Royal Academy of Engineering. He is one of the pioneers of the economics of information security, peer-to-peer systems, API analysis and hardware security. Over the past 40 years, he has also worked or consulted for most of the tech majors.