Security engineering : a guide to building dependable distributed systems / Ross Anderson.

By:

Anderson, Ross, 1956-

Material type: Text

TextPublication details: New York ; Chichester : Wiley, 2001.Description: 640 pISBN:

0471389226

Subject(s):

DDC classification:

005.8 AND

Holdings
Item type	Current library	Call number	Copy number	Status	Date due	Barcode
Standard Loan	Thurles Library Main Collection	005.8 AND (Browse shelf(Opens below))	1	Available		R16878KRCT

Browsing Thurles Library shelves, Shelving location: Main Collection Close shelf browser (Hides shelf browser)

Previous								Next
Previous	005.7585 OWE Programming Oracle: Triggers and Stored Procedures	005.7585 OWE Programming Oracle: Triggers and Stored Procedures	005.7585 OWE Programming Oracle: Triggers and Stored Procedures	005.8 AND Security engineering : a guide to building dependable distributed systems /	005.8 BEJ Extrusion Detection Security Monitoring for internal intrusions	005.8 BEJ The Tao of Network Security Monitoring Beyond Intrusion Detection	005.8 BIS Computer Security: Art and Science	Next

Enhanced descriptions from Syndetics:

The first quick reference guide to the do's and don'ts of creating high quality security systems.
Ross Anderson, widely recognized as one of the world's foremost authorities on security engineering, presents a comprehensive design tutorial that covers a wide range of applications. Designed for today's programmers who need to build systems that withstand malice as well as error (but have no time to go do a PhD in security), this book illustrates basic concepts through many real-world system design successes and failures. Topics range from firewalls, through phone phreaking and copyright protection, to frauds against e-businesses. Anderson's book shows how to use a wide range of tools, from cryptology through smartcards to applied psychology. As everything from burglar alarms through heart monitors to bus ticket dispensers starts talking IP, the techniques taught in this book will become vital to everyone who wants to build systems that are secure, dependable and manageable.

Table of contents provided by Syndetics

Preface (p. xix)
About the Author (p. xxii)
Foreword (p. xxiii)
Acknowledgments (p. xxv)
Legal Notice (p. xxvii)
Part 1 (p. 1)
1 What Is Security Engineering? (p. 3)
1.1 Example 1: A Bank (p. 4)
1.2 Example 2: An Air Force Base (p. 5)
1.3 Example 3: A Hospital (p. 6)
1.4 Example 4: The Home (p. 7)
1.5 Definitions (p. 8)
1.6 Summary (p. 11)
2 Protocols (p. 13)
2.1 Password Eavesdropping Risks (p. 14)
2.2 Who Goes There? Simple Authentication (p. 15)
2.3 Manipulating the Message (p. 22)
2.4 Changing the Environment (p. 23)
2.5 Chosen Protocol Attacks (p. 24)
2.6 Managing Encryption Keys (p. 25)
2.7 Getting Formal (p. 28)
2.8 Summary (p. 32)
Research Problems (p. 32)
Further Reading (p. 33)
3 Passwords (p. 35)
3.1 Basics (p. 36)
3.2 Applied Psychology Issues (p. 36)
3.3 System Issues (p. 41)
3.4 Technical Protection of Passwords (p. 45)
3.5 Summary (p. 49)
Research Problems (p. 50)
Further Reading (p. 50)
4 Access Control (p. 51)
4.1 Introduction (p. 51)
4.2 Operating System Access Controls (p. 53)
4.3 Hardware Protection (p. 62)
4.4 What Goes Wrong (p. 65)
4.5 Summary (p. 70)
Research Problems (p. 71)
Further Reading (p. 71)
5 Cryptography (p. 73)
5.1 Introduction (p. 73)
5.2 Historical Background (p. 74)
5.3 The Random Oracle Model (p. 80)
5.4 Symmetric Crypto Primitives (p. 89)
5.5 Modes of Operation (p. 98)
5.6 Hash Functions (p. 101)
5.7 Asymmetric Crypto Primitives (p. 104)
5.8 Summary (p. 112)
Research Problems (p. 113)
Further Reading (p. 113)
6 Distributed Systems (p. 115)
6.1 Concurrency (p. 115)
6.2 Fault Tolerance and Failure Recovery (p. 120)
6.3 Naming (p. 124)
6.4 Summary (p. 132)
Research Problems (p. 133)
Further Reading (p. 133)
Part 2 (p. 135)
7 Multilevel Security (p. 137)
7.1 Introduction (p. 137)
7.2 What Is a Security Policy Model? (p. 138)
7.3 The Bell-LaPadula Security Policy Model (p. 139)
7.4 Examples of Multilevel Secure Systems (p. 146)
7.5 What Goes Wrong (p. 151)
7.6 Broader Implications of MLS (p. 157)
7.7 Summary (p. 159)
Research Problems (p. 159)
Further Reading (p. 160)
8 Multilateral Security (p. 161)
8.1 Introduction (p. 161)
8.2 Compartmentation, the Chinese Wall, and the BMA Model (p. 162)
8.3 Inference Control (p. 172)
8.4 The Residual Problem (p. 181)
8.5 Summary (p. 183)
Research Problems (p. 183)
Further Reading (p. 184)
9 Banking and Bookkeeping (p. 185)
9.1 Introduction (p. 185)
9.2 How Bank Computer Systems Work (p. 187)
9.3 Wholesale Payment Systems (p. 194)
9.4 Automatic Teller Machines (p. 197)
9.5 Summary (p. 204)
Research Problems (p. 205)
Further Reading (p. 205)
10 Monitoring Systems (p. 207)
10.1 Introduction (p. 207)
10.2 Alarms (p. 208)
10.3 Prepayment Meters (p. 217)
10.4 Taximeters, Tachographs, and Truck Speed Limiters (p. 222)
10.5 Summary (p. 229)
Research Problems (p. 229)
Further Reading (p. 230)
11 Nuclear Command and Control (p. 231)
11.1 Introduction (p. 231)
11.2 The Kennedy Memorandum (p. 232)
11.3 Unconditionally Secure Authentication Codes (p. 233)
11.4 Shared Control Schemes (p. 234)
11.5 Tamper Resistance and PALs (p. 236)
11.6 Treaty Verification (p. 237)
11.7 What Goes Wrong (p. 238)
11.8 Secrecy or Openness? (p. 240)
11.9 Summary (p. 240)
Research Problem (p. 241)
Further Reading (p. 241)
12 Security Printing and Seals (p. 243)
12.1 Introduction (p. 243)
12.2 History (p. 244)
12.3 Security Printing (p. 245)
12.4 Packaging and Seals (p. 251)
12.5 Systemic Vulnerabilities (p. 252)
12.6 Evaluation Methodology (p. 257)
12.7 Summary (p. 258)
Research Problems (p. 259)
Further Reading (p. 259)
13 Biometrics (p. 261)
13.1 Introduction (p. 261)
13.2 Handwritten Signatures (p. 262)
13.3 Face Recognition (p. 264)
13.4 Fingerprints (p. 265)
13.5 Iris Codes (p. 270)
13.6 Voice Recognition (p. 271)
13.7 Other Systems (p. 272)
13.8 What Goes Wrong (p. 273)
13.9 Summary (p. 275)
Research Problems (p. 276)
Further Reading (p. 276)
14 Physical Tamper Resistance (p. 277)
14.1 Introduction (p. 277)
14.2 History (p. 278)
14.3 High-End Physically Secure Processors (p. 279)
14.4 Evaluation (p. 284)
14.5 Medium-Security Processors (p. 285)
14.6 Smartcards and Microcontrollers (p. 288)
14.7 What Goes Wrong (p. 298)
14.8 What Should Be Protected? (p. 302)
14.9 Summary (p. 303)
Research Problems (p. 304)
Further Reading (p. 304)
15 Emission Security (p. 305)
15.1 Introduction (p. 305)
15.2 History (p. 306)
15.3 Technical Surveillance and Countermeasures (p. 307)
15.4 Passive Attacks (p. 310)
15.5 Active Attacks (p. 315)
15.6 How Serious Are Emsec Attacks? (p. 318)
15.7 Summary (p. 320)
Research Problems (p. 320)
Further Reading (p. 320)
16 Electronic and Information Warfare (p. 321)
16.1 Introduction (p. 321)
16.2 Basics (p. 322)
16.3 Communications Systems (p. 323)
16.4 Surveillance and Target Acquisition (p. 332)
16.5 IFF Systems (p. 337)
16.6 Directed Energy Weapons (p. 338)
16.7 Information Warfare (p. 339)
16.8 Summary (p. 344)
Research Problems (p. 344)
Further Reading (p. 344)
17 Telecom System Security (p. 345)
17.1 Introduction (p. 345)
17.2 Phone Phreaking (p. 345)
17.3 Mobile Phones (p. 352)
17.4 Corporate Fraud (p. 363)
17.5 Summary (p. 365)
Research Problems (p. 365)
Further Reading (p. 366)
18 Network Attack and Defense (p. 367)
18.1 Introduction (p. 367)
18.2 Vulnerabilities in Network Protocols (p. 370)
18.3 Defense against Network Attack (p. 374)
18.4 Trojans, Viruses, and Worms (p. 379)
18.5 Intrusion Detection (p. 384)
18.6 Summary (p. 388)
Research Problems (p. 389)
Further Reading (p. 390)
19 Protecting E-Commerce Systems (p. 391)
19.1 Introduction (p. 391)
19.2 A Telegraphic History of E-Commerce (p. 392)
19.3 An Introduction to Credit Cards (p. 393)
19.4 Online Credit Card Fraud: The Hype and the Reality (p. 396)
19.5 Cryptographic Protection Mechanisms (p. 398)
19.6 Network Economics (p. 405)
19.7 Competitive Applications and Corporate Warfare (p. 408)
19.8 What Else Goes Wrong (p. 409)
19.9 What Can a Merchant Do? (p. 410)
19.10 Summary (p. 411)
Research Problems (p. 411)
Further Reading (p. 411)
20 Copyright and Privacy Protection (p. 413)
20.1 Introduction (p. 413)
20.2 Copyright (p. 415)
20.3 Information Hiding (p. 432)
20.4 Privacy Mechanisms (p. 439)
20.5 Summary (p. 450)
Research Problems (p. 451)
Further Reading (p. 451)
Part 3 (p. 453)
21 E-Policy (p. 455)
21.1 Introduction (p. 455)
21.2 Cryptography Policy (p. 456)
21.3 Copyright (p. 472)
21.4 Data Protection (p. 475)
21.5 Evidential Issues (p. 480)
21.6 Other Public Sector Issues (p. 484)
21.7 Summary (p. 486)
Research Problems (p. 487)
Further Reading (p. 487)
22 Management Issues (p. 489)
22.1 Introduction (p. 489)
22.2 Managing a Security Project (p. 490)
22.3 Methodology (p. 496)
22.4 Security Requirements Engineering (p. 503)
22.5 Risk Management (p. 511)
22.6 Economic Issues (p. 512)
22.7 Summary (p. 514)
Research Problems (p. 514)
Further Reading (p. 515)
23 System Evaluation and Assurance (p. 517)
23.1 Introduction (p. 517)
23.2 Assurance (p. 518)
23.3 Evaluation (p. 526)
23.4 Ways Forward (p. 534)
23.5 Summary (p. 538)
Research Problems (p. 539)
Further Reading (p. 539)
24 Conclusions (p. 541)
Bibliography (p. 545)
Index (p. 595)

Author notes provided by Syndetics

ROSS ANDERSON teaches and directs research in computer security at Cambridge University, England. Widely recognized as one of the world's foremost authorities on security engineering, he has published extensive studies on how real security systems fail-on bank card fraud, phone phreaking, pay-TV hacking, ways to cheat metering systems and breaches of medical privacy.