Skip header Section
Skip Bibliometrics Section
Security Engineering: A Guide to Building Dependable Distributed SystemsApril 2008
- Author:
- Ross J. Anderson
Skip Abstract Section
Abstract
Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorized use, and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions about. Be aware: This is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenious ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the cold war brought on a decline in defenses against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say), and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables. A terrific read for security professionals and general readers alike. --David Wall Topics covered: How some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the U.S. Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology, and legal matters.
Cited By
- Herranz-Oliveros D, Marsa-Maestre I, Gimenez-Guzman J, Tejedor-Romero M and de la Hoz E (2024). Surgical immunization strategies against lateral movement in Active Directory environments, Journal of Network and Computer Applications, 222:C, Online publication date: 1-Feb-2024.
- Durán C, Fernández-Campusano C, Carrasco R and Carrillo E (2024). DMLBC, Journal of King Saud University - Computer and Information Sciences, 36:1, Online publication date: 1-Jan-2024.
Lopez T, Sharp H, Bandara A, Tun T, Levine M and Nuseibeh B (2022). Security Responses in Software Development, ACM Transactions on Software Engineering and Methodology, 32:3, (1-29), Online publication date: 31-Jul-2023.- Soderi S, Masti D and Lun Y (2023). Railway Cyber-Security in the Era of Interconnected Systems: A Survey, IEEE Transactions on Intelligent Transportation Systems, 24:7, (6764-6779), Online publication date: 1-Jul-2023.
- de Carvalho Bertoli G, Alves Pereira Junior L, Saotome O and dos Santos A (2023). Generalizing intrusion detection for heterogeneous networks, Computers and Security, 127:C, Online publication date: 1-Apr-2023.
- Hicks A Transparency, Compliance, And Contestability When Code Is(n’t) Law Proceedings of the 2022 New Security Paradigms Workshop, (130-142)
- Shabbir M, Ahmad F, Shabbir A and Alanazi S (2022). Cognitively managed multi-level authentication for security using Fuzzy Logic based Quantum Key Distribution, Journal of King Saud University - Computer and Information Sciences, 34:4, (1468-1485), Online publication date: 1-Apr-2022.
- Mehr Nezhad M and Hao F OPay: an Orientation-based Contactless Payment Solution Against Passive Attacks Proceedings of the 37th Annual Computer Security Applications Conference, (375-384)
- Daughety N, Pendleton M, Xu S, Njilla L and Franco J vCDS: A Virtualized Cross Domain Solution Architecture MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM), (61-68)
- Wittkotter E WaC Proceedings of the 5th Workshop on Attacks and Solutions in Hardware Security, (99-109)
- Rajasoundaran S, Prabu A, Kumar G, Malla P and Routray S (2021). Secure Opportunistic Watchdog Production in Wireless Sensor Networks: A Review, Wireless Personal Communications: An International Journal, 120:2, (1895-1919), Online publication date: 1-Sep-2021.
- Mazur Z and Pec J The Concept of Information Graphs as a Tool to Identify Vulnerabilities in the Information Map of an Organisation Advances and Trends in Artificial Intelligence. From Theory to Practice, (215-226)
- Maliszewski M and Boryczka U Using MajorClust Algorithm for Sandbox-based ATM Security 2021 IEEE Congress on Evolutionary Computation (CEC), (1054-1061)
- Opaschi O and Vatavu R (2020). Uncovering Practical Security and Privacy Threats for Connected Glasses with Embedded Video Cameras, Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 4:4, (1-26), Online publication date: 17-Dec-2020.
- Ganesh B and Palmieri P A Survey of Advanced Encryption for Database Security: Primitives, Schemes, and Attacks Foundations and Practice of Security, (100-120)
- Juma N, Huang X and Tripunitara M Forensic Analysis in Access Control Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, (1533-1550)
- Crick T, Davenport J, Hanna P, Irons A and Prickett T Overcoming the Challenges of Teaching Cybersecurity in UK Computer Science Degree Programmes 2020 IEEE Frontiers in Education Conference (FIE), (1-9)
- Younis Y and Musbah M A Framework to Protect Against Phishing Attacks Proceedings of the 6th International Conference on Engineering & MIS 2020, (1-6)
- Condori-Fernandez N, Suni-Lopez F, Muñante D and Daneva M How Can Personality Influence Perception on Security of Context-Aware Applications? Socio-Technical Aspects in Security and Trust, (3-22)
- Zhang X, Wang X, Yun W, Gao C, Han M and Liu H (2020). Pattern‐based software process modeling for dependability, Journal of Software: Evolution and Process, 32:9, Online publication date: 3-Sep-2020.
- Tiloca M, Dini G, Rizki K and Raza S (2019). Group rekeying based on member join history, International Journal of Information Security, 19:4, (343-381), Online publication date: 1-Aug-2020.
- Rodríguez A, Fulp E, John D and Cui J Using evolutionary algorithms and pareto ranking to identify secure virtual local area networks Proceedings of the 2020 Genetic and Evolutionary Computation Conference Companion, (1512-1519)
- Mansour S and Lauf A Hardware Root Of Trust for IoT Security In Smart Home Systems 2020 IEEE 17th Annual Consumer Communications & Networking Conference (CCNC), (1-2)
- Panda S, Woods D, Laszka A, Fielder A and Panaousis E (2022). Post-incident audits on cyber insurance discounts, Computers and Security, 87:C, Online publication date: 1-Nov-2019.
- Buckley O and Nurse J (2019). The language of biometrics, Journal of Information Security and Applications, 47:C, (112-119), Online publication date: 1-Aug-2019.
- Lopez T, Sharp H, Tun T, Bandara A, Levine M and Nuseibeh B "Hopefully we are mostly secure" Proceedings of the 12th International Workshop on Cooperative and Human Aspects of Software Engineering, (61-68)
- Gerault D and Boureanu I Distance bounding under different assumptions Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, (245-248)
- Hazzard A, Greenhalgh C, Kallionpaa M, Benford S, Veinberg A, Kanga Z and McPherson A Failing with Style Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, (1-14)
- Laborde R, Bulusu S, Wazan A, Barrère F and Benzekri A Logic-based methodology to help security architects in eliciting high-level network security requirements Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, (1610-1619)
- Li W, Wang Y, Li H and Li X P3M Proceedings of the 24th Asia and South Pacific Design Automation Conference, (633-638)
- Zhang X, Wang X and Kang Y (2018). Trustworthiness requirement‐oriented software process modeling, Journal of Software: Evolution and Process, 30:12, Online publication date: 12-Dec-2018.
- Winograd T, Shenoy G, Salmani H, Mahmoodi H, Rafatirad S and Homayoun H (2018). Programmable Gates Using Hybrid CMOS-STT Design to Prevent IC Reverse Engineering, ACM Transactions on Design Automation of Electronic Systems, 23:6, (1-21), Online publication date: 30-Nov-2018.
- Ramezan G, Leung C and Wang Z (2018). A Survey of Secure Routing Protocols in Multi-Hop Cellular Networks, IEEE Communications Surveys & Tutorials, 20:4, (3510-3541), Online publication date: 1-Oct-2018.
- Claro R, Portêlo J, Pardal M and Pinho R Big Data Privacy by Design Computation Platform Machine Learning, Optimization, and Data Science, (394-405)
- Rindell K, Ruohonen J and Hyrynsalmi S Surveying Secure Software Development Practices in Finland Proceedings of the 13th International Conference on Availability, Reliability and Security, (1-7)
- Wakabayashi S, Maruyama S, Mori T, Goto S, Kinugawa M and Hayashi Y A feasibility study of radio-frequency retroreflector attack Proceedings of the 12th USENIX Conference on Offensive Technologies, (4-4)
- (Weber) Dupree J, Lank E and Berry D (2018). A case study of using grounded analysis as a requirement engineering method, Science of Computer Programming, 152:C, (1-37), Online publication date: 15-Jan-2018.
- Spring J, Moore T and Pym D Practicing a Science of Security Proceedings of the 2017 New Security Paradigms Workshop, (1-18)
- Wijayarathna C, Arachchilage N and Slay J A Generic Cognitive Dimensions Questionnaire to Evaluate the Usability of Security APIs Human Aspects of Information Security, Privacy and Trust, (160-173)
- Williams E, Beardmore A and Joinson A (2017). Individual differences in susceptibility to online influence, Computers in Human Behavior, 72:C, (412-421), Online publication date: 1-Jul-2017.
- Saarela M, Hosseinzadeh S, Hyrynsalmi S and Leppänen V Measuring Software Security from the Design of Software Proceedings of the 18th International Conference on Computer Systems and Technologies, (179-186)
- Yi S and Zhou Y (2017). Binary-block embedding for reversible data hiding in encrypted images, Signal Processing, 133:C, (40-51), Online publication date: 1-Apr-2017.
- Tiloca M, Gehrmann C and Seitz L (2017). On improving resistance to Denial of Service and key provisioning scalability of the DTLS handshake, International Journal of Information Security, 16:2, (173-193), Online publication date: 1-Apr-2017.
- Mehrnezhad M, Ghaemi Bafghi A, Harati A and Toreini E (2017). PiSHi, International Journal of Information Security, 16:2, (133-149), Online publication date: 1-Apr-2017.
- Genkin D, Shamir A and Tromer E (2017). Acoustic Cryptanalysis, Journal of Cryptology, 30:2, (392-443), Online publication date: 1-Apr-2017.
- Goyal S, Jabbari S, Kearns M, Khanna S and Morgenstern J Strategic Network Formation with Attack and Immunization Proceedings of the 12th International Conference on Web and Internet Economics - Volume 10123, (429-443)
- Genkin D, Pachmanov L, Pipman I, Tromer E and Yarom Y ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, (1626-1638)
- Ranjan A and Kumar B Three Steps Secure Login Proceedings of the 9th Annual ACM India Conference, (107-114)
- Damasceno C, Masiero P and Simao A Evaluating test characteristics and effectiveness of FSM-based testing methods on RBAC systems Proceedings of the XXX Brazilian Symposium on Software Engineering, (83-92)
- Winograd T, Salmani H, Mahmoodi H, Gaj K and Homayoun H Hybrid STT-CMOS designs for reverse-engineering prevention Proceedings of the 53rd Annual Design Automation Conference, (1-6)
- Genkin D, Pachmanov L, Pipman I, Shamir A and Tromer E (2016). Physical key extraction attacks on PCs, Communications of the ACM, 59:6, (70-79), Online publication date: 23-May-2016.
- Nadi S, Krüger S, Mezini M and Bodden E Jumping through hoops Proceedings of the 38th International Conference on Software Engineering, (935-946)
- Genkin D, Pachmanov L, Pipman I and Tromer E ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs Proceedings of the RSA Conference on Topics in Cryptology - CT-RSA 2016 - Volume 9610, (219-235)
- Ye J, Hu Y and Li X DCPUF Proceedings of the 2016 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays, (279-279)
- González-Burgueño A, Santiago S, Escobar S, Meadows C and Meseguer J Analysis of the PKCS#11 API Using the Maude-NPA Tool Proceedings of the Second International Conference on Security Standardisation Research - Volume 9497, (86-106)
- Kramer S (2015). Logic of Intuitionistic Interactive Proofs (Formal Theory of Perfect Knowledge Transfer), ACM Transactions on Computational Logic, 16:4, (1-32), Online publication date: 19-Nov-2015.
- Mao W, Cai Z, Towsley D and Guan X Probabilistic Inference on Integrity for Access Behavior Based Malware Detection Proceedings of the 18th International Symposium on Research in Attacks, Intrusions, and Defenses - Volume 9404, (155-176)
- Uzunov A, Fernandez E and Falkner K (2015). Security solution frames and security patterns for authorization in distributed, collaborative systems, Computers and Security, 55:C, (193-234), Online publication date: 1-Nov-2015.
- Arzt S, Nadi S, Ali K, Bodden E, Erdweg S and Mezini M Towards secure integration of cryptographic software 2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward!), (1-13)
- Heiland R, Koranda S, Marru S, Pierce M and Welch V Authentication and Authorization Considerations for a Multi-tenant Service Proceedings of the 1st Workshop on The Science of Cyberinfrastructure: Research, Experience, Applications and Models, (29-35)
- Rizvi S, Fong P, Crampton J and Sellwood J Relationship-Based Access Control for an Open-Source Medical Records System Proceedings of the 20th ACM Symposium on Access Control Models and Technologies, (113-124)
- Fahrnberger G and Heneis K SecureString 3.0 Proceedings of the 11th International Conference on Distributed Computing and Internet Technology - Volume 8956, (331-334)
- Fahrnberger G Repetition Pattern Attack on Multi-word-containing SecureString 2.0 Objects Proceedings of the 11th International Conference on Distributed Computing and Internet Technology - Volume 8956, (265-277)
- Sommestad T, Karlzén H and Hallberg J (2015). A Meta-Analysis of Studies on Protection Motivation Theory and Information Security Behaviour, International Journal of Information Security and Privacy, 9:1, (26-46), Online publication date: 1-Jan-2015.
- Accorsi R, Lehmann A and Lohmann N (2015). Information leak detection in business process models, Information Systems, 47:C, (244-257), Online publication date: 1-Jan-2015.
- Shahrjerdi D, Rajendran J, Garg S, Koushanfar F and Karri R Shielding and securing integrated circuits with sensors Proceedings of the 2014 IEEE/ACM International Conference on Computer-Aided Design, (170-174)
- Laszka A, Johnson B, Schöttle P, Grossklags J and Böhme R (2014). Secure Team Composition to Thwart Insider Threats and Cyber-Espionage, ACM Transactions on Internet Technology, 14:2-3, (1-22), Online publication date: 28-Oct-2014.
- Arnbak A, Asghari H, Van Eeten M and Van Eijk N (2014). Security collapse in the HTTPS market, Communications of the ACM, 57:10, (47-55), Online publication date: 23-Sep-2014.
- Genkin D, Pipman I and Tromer E Get Your Hands Off My Laptop Proceedings of the 16th International Workshop on Cryptographic Hardware and Embedded Systems --- CHES 2014 - Volume 8731, (242-260)
- Poller A, Türpe S and Kinder-Kurlanda K An Asset to Security Modeling? Proceedings of the 2014 New Security Paradigms Workshop, (69-82)
- Arnbak A, Asghari H, Van Eeten M and Van Eijk N (2014). Security Collapse in the HTTPS Market, Queue, 12:8, (30-43), Online publication date: 1-Aug-2014.
- Gadelha L and Mattoso M Applying Provenance to Protect Attribution in Distributed Computational Scientific Experiments Revised Selected Papers of the 5th International Provenance and Annotation Workshop on Provenance and Annotation of Data and Processes - Volume 8628, (139-151)
- Jusko J, Rehak M and Pevny T A memory efficient privacy preserving representation of connection graphs Proceedings of the 1st International Workshop on Agents and CyberSecurity, (1-8)
- Macia-Perez F, Lorenzo-Fonseca I and Berna-Martinez J (2014). A formal framework for modelling complex network management systems, Journal of Network and Computer Applications, 40:C, (255-269), Online publication date: 1-Apr-2014.
- Diaz J, Arroyo D and Rodriguez F (2014). A formal methodology for integral security design and verification of network protocols, Journal of Systems and Software, 89:C, (87-98), Online publication date: 1-Mar-2014.
- Leitner M and Rinderle-Ma S (2014). A systematic review on security in Process-Aware Information Systems - Constitution, challenges, and future directions, Information and Software Technology, 56:3, (273-293), Online publication date: 1-Mar-2014.
- Hu L, Mayo J and Wallace C An empirical study of three access control systems Proceedings of the 6th International Conference on Security of Information and Networks, (287-291)
- Helfmeier C, Nedospasov D, Tarnovsky C, Krissler J, Boit C and Seifert J Breaking and entering through the silicon Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, (733-744)
- Sharifi A and Tripunitara M Least-restrictive enforcement of the Chinese wall security policy Proceedings of the 18th ACM symposium on Access control models and technologies, (61-72)
- Camek A, Buckl C and Knoll A Future cars Proceedings of the 2nd ACM international conference on High confidence networked systems, (17-24)
- Csajbók Z Approximation of sets based on partial covering Transactions on Rough Sets XVI, (144-220)
- McDermott J, Montrose B, Li M, Kirby J and Kang M Separation virtual machine monitors Proceedings of the 28th Annual Computer Security Applications Conference, (419-428)
- Anderson R Security economics Proceedings of the 28th Annual Computer Security Applications Conference, (139-144)
- Hao F and Clarke D Security analysis of a multi-factor authenticated key exchange protocol Proceedings of the 10th international conference on Applied Cryptography and Network Security, (1-11)
- Ochoa M, Jürjens J and Cuéllar J Non-interference on UML state-charts Proceedings of the 50th international conference on Objects, Models, Components, Patterns, (219-235)
- Brooke P, Paige R and Power C Approaches to modelling security scenarios with domain-specific languages Proceedings of the 20th international conference on Security Protocols, (41-54)
- Mahmood S and Desmedt Y Usable privacy by visual and interactive control of information flow Proceedings of the 20th international conference on Security Protocols, (181-188)
- Rührmair U SIMPL systems as a keyless cryptographic and security primitive Cryptography and Security, (329-354)
- Aumasson J, Mitrokotsa A and Peris-Lopez P A note on a privacy-preserving distance-bounding protocol Proceedings of the 13th international conference on Information and communications security, (78-92)
- Dini G and Savino I (2011). LARK, ACM Transactions on Embedded Computing Systems, 10:4, (1-35), Online publication date: 1-Nov-2011.
- Mahmood S and Desmedt Y Poster Proceedings of the 18th ACM conference on Computer and communications security, (809-812)
- Zhu F, Carpenter S, Kulkarni A and Kolimi S Reciprocity attacks Proceedings of the Seventh Symposium on Usable Privacy and Security, (1-14)
- Rychlik M, Stankiewicz W and Morzynski M Numerical analysis of geometrical features of 3D biological objects, for three-dimensional biometric and anthropometric database Proceedings of the 6th international conference on Universal access in human-computer interaction: users diversity - Volume Part II, (108-117)
- Rudolph C Trust areas Proceedings of the 7th international conference on Security and Trust Management, (22-27)
- Diaz J, Arroyo D and Rodriguez F An approach for adapting moodle into a secure infrastructure Proceedings of the 4th international conference on Computational intelligence in security for information systems, (214-221)
- Anderson R, Bond M, Choudary O, Murdoch S and Stajano F Might financial cryptography kill financial innovation? --- the curious case of EMV Proceedings of the 15th international conference on Financial Cryptography and Data Security, (220-234)
- Gunawan L, Kraemer F and Herrmann P A tool-supported method for the design and implementation of secure distributed applications Proceedings of the Third international conference on Engineering secure software and systems, (142-155)
- Rührmair U SIMPL systems, or Proceedings of the 37th international conference on Current trends in theory and practice of computer science, (26-45)
- Mead N, McDonald J, Allen J, Ardis M, Hilburn T, Kornecki A and Linger R (2010). Development of a Master of Software Assurance Reference Curriculum, International Journal of Secure Software Engineering, 1:4, (18-34), Online publication date: 1-Oct-2010.
- Gürgens S, Rudolph C, Maña A and Nadjm-Tehrani S Security engineering for embedded systems Proceedings of the International Workshop on Security and Dependability for Resource Constrained Embedded Systems, (1-6)
- Moradian E and Håkansson A Controlling security of software development with multi-agent system Proceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part IV, (98-107)
- Evesti A and Pantsar-Syväniemi S Towards micro architecture for security adaptation Proceedings of the Fourth European Conference on Software Architecture: Companion Volume, (181-188)
- Van Dijk M and Juels A On the impossibility of cryptography alone for privacy-preserving cloud computing Proceedings of the 5th USENIX conference on Hot topics in security, (1-8)
- McDermott J and Freitas L Using formal methods for security in the Xenon project Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, (1-4)
- Kramer S, Goré R and Okamoto E (2010). Formal definitions and complexity results for trust relations and trust domains fit for TTPs, the web of trust, PKIs, and ID-based cryptography, ACM SIGACT News, 41:1, (75-98), Online publication date: 1-Mar-2010.
- Miede A, Nedyalkov N, Schuller D, Repp N and Steinmetz R Cross-organizational security - the service-oriented difference Proceedings of the 2009 international conference on Service-oriented computing, (72-81)
- Patel V, Easley G, Healy D and Chellappa R Compressed sensing for synthetic aperture radar imaging Proceedings of the 16th IEEE international conference on Image processing, (2117-2120)
- Norman D (2009). THE WAY I SEE ITWhen security gets in the way, Interactions, 16:6, (60-63), Online publication date: 1-Nov-2009.
- Gallo R, Kawakami H and Dahab R On device identity establishment and verification Proceedings of the 6th European conference on Public key infrastructures, services and applications, (130-145)
- Türpe S What is the shape of your security policy? Proceedings of the 2009 workshop on New security paradigms workshop, (23-36)
- Dlamini M, Eloff J and Eloff M (2009). Information security, Computers and Security, 28:3-4, (189-198), Online publication date: 1-May-2009.
- Siddiqui M, Shaikh R and Hong C Trust-based anonymity framework for wireless mesh networks Proceedings of the 11th international conference on Advanced Communication Technology - Volume 3, (1638-1642)
- Chiola G and Gasti P StemCerts-2 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference, (1390-1396)
- Khattab S, Mosse D and Melhem R Jamming Mitigation in Multi-Radio Wireless Networks Proceedings of the 4th international conference on Security and privacy in communication netowrks, (1-10)
- McDermott J, Kirby J, Montrose B, Johnson T and Kang M (2008). Re-engineering Xen internals for higher-assurance security, Information Security Tech. Report, 13:1, (17-24), Online publication date: 1-Jan-2008.
- Paar C and Weimerskirch A (2007). Embedded security in a pervasive world, Information Security Tech. Report, 12:3, (155-161), Online publication date: 1-Jan-2007.
- Giorgini P, Massacci F and Zannone N Security and trust requirements engineering Foundations of Security Analysis and Design III, (237-272)
- Mouratidis H, Giorgini P and Manson G Integrating security and systems engineering Proceedings of the 15th international conference on Advanced information systems engineering, (63-78)
- Kraft R Designing a distributed access control processor for network services on the Web Proceedings of the 2002 ACM workshop on XML security, (36-52)
- Wang S, Delavar M, Azad M, Nabizadeh F, Smith S and Hao F Spoofing Against Spoofing: Towards Caller ID Verification In Heterogeneous Telecommunication Systems, ACM Transactions on Privacy and Security, 0:0
- Kroll J, Kohli N and Laskowski P Privacy and Policy in Polystores: A Data Management Research Agenda Heterogeneous Data Management, Polystores, and Analytics for Healthcare, (68-81)
Index Terms
- Security Engineering: A Guide to Building Dependable Distributed Systems
Recommendations
Proactive Security: Proactive security latest: vendors wire the cage but has the budgie flown...
Proactive security sounds at first sight like just another marketing gimmick to persuade customers to sign for up for yet another false dawn. After all proactivity is surely just good practice, protecting in advance against threats that are known about, ...
Srijith KrishnanNair
Few books on the broad subject of security engineering have achieved the seminal status of this one, first published in 2001 [1]. The first edition is available for free online (http://www.cl.cam.ac.uk/~rja14/book.html). The second edition adds over 400 pages to the already bulging 612-page first edition. The book is divided into three parts. The first part, spanning seven chapters, deals with basic concepts of security engineering. The discussion covers the workings of security protocols, the people angle to security solutions, thoughts on password use, access control from a systems viewpoint, and cryptography. The last two chapters concentrate on problems of distributed systems, namely concurrency, failure resistance, and naming, as well as on the economics of system security. Part 2, the largest of the three, covers a wide range of topics in the area of security, by examining various applications of secure systems. Multilevel security systems are considered in chapter 8, while compartmentalized systems as a means of dealing with sensitive information are discussed in chapter 9. Banking and fraud control systems are presented in the next chapter, and chapter 11 presents a limited discussion on physical security. Chapter 12 reviews monitoring systems, and chapter 13 considers the tradeoff between availability and confidentiality. Security printing and seals-based technology are discussed in the next chapter, followed by biometrics in chapter 15. Chapter 16 deals with tamper resistance in cryptographic hardware, including smartcards. Chapter 17 is on emission security, chapter 18 is on security issues associated with the use of application programming interfaces (APIs), chapter 19 is on electronic warfare, and chapter 20 is on telecommunication systems security. Chapter 21 looks at network security-specifically, attacks and defenses. Chapter 22 looks at the controversial recent technologies associated with digital rights management (DRM) systems. The last chapter in this part looks at a potpourri of applications associated with social networks, gaming, and elections. Part 3 deals with more abstract issues associated with policies and politics (chapter 24), management issues (chapter 25), and system evaluation and assurance (chapter 26). The last chapter provides a conclusion, summarizing the state of secure systems and discussing the need for further research and engineering work to make them more secure. Anderson has expanded on his already comprehensive first edition, and has come up with a formidable, exhaustive, and updated look at the state of security engineering. In the process, he has produced a book that is a must-read for anyone interested in the wide area of system security. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.