"If you’re even thinking of doing any security engineering, you need to read this book. It’s the first, and only, end-to-end modern security design and engineering book ever written."–Bruce Schneier
"Many people are anxious about Internet security for PCs and servers," says leading expert Ross Anderson, "as if that’s all there is when in reality security problems have just begun. By 2003, there may be more mobile phones on the Net than PCs, and they will be quickly followed by network-connected devices from refrigerators to burglar alarms to heart monitors. How will we manage the risks?"
Dense with anecdotes and war stories, readable, up-to-date and full of pointers to recent research, this book will be invaluable to you if you have to design systems to be resilient in the face of malice as well as error. Anderson provides the tools and techniques you’ll need, discusses what’s gone wrong in the past, and shows you how to get your design right the first time around.
You don’t need to be a security expert to understand Anderson’s truly accessible discussion of:
About the Author
- Security engineering basics, from protocols, cryptography, and access controls to the nuts and bolts of distributed systems
- The lowdown on biometrics, tamper resistance, security seals, copyright marking, and many other protection technologies–for many of them, this is the first detailed information in an accessible textbook
- What sort of attacks are done on a wide range of systems–from banking and medical records through burglar alarms and smart cards to mobile phones and e-commerce–and how to stop them
- Management and policy issues–how computer security interacts with the law and with corporate culture
ROSS ANDERSON teaches and directs research in computer security at Cambridge University, England. Widely recognized as one of the world’s foremost authorities on security engineering, he has published extensive studies on how real security systems fail–on bank card fraud, phone phreaking, pay-TV hacking, ways to cheat metering systems and breaches of medical privacy.