| Physical description |
xxviii, 612 pages : illustrations ; 24 cm |
| Notes |
"Wiley Computer Publishing." |
| Bibliography |
Includes bibliographical references and index. |
| Contents |
1 What Is Security Engineering? 3 -- 1.1 Example 1: A Bank 4 -- 1.2 Example 2: An Air Force Base 5 -- 1.3 Example 3: A Hospital 6 -- 1.4 Example 4: The Home 7 -- 2 Protocols 13 -- 2.1 Password Eavesdropping Risks 14 -- 2.2 Who Goes There? Simple Authentication 15 -- 2.3 Manipulating the Message 22 -- 2.4 Changing the Environment 23 -- 2.5 Chosen Protocol Attacks 24 -- 2.6 Managing Encryption Keys 25 -- 2.7 Getting Formal 28 -- 3 Passwords 35 -- 3.2 Applied Psychology Issues 36 -- 3.3 System Issues 41 -- 3.4 Technical Protection of Passwords 45 -- 4 Access Control 51 -- 4.2 Operating System Access Controls 53 -- 4.3 Hardware Protection 62 -- 4.4 What Goes Wrong 65 -- 5 Cryptography 73 -- 5.2 Historical Background 74 -- 5.3 Random Oracle Model 80 -- 5.4 Symmetric Crypto Primitives 89 -- 5.5 Modes of Operation 98 -- 5.6 Hash Functions 101 -- 5.7 Asymmetric Crypto Primitives 104 -- 6 Distributed Systems 115 -- 6.1 Concurrency 115 -- 6.2 Fault Tolerance and Failure Recovery 120 -- 6.3 Naming 124 -- 7 Multilevel Security 137 -- 7.2 What Is a Security Policy Model? 138 -- 7.3 Bell-LaPadula Security Policy Model 139 -- 7.4 Examples of Multilevel Secure Systems 146 -- 7.5 What Goes Wrong 151 -- 7.6 Broader Implications of MLS 157 -- 8 Multilateral Security 161 -- 8.2 Compartmentation, the Chinese Wall, and the BMA Model 162 -- 8.3 Inference Control 172 -- 8.4 Residual Problem 181 -- 9 Banking and Bookkeeping 185 -- 9.2 How Bank Computer Systems Work 187 -- 9.3 Wholesale Payment Systems 194 -- 9.4 Automatic Teller Machines 197 -- 10 Monitoring Systems 207 -- 10.2 Alarms 208 -- 10.3 Prepayment Meters 217 -- 10.4 Taximeters, Tachographs, and Truck Speed Limiters 222 -- 11 Nuclear Command and Control 231 -- 11.2 Kennedy Memorandum 232 -- 11.3 Unconditionally Secure Authentication Codes 233 -- 11.4 Shared Control Schemes 234 -- 11.5 Tamper Resistance and PALs 236 -- 11.6 Treaty Verification 237 -- 11.7 What Goes Wrong 238 -- 11.8 Secrecy or Openness? 240 -- 12 Security Printing and Seals 243 -- 12.2 History 244 -- 12.3 Security Printing 245 -- 12.4 Packaging and Seals 251 -- 12.5 Systemic Vulnerabilities 252 -- 12.6 Evaluation Methodology 257 -- 13 Biometrics 261 -- 13.2 Handwritten Signatures 262 -- 13.3 Face Recognition 264 -- 13.4 Fingerprints 265 -- 13.5 Iris Codes 270 -- 13.6 Voice Recognition 271 -- 13.7 Other Systems 272 -- 13.8 What Goes Wrong 273 -- 14 Physical Tamper Resistance 277 -- 14.2 History 278 -- 14.3 High-End Physically Secure Processors 279 -- 14.4 Evaluation 284 -- 14.5 Medium-Security Processors 285 -- 14.6 Smartcards and Microcontrollers 288 -- 14.7 What Goes Wrong 298 -- 14.8 What Should Be Protected? 302 -- 15 Emission Security 305 -- 15.2 History 306 -- 15.3 Technical Surveillance and Countermeasures 307 -- 15.4 Passive Attacks 310 -- 15.5 Active Attacks 315 -- 15.6 How Serious Are Emsec Attacks? 318 -- 16 Electronic and Information Warfare 321 -- 16.3 Communications Systems 323 -- 16.4 Surveillance and Target Acquisition 332 -- 16.5 IFF Systems 337 -- 16.6 Directed Energy Weapons 338 -- 16.7 Information Warfare 339 -- 17 Telecom System Security 345 -- 17.2 Phone Phreaking 345 -- 17.3 Mobile Phones 352 -- 17.4 Corporate Fraud 363 -- 18 Network Attack and Defense 367 -- 18.2 Vulnerabilities in Network Protocols 370 -- 18.3 Defense against Network Attack 374 -- 18.4 Trojans, Viruses, and Worms 379 -- 18.5 Intrusion Detection 384 -- 19 Protecting E-Commerce Systems 391 -- 19.2 A Telegraphic History of E-Commerce 392 -- 19.3 An Introduction to Credit Cards 393 -- 19.4 Online Credit Card Fraud: The Hype and the Reality 396 -- 19.5 Cryptographic Protection Mechanisms 398 -- 19.6 Network Economics 405 -- 19.7 Competitive Applications and Corporate Warfare 408 -- 19.8 What Else Goes Wrong 409 -- 19.9 What Can a Merchant Do? 410 -- 20 Copyright and Privacy Protection 413 -- 20.2 Copyright 415 -- 20.3 Information Hiding 432 -- 20.4 Privacy Mechanisms 439 -- 21 E-Policy 455 -- 21.2 Cryptography Policy 456 -- 21.3 Copyright 472 -- 21.4 Data Protection 475 -- 21.5 Evidential Issues 480 -- 21.6 Other Public Sector Issues 484 -- 22 Management Issues 489 -- 22.2 Managing a Security Project 490 -- 22.3 Methodology 496 -- 22.4 Security Requirements Engineering 503 -- 22.5 Risk Management 511 -- 22.6 Economic Issues 512 -- 23 System Evaluation and Assurance 517 -- 23.2 Assurance 518 -- 23.3 Evaluation 526 -- 23.4 Ways Forward 534. |
| Summary |
The first quick reference guide to the do's and don'ts of creating high quality security systems. |
|
Ross Anderson, widely recognized as one of the world's foremost authorities on security engineering, presents a comprehensive design tutorial that covers a wide range of applications. Designed for today's programmers who need to build systems that withstand malice as well as error (but have no time to go do a PhD in security), this book illustrates basic concepts through many real-world system design successes and failures. Topics range from firewalls, through phone phreaking and copyright protection, to frauds against e-businesses. Anderson's book shows how to use a wide range of tools, from cryptology through smartcards to applied psychology. As everything from burglar alarms through heart monitors to bus ticket dispensers starts talking IP, the techniques taught in this book will become vital to everyone who wants to build systems that are secure, dependable and manageable. |
| Subject |
Computer security.
|
|
Electronic data processing -- Distributed processing.
|
| ISBN |
0471389226 (paperback: alkaline paper) |
|
