MTU Cork Library Catalogue

Syndetics cover image
Image from Syndetics

Security engineering : a guide to building dependable distributed systems / Ross J. Anderson.

By: Anderson, Ross, 1956-.
Material type: materialTypeLabelBookPublisher: New York : John Wiley, 2001Description: xxviii, 612 p. : ill. ; 24 cm.ISBN: 0471389226.Subject(s): Computer security | Electronic data processing -- Distributed processingDDC classification: 005.8
Contents:
Part One -- What is Security Engineering? -- Protocols -- Passwords -- Access Control -- Cryptography -- Distributed systems -- Part Two -- Multilevel Security -- Multilateral Security -- Banking and Bookkeeping -- Monitoring systems -- Nuclear command and control -- Security Printing and Seals -- Biometrics -- Physical Tamper Resistance -- Emission Security -- Electronic and Information Warfare -- Telecom System Security -- Network Attack and Defense -- Protecting E-Commerce Systems -- Copyright and Privacy Protection -- Part Three -- E-Policy -- Management Issues -- System Evaluation and Assurance -- Conclusions.
Holdings
Item type Current library Call number Copy number Status Date due Barcode Item holds
General Lending MTU Bishopstown Library Lending 005.8 (Browse shelf(Opens below)) 1 Available 00082831
Total holds: 0

Enhanced descriptions from Syndetics:

The first quick reference guide to the do's and don'ts of creating high quality security systems.
Ross Anderson, widely recognized as one of the world's foremost authorities on security engineering, presents a comprehensive design tutorial that covers a wide range of applications. Designed for today's programmers who need to build systems that withstand malice as well as error (but have no time to go do a PhD in security), this book illustrates basic concepts through many real-world system design successes and failures. Topics range from firewalls, through phone phreaking and copyright protection, to frauds against e-businesses. Anderson's book shows how to use a wide range of tools, from cryptology through smartcards to applied psychology. As everything from burglar alarms through heart monitors to bus ticket dispensers starts talking IP, the techniques taught in this book will become vital to everyone who wants to build systems that are secure, dependable and manageable.

"Wiley Computer Publishing.".

Spine title: Security engineering.

Bibliography: (pages 545-593) and index.

Part One -- What is Security Engineering? -- Protocols -- Passwords -- Access Control -- Cryptography -- Distributed systems -- Part Two -- Multilevel Security -- Multilateral Security -- Banking and Bookkeeping -- Monitoring systems -- Nuclear command and control -- Security Printing and Seals -- Biometrics -- Physical Tamper Resistance -- Emission Security -- Electronic and Information Warfare -- Telecom System Security -- Network Attack and Defense -- Protecting E-Commerce Systems -- Copyright and Privacy Protection -- Part Three -- E-Policy -- Management Issues -- System Evaluation and Assurance -- Conclusions.

Table of contents provided by Syndetics

  • Preface (p. xix)
  • About the Author (p. xxii)
  • Foreword (p. xxiii)
  • Acknowledgments (p. xxv)
  • Legal Notice (p. xxvii)
  • Part 1 (p. 1)
  • 1 What Is Security Engineering? (p. 3)
  • 1.1 Example 1: A Bank (p. 4)
  • 1.2 Example 2: An Air Force Base (p. 5)
  • 1.3 Example 3: A Hospital (p. 6)
  • 1.4 Example 4: The Home (p. 7)
  • 1.5 Definitions (p. 8)
  • 1.6 Summary (p. 11)
  • 2 Protocols (p. 13)
  • 2.1 Password Eavesdropping Risks (p. 14)
  • 2.2 Who Goes There? Simple Authentication (p. 15)
  • 2.3 Manipulating the Message (p. 22)
  • 2.4 Changing the Environment (p. 23)
  • 2.5 Chosen Protocol Attacks (p. 24)
  • 2.6 Managing Encryption Keys (p. 25)
  • 2.7 Getting Formal (p. 28)
  • 2.8 Summary (p. 32)
  • Research Problems (p. 32)
  • Further Reading (p. 33)
  • 3 Passwords (p. 35)
  • 3.1 Basics (p. 36)
  • 3.2 Applied Psychology Issues (p. 36)
  • 3.3 System Issues (p. 41)
  • 3.4 Technical Protection of Passwords (p. 45)
  • 3.5 Summary (p. 49)
  • Research Problems (p. 50)
  • Further Reading (p. 50)
  • 4 Access Control (p. 51)
  • 4.1 Introduction (p. 51)
  • 4.2 Operating System Access Controls (p. 53)
  • 4.3 Hardware Protection (p. 62)
  • 4.4 What Goes Wrong (p. 65)
  • 4.5 Summary (p. 70)
  • Research Problems (p. 71)
  • Further Reading (p. 71)
  • 5 Cryptography (p. 73)
  • 5.1 Introduction (p. 73)
  • 5.2 Historical Background (p. 74)
  • 5.3 The Random Oracle Model (p. 80)
  • 5.4 Symmetric Crypto Primitives (p. 89)
  • 5.5 Modes of Operation (p. 98)
  • 5.6 Hash Functions (p. 101)
  • 5.7 Asymmetric Crypto Primitives (p. 104)
  • 5.8 Summary (p. 112)
  • Research Problems (p. 113)
  • Further Reading (p. 113)
  • 6 Distributed Systems (p. 115)
  • 6.1 Concurrency (p. 115)
  • 6.2 Fault Tolerance and Failure Recovery (p. 120)
  • 6.3 Naming (p. 124)
  • 6.4 Summary (p. 132)
  • Research Problems (p. 133)
  • Further Reading (p. 133)
  • Part 2 (p. 135)
  • 7 Multilevel Security (p. 137)
  • 7.1 Introduction (p. 137)
  • 7.2 What Is a Security Policy Model? (p. 138)
  • 7.3 The Bell-LaPadula Security Policy Model (p. 139)
  • 7.4 Examples of Multilevel Secure Systems (p. 146)
  • 7.5 What Goes Wrong (p. 151)
  • 7.6 Broader Implications of MLS (p. 157)
  • 7.7 Summary (p. 159)
  • Research Problems (p. 159)
  • Further Reading (p. 160)
  • 8 Multilateral Security (p. 161)
  • 8.1 Introduction (p. 161)
  • 8.2 Compartmentation, the Chinese Wall, and the BMA Model (p. 162)
  • 8.3 Inference Control (p. 172)
  • 8.4 The Residual Problem (p. 181)
  • 8.5 Summary (p. 183)
  • Research Problems (p. 183)
  • Further Reading (p. 184)
  • 9 Banking and Bookkeeping (p. 185)
  • 9.1 Introduction (p. 185)
  • 9.2 How Bank Computer Systems Work (p. 187)
  • 9.3 Wholesale Payment Systems (p. 194)
  • 9.4 Automatic Teller Machines (p. 197)
  • 9.5 Summary (p. 204)
  • Research Problems (p. 205)
  • Further Reading (p. 205)
  • 10 Monitoring Systems (p. 207)
  • 10.1 Introduction (p. 207)
  • 10.2 Alarms (p. 208)
  • 10.3 Prepayment Meters (p. 217)
  • 10.4 Taximeters, Tachographs, and Truck Speed Limiters (p. 222)
  • 10.5 Summary (p. 229)
  • Research Problems (p. 229)
  • Further Reading (p. 230)
  • 11 Nuclear Command and Control (p. 231)
  • 11.1 Introduction (p. 231)
  • 11.2 The Kennedy Memorandum (p. 232)
  • 11.3 Unconditionally Secure Authentication Codes (p. 233)
  • 11.4 Shared Control Schemes (p. 234)
  • 11.5 Tamper Resistance and PALs (p. 236)
  • 11.6 Treaty Verification (p. 237)
  • 11.7 What Goes Wrong (p. 238)
  • 11.8 Secrecy or Openness? (p. 240)
  • 11.9 Summary (p. 240)
  • Research Problem (p. 241)
  • Further Reading (p. 241)
  • 12 Security Printing and Seals (p. 243)
  • 12.1 Introduction (p. 243)
  • 12.2 History (p. 244)
  • 12.3 Security Printing (p. 245)
  • 12.4 Packaging and Seals (p. 251)
  • 12.5 Systemic Vulnerabilities (p. 252)
  • 12.6 Evaluation Methodology (p. 257)
  • 12.7 Summary (p. 258)
  • Research Problems (p. 259)
  • Further Reading (p. 259)
  • 13 Biometrics (p. 261)
  • 13.1 Introduction (p. 261)
  • 13.2 Handwritten Signatures (p. 262)
  • 13.3 Face Recognition (p. 264)
  • 13.4 Fingerprints (p. 265)
  • 13.5 Iris Codes (p. 270)
  • 13.6 Voice Recognition (p. 271)
  • 13.7 Other Systems (p. 272)
  • 13.8 What Goes Wrong (p. 273)
  • 13.9 Summary (p. 275)
  • Research Problems (p. 276)
  • Further Reading (p. 276)
  • 14 Physical Tamper Resistance (p. 277)
  • 14.1 Introduction (p. 277)
  • 14.2 History (p. 278)
  • 14.3 High-End Physically Secure Processors (p. 279)
  • 14.4 Evaluation (p. 284)
  • 14.5 Medium-Security Processors (p. 285)
  • 14.6 Smartcards and Microcontrollers (p. 288)
  • 14.7 What Goes Wrong (p. 298)
  • 14.8 What Should Be Protected? (p. 302)
  • 14.9 Summary (p. 303)
  • Research Problems (p. 304)
  • Further Reading (p. 304)
  • 15 Emission Security (p. 305)
  • 15.1 Introduction (p. 305)
  • 15.2 History (p. 306)
  • 15.3 Technical Surveillance and Countermeasures (p. 307)
  • 15.4 Passive Attacks (p. 310)
  • 15.5 Active Attacks (p. 315)
  • 15.6 How Serious Are Emsec Attacks? (p. 318)
  • 15.7 Summary (p. 320)
  • Research Problems (p. 320)
  • Further Reading (p. 320)
  • 16 Electronic and Information Warfare (p. 321)
  • 16.1 Introduction (p. 321)
  • 16.2 Basics (p. 322)
  • 16.3 Communications Systems (p. 323)
  • 16.4 Surveillance and Target Acquisition (p. 332)
  • 16.5 IFF Systems (p. 337)
  • 16.6 Directed Energy Weapons (p. 338)
  • 16.7 Information Warfare (p. 339)
  • 16.8 Summary (p. 344)
  • Research Problems (p. 344)
  • Further Reading (p. 344)
  • 17 Telecom System Security (p. 345)
  • 17.1 Introduction (p. 345)
  • 17.2 Phone Phreaking (p. 345)
  • 17.3 Mobile Phones (p. 352)
  • 17.4 Corporate Fraud (p. 363)
  • 17.5 Summary (p. 365)
  • Research Problems (p. 365)
  • Further Reading (p. 366)
  • 18 Network Attack and Defense (p. 367)
  • 18.1 Introduction (p. 367)
  • 18.2 Vulnerabilities in Network Protocols (p. 370)
  • 18.3 Defense against Network Attack (p. 374)
  • 18.4 Trojans, Viruses, and Worms (p. 379)
  • 18.5 Intrusion Detection (p. 384)
  • 18.6 Summary (p. 388)
  • Research Problems (p. 389)
  • Further Reading (p. 390)
  • 19 Protecting E-Commerce Systems (p. 391)
  • 19.1 Introduction (p. 391)
  • 19.2 A Telegraphic History of E-Commerce (p. 392)
  • 19.3 An Introduction to Credit Cards (p. 393)
  • 19.4 Online Credit Card Fraud: The Hype and the Reality (p. 396)
  • 19.5 Cryptographic Protection Mechanisms (p. 398)
  • 19.6 Network Economics (p. 405)
  • 19.7 Competitive Applications and Corporate Warfare (p. 408)
  • 19.8 What Else Goes Wrong (p. 409)
  • 19.9 What Can a Merchant Do? (p. 410)
  • 19.10 Summary (p. 411)
  • Research Problems (p. 411)
  • Further Reading (p. 411)
  • 20 Copyright and Privacy Protection (p. 413)
  • 20.1 Introduction (p. 413)
  • 20.2 Copyright (p. 415)
  • 20.3 Information Hiding (p. 432)
  • 20.4 Privacy Mechanisms (p. 439)
  • 20.5 Summary (p. 450)
  • Research Problems (p. 451)
  • Further Reading (p. 451)
  • Part 3 (p. 453)
  • 21 E-Policy (p. 455)
  • 21.1 Introduction (p. 455)
  • 21.2 Cryptography Policy (p. 456)
  • 21.3 Copyright (p. 472)
  • 21.4 Data Protection (p. 475)
  • 21.5 Evidential Issues (p. 480)
  • 21.6 Other Public Sector Issues (p. 484)
  • 21.7 Summary (p. 486)
  • Research Problems (p. 487)
  • Further Reading (p. 487)
  • 22 Management Issues (p. 489)
  • 22.1 Introduction (p. 489)
  • 22.2 Managing a Security Project (p. 490)
  • 22.3 Methodology (p. 496)
  • 22.4 Security Requirements Engineering (p. 503)
  • 22.5 Risk Management (p. 511)
  • 22.6 Economic Issues (p. 512)
  • 22.7 Summary (p. 514)
  • Research Problems (p. 514)
  • Further Reading (p. 515)
  • 23 System Evaluation and Assurance (p. 517)
  • 23.1 Introduction (p. 517)
  • 23.2 Assurance (p. 518)
  • 23.3 Evaluation (p. 526)
  • 23.4 Ways Forward (p. 534)
  • 23.5 Summary (p. 538)
  • Research Problems (p. 539)
  • Further Reading (p. 539)
  • 24 Conclusions (p. 541)
  • Bibliography (p. 545)
  • Index (p. 595)

Author notes provided by Syndetics

ROSS ANDERSON teaches and directs research in computer security at Cambridge University, England. Widely recognized as one of the world's foremost authorities on security engineering, he has published extensive studies on how real security systems fail-on bank card fraud, phone phreaking, pay-TV hacking, ways to cheat metering systems and breaches of medical privacy.

Powered by Koha