Details

Security Engineering

Security Engineering

A Guide to Building Dependable Distributed Systems
3. Aufl.

von: Ross Anderson

47,99 €

Verlag: Wiley
Format: EPUB
Veröffentl.: 25.11.2020
ISBN/EAN: 9781119642817
Sprache: englisch
Anzahl Seiten: 1232

In den Warenkorb
Als Gutschein
DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

Titelbeschreibung

<p><b>Now that there's software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic</b></p> <p>In <i>Security Engineering: A Guide to Building Dependable Distributed Systems,</i> Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.</p> <p>This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability.</p> <p>Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including:</p> <ul> <li>How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of Things</li> <li>Who the attackers are – from nation states and business competitors through criminal gangs to stalkers and playground bullies</li> <li>What they do – from phishing and carding through SIM swapping and software exploits to DDoS and fake news</li> <li>Security psychology, from privacy through ease-of-use to deception</li> <li>The economics of security and dependability – why companies build vulnerable systems and governments look the other way</li> <li>How dozens of industries went online – well or badly</li> <li>How to manage security and safety engineering in a world of agile development – from reliability engineering to DevSecOps</li> </ul> <p>The third edition of <i>Security Engineering</i> ends with a grand challenge: sustainable security. As we build ever more software and connectivity into safety-critical durable goods like cars and medical devices, how do we design systems we can maintain and defend for decades? Or will everything in the world need monthly software upgrades, and become unsafe once they stop?</p>

Inhaltsverzeichnis

<p>Preface to the Third Edition xxxvii</p> <p>Preface to the Second Edition xli</p> <p>Preface to the First Edition xliii</p> <p>Formy daughter, and other lawyers… xlvii</p> <p>Foreword xlix</p> <p><b>Part I</b></p> <p><b>Chapter 1 What Is Security Engineering? 3</b></p> <p>1.1 Introduction 3</p> <p>1.2 A framework 4</p> <p>1.3 Example 1 – a bank 6</p> <p>1.4 Example 2 – a military base 7</p> <p>1.5 Example 3 – a hospital 8</p> <p>1.6 Example 4 – the home 10</p> <p>1.7 Definitions 11</p> <p>1.8 Summary 16</p> <p><b>Chapter 2 Who Is the Opponent? 17</b></p> <p>2.1 Introduction 17</p> <p>2.2 Spies 19</p> <p>2.2.1 The Five Eyes 19</p> <p>2.2.1.1 Prism 19</p> <p>2.2.1.2 Tempora 20</p> <p>2.2.1.3 Muscular 21</p> <p>2.2.1.4 Special collection 22</p> <p>2.2.1.5 Bullrun and Edgehill 22</p> <p>2.2.1.6 Xkeyscore 23</p> <p>2.2.1.7 Longhaul 24</p> <p>2.2.1.8 Quantum 25</p> <p>2.2.1.9 CNE 25</p> <p>2.2.1.10 The analyst’s viewpoint 27</p> <p>2.2.1.11 Offensive operations 28</p> <p>2.2.1.12 Attack scaling 29</p> <p>2.2.2 China 30</p> <p>2.2.3 Russia 35</p> <p>2.2.4 The rest 38</p> <p>2.2.5 Attribution 40</p> <p>2.3 Crooks 41</p> <p>2.3.1 Criminal infrastructure 42</p> <p>2.3.1.1 Botnet herders 42</p> <p>2.3.1.2 Malware devs 44</p> <p>2.3.1.3 Spam senders 45</p> <p>2.3.1.4 Bulk account compromise 45</p> <p>2.3.1.5 Targeted attackers 46</p> <p>2.3.1.6 Cashout gangs 46</p> <p>2.3.1.7 Ransomware 47</p> <p>2.3.2 Attacks on banking and payment systems 47</p> <p>2.3.3 Sectoral cybercrime ecosystems 49</p> <p>2.3.4 Internal attacks 49</p> <p>2.3.5 CEO crimes 49</p> <p>2.3.6 Whistleblowers 50</p> <p>2.4 Geeks 52</p> <p>2.5 The swamp 53</p> <p>2.5.1 Hacktivism and hate campaigns 54</p> <p>2.5.2 Child sex abuse material 55</p> <p>2.5.3 School and workplace bullying 57</p> <p>2.5.4 Intimate relationship abuse 57</p> <p>2.6 Summary 59</p> <p>Research problems 60</p> <p>Further reading 61</p> <p><b>Chapter 3 Psychology and Usability 63</b></p> <p>3.1 Introduction 63</p> <p>3.2 Insights from psychology research 64</p> <p>3.2.1 Cognitive psychology 65</p> <p>3.2.2 Gender, diversity and interpersonal variation 68</p> <p>3.2.3 Social psychology 70</p> <p>3.2.3.1 Authority and its abuse 71</p> <p>3.2.3.2 The bystander effect 72</p> <p>3.2.4 The social-brain theory of deception 73</p> <p>3.2.5 Heuristics, biases and behavioural economics 76</p> <p>3.2.5.1 Prospect theory and risk misperception 77</p> <p>3.2.5.2 Present bias and hyperbolic discounting 78</p> <p>3.2.5.3 Defaults and nudges 79</p> <p>3.2.5.4 The default to intentionality 79</p> <p>3.2.5.5 The affect heuristic 80</p> <p>3.2.5.6 Cognitive dissonance 81</p> <p>3.2.5.7 The risk thermostat 81</p> <p>3.3 Deception in practice 81</p> <p>3.3.1 The salesman and the scamster 82</p> <p>3.3.2 Social engineering 84</p> <p>3.3.3 Phishing 86</p> <p>3.3.4 Opsec 88</p> <p>3.3.5 Deception research 89</p> <p>3.4 Passwords 90</p> <p>3.4.1 Password recovery 92</p> <p>3.4.2 Password choice 94</p> <p>3.4.3 Difficulties with reliable password entry 94</p> <p>3.4.4 Difficulties with remembering the password 95</p> <p>3.4.4.1 Naïve choice 96</p> <p>3.4.4.2 User abilities and training 96</p> <p>3.4.4.3 Design errors 98</p> <p>3.4.4.4 Operational failures 100</p> <p>3.4.4.5 Social-engineering attacks 101</p> <p>3.4.4.6 Customer education 102</p> <p>3.4.4.7 Phishing warnings 103</p> <p>3.4.5 System issues 104</p> <p>3.4.6 Can you deny service? 105</p> <p>3.4.7 Protecting oneself or others? 105</p> <p>3.4.8 Attacks on password entry 106</p> <p>3.4.8.1 Interface design 106</p> <p>3.4.8.2 Trusted path, and bogus terminals 107</p> <p>3.4.8.3 Technical defeats of password retry counters 107</p> <p>3.4.9 Attacks on password storage 108</p> <p>3.4.9.1 One-way encryption 109</p> <p>3.4.9.2 Password cracking 109</p> <p>3.4.9.3 Remote password checking 109</p> <p>3.4.10 Absolute limits 110</p> <p>3.4.11 Using a password manager 111</p> <p>3.4.12 Will we ever get rid of passwords? 113</p> <p>3.5 CAPTCHAs 115</p> <p>3.6 Summary 116</p> <p>Research problems 117</p> <p>Further reading 118</p> <p><b>Chapter 4 Protocols 119</b></p> <p>4.1 Introduction 119</p> <p>4.2 Password eavesdropping risks 120</p> <p>4.3 Who goes there? – simple authentication 122</p> <p>4.3.1 Challenge and response 124</p> <p>4.3.2 Two-factor authentication 128</p> <p>4.3.3 The MIG-in-the-middle attack 129</p> <p>4.3.4 Reflection attacks 132</p> <p>4.4 Manipulating the message 133</p> <p>4.5 Changing the environment 134</p> <p>4.6 Chosen protocol attacks 135</p> <p>4.7 Managing encryption keys 136</p> <p>4.7.1 The resurrecting duckling 137</p> <p>4.7.2 Remote key management 137</p> <p>4.7.3 The Needham-Schroeder protocol 138</p> <p>4.7.4 Kerberos 139</p> <p>4.7.5 Practical key management 141</p> <p>4.8 Design assurance 141</p> <p>4.9 Summary 143</p> <p>Research problems 143</p> <p>Further reading 144</p> <p><b>Chapter 5 Cryptography 145</b></p> <p>5.1 Introduction 145</p> <p>5.2 Historical background 146</p> <p>5.2.1 An early stream cipher – the Vigenère 147</p> <p>5.2.2 The one-time pad 148</p> <p>5.2.3 An early block cipher – Playfair 150</p> <p>5.2.4 Hash functions 152</p> <p>5.2.5 Asymmetric primitives 154</p> <p>5.3 Security models 155</p> <p>5.3.1 Random functions – hash functions 157</p> <p>5.3.1.1 Properties 157</p> <p>5.3.1.2 The birthday theorem 158</p> <p>5.3.2 Random generators – stream ciphers 159</p> <p>5.3.3 Random permutations – block ciphers 161</p> <p>5.3.4 Public key encryption and trapdoor one-way permutations 163</p> <p>5.3.5 Digital signatures 164</p> <p>5.4 Symmetric crypto algorithms 165</p> <p>5.4.1 SP-networks 165</p> <p>5.4.1.1 Block size 166</p> <p>5.4.1.2 Number of rounds 166</p> <p>5.4.1.3 Choice of S-boxes 167</p> <p>5.4.1.4 Linear cryptanalysis 167</p> <p>5.4.1.5 Differential cryptanalysis 168</p> <p>5.4.2 The Advanced Encryption Standard (AES) 169</p> <p>5.4.3 Feistel ciphers 171</p> <p>5.4.3.1 The Luby-Rackoff result 173</p> <p>5.4.3.2 DES 173</p> <p>5.5 Modes of operation 175</p> <p>5.5.1 How not to use a block cipher 176</p> <p>5.5.2 Cipher block chaining 177</p> <p>5.5.3 Counter encryption 178</p> <p>5.5.4 Legacy stream cipher modes 178</p> <p>5.5.5 Message authentication code 179</p> <p>5.5.6 Galois counter mode 180</p> <p>5.5.7 XTS 180</p> <p>5.6 Hash functions 181</p> <p>5.6.1 Common hash functions 181</p> <p>5.6.2 Hash function applications – HMAC, commitments and updating 183</p> <p>5.7 Asymmetric crypto primitives 185</p> <p>5.7.1 Cryptography based on factoring 185</p> <p>5.7.2 Cryptography based on discrete logarithms 188</p> <p>5.7.2.1 One-way commutative encryption 189</p> <p>5.7.2.2 Diffie-Hellman key establishment 190</p> <p>5.7.2.3 ElGamal digital signature and DSA 192</p> <p>5.7.3 Elliptic curve cryptography 193</p> <p>5.7.4 Certification authorities 194</p> <p>5.7.5 TLS 195</p> <p>5.7.5.1 TLS uses 196</p> <p>5.7.5.2 TLS security 196</p> <p>5.7.5.3 TLS 1.3 197</p> <p>5.7.6 Other public-key protocols 197</p> <p>5.7.6.1 Code signing 197</p> <p>5.7.6.2 PGP/GPG 198</p> <p>5.7.6.3 QUIC 199</p> <p>5.7.7 Special-purpose primitives 199</p> <p>5.7.8 How strong are asymmetric cryptographic primitives? 200</p> <p>5.7.9 What else goes wrong 202</p> <p>5.8 Summary 203</p> <p>Research problems 204</p> <p>Further reading 204</p> <p><b>Chapter 6 Access Control 207</b></p> <p>6.1 Introduction 207</p> <p>6.2 Operating system access controls 209</p> <p>6.2.1 Groups and roles 210</p> <p>6.2.2 Access control lists 211</p> <p>6.2.3 Unix operating system security 212</p> <p>6.2.4 Capabilities 214</p> <p>6.2.5 DAC and MAC 215</p> <p>6.2.6 Apple’s macOS 217</p> <p>6.2.7 iOS 217</p> <p>6.2.8 Android 218</p> <p>6.2.9 Windows 219</p> <p>6.2.10 Middleware 222</p> <p>6.2.10.1 Database access controls 222</p> <p>6.2.10.2 Browsers 223</p> <p>6.2.11 Sandboxing 224</p> <p>6.2.12 Virtualisation 225</p> <p>6.3 Hardware protection 227</p> <p>6.3.1 Intel processors 228</p> <p>6.3.2 Arm processors 230</p> <p>6.4 What goes wrong 231</p> <p>6.4.1 Smashing the stack 232</p> <p>6.4.2 Other technical attacks 234</p> <p>6.4.3 User interface failures 236</p> <p>6.4.4 Remedies 237</p> <p>6.4.5 Environmental creep 238</p> <p>6.5 Summary 239</p> <p>Research problems 240</p> <p>Further reading 240</p> <p><b>Chapter 7 Distributed Systems 243</b></p> <p>7.1 Introduction 243</p> <p>7.2 Concurrency 244</p> <p>7.2.1 Using old data versus paying to propagate state 245</p> <p>7.2.2 Locking to prevent inconsistent updates 246</p> <p>7.2.3 The order of updates 247</p> <p>7.2.4 Deadlock 248</p> <p>7.2.5 Non-convergent state 249</p> <p>7.2.6 Secure time 250</p> <p>7.3 Fault tolerance and failure recovery 251</p> <p>7.3.1 Failure models 252</p> <p>7.3.1.1 Byzantine failure 252</p> <p>7.3.1.2 Interaction with fault tolerance 253</p> <p>7.3.2 What is resilience for? 254</p> <p>7.3.3 At what level is the redundancy? 255</p> <p>7.3.4 Service-denial attacks 257</p> <p>7.4 Naming 259</p> <p>7.4.1 The Needham naming principles 260</p> <p>7.4.2 What else goes wrong 263</p> <p>7.4.2.1 Naming and identity 264</p> <p>7.4.2.2 Cultural assumptions 265</p> <p>7.4.2.3 Semantic content of names 267</p> <p>7.4.2.4 Uniqueness of names 268</p> <p>7.4.2.5 Stability of names and addresses 269</p> <p>7.4.2.6 Restrictions on the use of names 269</p> <p>7.4.3 Types of name 270</p> <p>7.5 Summary 271</p> <p>Research problems 272</p> <p>Further reading 273</p> <p><b>Chapter 8 Economics 275</b></p> <p>8.1 Introduction 275</p> <p>8.2 Classical economics 276</p> <p>8.2.1 Monopoly 278</p> <p>8.3 Information economics 281</p> <p>8.3.1 Why information markets are different 281</p> <p>8.3.2 The value of lock-in 282</p> <p>8.3.3 Asymmetric information 284</p> <p>8.3.4 Public goods 285</p> <p>8.4 Game theory 286</p> <p>8.4.1 The prisoners’ dilemma 287</p> <p>8.4.2 Repeated and evolutionary games 288</p> <p>8.5 Auction theory 291</p> <p>8.6 The economics of security and dependability 293</p> <p>8.6.1 Why is Windows so insecure? 294</p> <p>8.6.2 Managing the patching cycle 296</p> <p>8.6.3 Structural models of attack and defence 298</p> <p>8.6.4 The economics of lock-in, tying and DRM 300</p> <p>8.6.5 Antitrust law and competition policy 302</p> <p>8.6.6 Perversely motivated guards 304</p> <p>8.6.7 Economics of privacy 305</p> <p>8.6.8 Organisations and human behaviour 307</p> <p>8.6.9 Economics of cybercrime 308</p> <p>8.7 Summary 310</p> <p>Research problems 311</p> <p>Further reading 311</p> <p><b>Part II</b></p> <p><b>Chapter 9 Multilevel Security 315</b></p> <p>9.1 Introduction 315</p> <p>9.2 What is a security policy model? 316</p> <p>9.3 Multilevel security policy 318</p> <p>9.3.1 The Anderson report 319</p> <p>9.3.2 The Bell-LaPadula model 320</p> <p>9.3.3 The standard criticisms of Bell-LaPadula 321</p> <p>9.3.4 The evolution of MLS policies 323</p> <p>9.3.5 The Biba model 325</p> <p>9.4 Historical examples of MLS systems 326</p> <p>9.4.1 SCOMP 326</p> <p>9.4.2 Data diodes 327</p> <p>9.5 MAC: from MLS to IFC and integrity 329</p> <p>9.5.1 Windows 329</p> <p>9.5.2 SELinux 330</p> <p>9.5.3 Embedded systems 330</p> <p>9.6 What goes wrong 331</p> <p>9.6.1 Composability 331</p> <p>9.6.2 The cascade problem 332</p> <p>9.6.3 Covert channels 333</p> <p>9.6.4 The threat from malware 333</p> <p>9.6.5 Polyinstantiation 334</p> <p>9.6.6 Practical problems with MLS 335</p> <p>9.7 Summary 337</p> <p>Research problems 338</p> <p>Further reading 339</p> <p><b>Chapter 10 Boundaries 341</b></p> <p>10.1 Introduction 341</p> <p>10.2 Compartmentation and the lattice model 344</p> <p>10.3 Privacy for tigers 346</p> <p>10.4 Health record privacy 349</p> <p>10.4.1 The threat model 351</p> <p>10.4.2 The BMA security policy 353</p> <p>10.4.3 First practical steps 356</p> <p>10.4.4 What actually goes wrong 357</p> <p>10.4.4.1 Emergency care 358</p> <p>10.4.4.2 Resilience 359</p> <p>10.4.4.3 Secondary uses 359</p> <p>10.4.5 Confidentiality – the future 362</p> <p>10.4.6 Ethics 365</p> <p>10.4.7 Social care and education 367</p> <p>10.4.8 The Chinese Wall 369</p> <p>10.5 Summary 371</p> <p>Research problems 372</p> <p>Further reading 373</p> <p><b>Chapter 11 Inference Control 375</b></p> <p>11.1 Introduction 375</p> <p>11.2 The early history of inference control 377</p> <p>11.2.1 The basic theory of inference control 378</p> <p>11.2.1.1 Query set size control 378</p> <p>11.2.1.2 Trackers 379</p> <p>11.2.1.3 Cell suppression 379</p> <p>11.2.1.4 Other statistical disclosure control mechanisms 380</p> <p>11.2.1.5 More sophisticated query controls 381</p> <p>11.2.1.6 Randomization 382</p> <p>11.2.2 Limits of classical statistical security 383</p> <p>11.2.3 Active attacks 384</p> <p>11.2.4 Inference control in rich medical data 385</p> <p>11.2.5 The third wave: preferences and search 388</p> <p>11.2.6 The fourth wave: location and social 389</p> <p>11.3 Differential privacy 392</p> <p>11.4 Mind the gap? 394</p> <p>11.4.1 Tactical anonymity and its problems 395</p> <p>11.4.2 Incentives 398</p> <p>11.4.3 Alternatives 399</p> <p>11.4.4 The dark side 400</p> <p>11.5 Summary 401</p> <p>Research problems 402</p> <p>Further reading 402</p> <p><b>Chapter 12 Banking and Bookkeeping 405</b></p> <p>12.1 Introduction 405</p> <p>12.2 Bookkeeping systems 406</p> <p>12.2.1 Double-entry bookkeeping 408</p> <p>12.2.2 Bookkeeping in banks 408</p> <p>12.2.3 The Clark-Wilson security policy model 410</p> <p>12.2.4 Designing internal controls 411</p> <p>12.2.5 Insider frauds 415</p> <p>12.2.6 Executive frauds 416</p> <p>12.2.6.1 The post office case 418</p> <p>12.2.6.2 Other failures 419</p> <p>12.2.6.3 Ecological validity 420</p> <p>12.2.6.4 Control tuning and corporate governance 421</p> <p>12.2.7 Finding the weak spots 422</p> <p>12.3 Interbank payment systems 424</p> <p>12.3.1 A telegraphic history of E-commerce 424</p> <p>12.3.2 SWIFT 425</p> <p>12.3.3 What goes wrong 427</p> <p>12.4 Automatic teller machines 430</p> <p>12.4.1 ATM basics 430</p> <p>12.4.2 What goes wrong 433</p> <p>12.4.3 Incentives and injustices 437</p> <p>12.5 Credit cards 438</p> <p>12.5.1 Credit card fraud 439</p> <p>12.5.2 Online card fraud 440</p> <p>12.5.3 3DS 443</p> <p>12.5.4 Fraud engines 444</p> <p>12.6 EMV payment cards 445</p> <p>12.6.1 Chip cards 445</p> <p>12.6.1.1 Static data authentication 446</p> <p>12.6.1.2 ICVVs, DDA and CDA 450</p> <p>12.6.1.3 The No-PIN attack 451</p> <p>12.6.2 The preplay attack 452</p> <p>12.6.3 Contactless 454</p> <p>12.7 Online banking 457</p> <p>12.7.1 Phishing 457</p> <p>12.7.2 CAP 458</p> <p>12.7.3 Banking malware 459</p> <p>12.7.4 Phones as second factors 459</p> <p>12.7.5 Liability 461</p> <p>12.7.6 Authorised push payment fraud 462</p> <p>12.8 Nonbank payments 463</p> <p>12.8.1 M-Pesa 463</p> <p>12.8.2 Other phone payment systems 464</p> <p>12.8.3 Sofort, and open banking 465</p> <p>12.9 Summary 466</p> <p>Research problems 466</p> <p>Further reading 468</p> <p><b>Chapter 13 Locks and Alarms 471</b></p> <p>13.1 Introduction 471</p> <p>13.2 Threats and barriers 472</p> <p>13.2.1 Threat model 473</p> <p>13.2.2 Deterrence 474</p> <p>13.2.3 Walls and barriers 476</p> <p>13.2.4 Mechanical locks 478</p> <p>13.2.5 Electronic locks 482</p> <p>13.3 Alarms 484</p> <p>13.3.1 How not to protect a painting 485</p> <p>13.3.2 Sensor defeats 486</p> <p>13.3.3 Feature interactions 488</p> <p>13.3.4 Attacks on communications 489</p> <p>13.3.5 Lessons learned 493</p> <p>13.4 Summary 494</p> <p>Research problems 495</p> <p>Further reading 495</p> <p><b>Chapter 14 Monitoring and Metering 497</b></p> <p>14.1 Introduction 497</p> <p>14.2 Prepayment tokens 498</p> <p>14.2.1 Utility metering 499</p> <p>14.2.2 How the STS system works 501</p> <p>14.2.3 What goes wrong 502</p> <p>14.2.4 Smart meters and smart grids 504</p> <p>14.2.5 Ticketing fraud 508</p> <p>14.3 Taxi meters, tachographs and truck speed limiters 509</p> <p>14.3.1 The tachograph 509</p> <p>14.3.2 What goes wrong 511</p> <p>14.3.2.1 How most tachograph manipulation is done 511</p> <p>14.3.2.2 Tampering with the supply 512</p> <p>14.3.2.3 Tampering with the instrument 512</p> <p>14.3.2.4 High-tech attacks 513</p> <p>14.3.3 Digital tachographs 514</p> <p>14.3.3.1 System-level problems 515</p> <p>14.3.3.2 Other problems 516</p> <p>14.3.4 Sensor defeats and third-generation devices 518</p> <p>14.3.5 The fourth generation – smart tachographs 518</p> <p>14.4 Curfew tags: GPS as policeman 519</p> <p>14.5 Postage meters 522</p> <p>14.6 Summary 526</p> <p>Research problems 527</p> <p>Further reading 527</p> <p><b>Chapter 15 Nuclear Command and Control 529</b></p> <p>15.1 Introduction 529</p> <p>15.2 The evolution of command and control 532</p> <p>15.2.1 The Kennedy memorandum 532</p> <p>15.2.2 Authorization, environment, intent 534</p> <p>15.3 Unconditionally secure authentication 534</p> <p>15.4 Shared control schemes 536</p> <p>15.5 Tamper resistance and PALs 538</p> <p>15.6 Treaty verification 540</p> <p>15.7 What goes wrong 541</p> <p>15.7.1 Nuclear accidents 541</p> <p>15.7.2 Interaction with cyberwar 542</p> <p>15.7.3 Technical failures 543</p> <p>15.8 Secrecy or openness? 544</p> <p>15.9 Summary 545</p> <p>Research problems 546</p> <p>Further reading 546</p> <p><b>Chapter 16 Security Printing and Seals 549</b></p> <p>16.1 Introduction 549</p> <p>16.2 History 550</p> <p>16.3 Security printing 551</p> <p>16.3.1 Threat model 552</p> <p>16.3.2 Security printing techniques 553</p> <p>16.4 Packaging and seals 557</p> <p>16.4.1 Substrate properties 558</p> <p>16.4.2 The problems of glue 558</p> <p>16.4.3 PIN mailers 559</p> <p>16.5 Systemic vulnerabilities 560</p> <p>16.5.1 Peculiarities of the threat model 562</p> <p>16.5.2 Anti-gundecking measures 563</p> <p>16.5.3 The effect of random failure 564</p> <p>16.5.4 Materials control 564</p> <p>16.5.5 Not protecting the right things 565</p> <p>16.5.6 The cost and nature of inspection 566</p> <p>16.6 Evaluation methodology 567</p> <p>16.7 Summary 569</p> <p>Research problems 569</p> <p>Further reading 570</p> <p><b>Chapter 17 Biometrics 571</b></p> <p>17.1 Introduction 571</p> <p>17.2 Handwritten signatures 572</p> <p>17.3 Face recognition 575</p> <p>17.4 Fingerprints 579</p> <p>17.4.1 Verifying positive or negative identity claims 581</p> <p>17.4.2 Crime scene forensics 584</p> <p>17.5 Iris codes 588</p> <p>17.6 Voice recognition and morphing 590</p> <p>17.7 Other systems 591</p> <p>17.8 What goes wrong 593</p> <p>17.9 Summary 596</p> <p>Research problems 597</p> <p>Further reading 597</p> <p><b>Chapter 18 Tamper Resistance 599</b></p> <p>18.1 Introduction 599</p> <p>18.2 History 601</p> <p>18.3 Hardware security modules 601</p> <p>18.4 Evaluation 607</p> <p>18.5 Smartcards and other security chips 609</p> <p>18.5.1 History 609</p> <p>18.5.2 Architecture 610</p> <p>18.5.3 Security evolution 611</p> <p>18.5.4 Random number generators and PUFs 621</p> <p>18.5.5 Larger chips 624</p> <p>18.5.6 The state of the art 628</p> <p>18.6 The residual risk 630</p> <p>18.6.1 The trusted interface problem 630</p> <p>18.6.2 Conflicts 631</p> <p>18.6.3 The lemons market, risk dumping and evaluation games 632</p> <p>18.6.4 Security-by-obscurity 632</p> <p>18.6.5 Changing environments 633</p> <p>18.7 So what should one protect? 634</p> <p>18.8 Summary 636</p> <p>Research problems 636</p> <p>Further reading 636</p> <p><b>Chapter 19 Side Channels 639</b></p> <p>19.1 Introduction 639</p> <p>19.2 Emission security 640</p> <p>19.2.1 History 641</p> <p>19.2.2 Technical surveillance and countermeasures 642</p> <p>19.3 Passive attacks 645</p> <p>19.3.1 Leakage through power and signal cables 645</p> <p>19.3.2 Leakage through RF signals 645</p> <p>19.3.3 What goes wrong 649</p> <p>19.4 Attacks between and within computers 650</p> <p>19.4.1 Timing analysis 651</p> <p>19.4.2 Power analysis 652</p> <p>19.4.3 Glitching and differential fault analysis 655</p> <p>19.4.4 Rowhammer, CLKscrew and Plundervolt 656</p> <p>19.4.5 Meltdown, Spectre and other enclave side channels 657</p> <p>19.5 Environmental side channels 659</p> <p>19.5.1 Acoustic side channels 659</p> <p>19.5.2 Optical side channels 661</p> <p>19.5.3 Other side-channels 661</p> <p>19.6 Social side channels 663</p> <p>19.7 Summary 663</p> <p>Research problems 664</p> <p>Further reading 664</p> <p><b>Chapter 20 Advanced Cryptographic Engineering 667</b></p> <p>20.1 Introduction 667</p> <p>20.2 Full-disk encryption 668</p> <p>20.3 Signal 670</p> <p>20.4 Tor 674</p> <p>20.5 HSMs 677</p> <p>20.5.1 The xor-to-null-key attack 677</p> <p>20.5.2 Attacks using backwards compatibility and time-memory tradeoffs 678</p> <p>20.5.3 Differential protocol attacks 679</p> <p>20.5.4 The EMV attack 681</p> <p>20.5.5 Hacking the HSMs in CAs and clouds 681</p> <p>20.5.6 Managing HSM risks 681</p> <p>20.6 Enclaves 682</p> <p>20.7 Blockchains 685</p> <p>20.7.1 Wallets 688</p> <p>20.7.2 Miners 689</p> <p>20.7.3 Smart contracts 689</p> <p>20.7.4 Off-chain payment mechanisms 691</p> <p>20.7.5 Exchanges, cryptocrime and regulation 692</p> <p>20.7.6 Permissioned blockchains 695</p> <p>20.8 Crypto dreams that failed 695</p> <p>20.9 Summary 696</p> <p>Research problems 698</p> <p>Further reading 698</p> <p><b>Chapter 21 Network Attack and Defence 699</b></p> <p>21.1 Introduction 699</p> <p>21.2 Network protocols and service denial 701</p> <p>21.2.1 BGP security 701</p> <p>21.2.2 DNS security 703</p> <p>21.2.3 UDP, TCP, SYN floods and SYN reflection 704</p> <p>21.2.4 Other amplifiers 705</p> <p>21.2.5 Other denial-of-service attacks 706</p> <p>21.2.6 Email – from spies to spammers 706</p> <p>21.3 The malware menagerie – Trojans, worms and RATs 708</p> <p>21.3.1 Early history of malware 709</p> <p>21.3.2 The Internet worm 710</p> <p>21.3.3 Further malware evolution 711</p> <p>21.3.4 How malware works 713</p> <p>21.3.5 Countermeasures 714</p> <p>21.4 Defense against network attack 715</p> <p>21.4.1 Filtering: firewalls, censorware and wiretaps 717</p> <p>21.4.1.1 Packet filtering 718</p> <p>21.4.1.2 Circuit gateways 718</p> <p>21.4.1.3 Application proxies 719</p> <p>21.4.1.4 Ingress versus egress filtering 719</p> <p>21.4.1.5 Architecture 720</p> <p>21.4.2 Intrusion detection 722</p> <p>21.4.2.1 Types of intrusion detection 722</p> <p>21.4.2.2 General limitations of intrusion detection 724</p> <p>21.4.2.3 Specific problems detecting network attacks 724</p> <p>21.5 Cryptography: the ragged boundary 725</p> <p>21.5.1 SSH 726</p> <p>21.5.2 Wireless networking at the periphery 727</p> <p>21.5.2.1 WiFi 727</p> <p>21.5.2.2 Bluetooth 728</p> <p>21.5.2.3 HomePlug 729</p> <p>21.5.2.4 VPNs 729</p> <p>21.6 CAs and PKI 730</p> <p>21.7 Topology 733</p> <p>21.8 Summary 734</p> <p>Research problems 734</p> <p>Further reading 735</p> <p><b>Chapter 22 Phones 737</b></p> <p>22.1 Introduction 737</p> <p>22.2 Attacks on phone networks 738</p> <p>22.2.1 Attacks on phone-call metering 739</p> <p>22.2.2 Attacks on signaling 742</p> <p>22.2.3 Attacks on switching and configuration 743</p> <p>22.2.4 Insecure end systems 745</p> <p>22.2.5 Feature interaction 746</p> <p>22.2.6 VOIP 747</p> <p>22.2.7 Frauds by phone companies 748</p> <p>22.2.8 Security economics of telecomms 749</p> <p>22.3 Going mobile 750</p> <p>22.3.1 GSM 751</p> <p>22.3.2 3G 755</p> <p>22.3.3 4G 757</p> <p>22.3.4 5G and beyond 758</p> <p>22.3.5 General MNO failings 760</p> <p>22.4 Platform security 761</p> <p>22.4.1 The Android app ecosystem 763</p> <p>22.4.1.1 App markets and developers 764</p> <p>22.4.1.2 Bad Android implementations 764</p> <p>22.4.1.3 Permissions 766</p> <p>22.4.1.4 Android malware 767</p> <p>22.4.1.5 Ads and third-party services 768</p> <p>22.4.1.6 Pre-installed apps 770</p> <p>22.4.2 Apple’s app ecosystem 770</p> <p>22.4.3 Cross-cutting issues 774</p> <p>22.5 Summary 775</p> <p>Research problems 776</p> <p>Further reading 776</p> <p><b>Chapter 23 Electronic and Information Warfare 777</b></p> <p>23.1 Introduction 777</p> <p>23.2 Basics 778</p> <p>23.3 Communications systems 779</p> <p>23.3.1 Signals intelligence techniques 781</p> <p>23.3.2 Attacks on communications 784</p> <p>23.3.3 Protection techniques 785</p> <p>23.3.3.1 Frequency hopping 786</p> <p>23.3.3.2 DSSS 787</p> <p>23.3.3.3 Burst communications 788</p> <p>23.3.3.4 Combining covertness and jam resistance 789</p> <p>23.3.4 Interaction between civil and military uses 790</p> <p>23.4 Surveillance and target acquisition 791</p> <p>23.4.1 Types of radar 792</p> <p>23.4.2 Jamming techniques 793</p> <p>23.4.3 Advanced radars and countermeasures 795</p> <p>23.4.4 Other sensors and multisensor issues 796</p> <p>23.5 IFF systems 797</p> <p>23.6 Improvised explosive devices 800</p> <p>23.7 Directed energy weapons 802</p> <p>23.8 Information warfare 803</p> <p>23.8.1 Attacks on control systems 805</p> <p>23.8.2 Attacks on other infrastructure 808</p> <p>23.8.3 Attacks on elections and political stability 809</p> <p>23.8.4 Doctrine 811</p> <p>23.9 Summary 812</p> <p>Research problems 813</p> <p>Further reading 813</p> <p><b>Chapter 24 Copyright and DRM 815</b></p> <p>24.1 Introduction 815</p> <p>24.2 Copyright 817</p> <p>24.2.1 Software 817</p> <p>24.2.2 Free software, free culture? 823</p> <p>24.2.3 Books and music 827</p> <p>24.2.4 Video and pay-TV 828</p> <p>24.2.4.1 Typical system architecture 829</p> <p>24.2.4.2 Video scrambling techniques 830</p> <p>24.2.4.3 Attacks on hybrid scrambling systems 832</p> <p>24.2.4.4 DVB 836</p> <p>24.2.5 DVD 837</p> <p>24.3 DRM on general-purpose computers 838</p> <p>24.3.1 Windows media rights management 839</p> <p>24.3.2 FairPlay, HTML5 and other DRM systems 840</p> <p>24.3.3 Software obfuscation 841</p> <p>24.3.4 Gaming, cheating, and DRM 843</p> <p>24.3.5 Peer-to-peer systems 845</p> <p>24.3.6 Managing hardware design rights 847</p> <p>24.4 Information hiding 848</p> <p>24.4.1 Watermarks and copy generation management 849</p> <p>24.4.2 General information hiding techniques 849</p> <p>24.4.3 Attacks on copyright marking schemes 851</p> <p>24.5 Policy 854</p> <p>24.5.1 The IP lobby 857</p> <p>24.5.2 Who benefits? 859</p> <p>24.6 Accessory control 860</p> <p>24.7 Summary 862</p> <p>Research problems 862</p> <p>Further reading 863</p> <p><b>Chapter 25 New Directions? 865</b></p> <p>25.1 Introduction 865</p> <p>25.2 Autonomous and remotely-piloted vehicles 866</p> <p>25.2.1 Drones 866</p> <p>25.2.2 Self-driving cars 867</p> <p>25.2.3 The levels and limits of automation 869</p> <p>25.2.4 How to hack a self-driving car 872</p> <p>25.3 AI / ML 874</p> <p>25.3.1 ML and security 875</p> <p>25.3.2 Attacks on ML systems 876</p> <p>25.3.3 ML and society 879</p> <p>25.4 PETS and operational security 882</p> <p>25.4.1 Anonymous messaging devices 885</p> <p>25.4.2 Social support 887</p> <p>25.4.3 Living off the land 890</p> <p>25.4.4 Putting it all together 891</p> <p>25.4.5 The name’s Bond. James Bond 893</p> <p>25.5 Elections 895</p> <p>25.5.1 The history of voting machines 896</p> <p>25.5.2 Hanging chads 896</p> <p>25.5.3 Optical scan 898</p> <p>25.5.4 Software independence 899</p> <p>25.5.5 Why electronic elections are hard 900</p> <p>25.6 Summary 904</p> <p>Research problems 904</p> <p>Further reading 905</p> <p><b>Part III</b></p> <p><b>Chapter 26 Surveillance or Privacy? 909</b></p> <p>26.1 Introduction 909</p> <p>26.2 Surveillance 912</p> <p>26.2.1 The history of government wiretapping 912</p> <p>26.2.2 Call data records (CDRs) 916</p> <p>26.2.3 Search terms and location data 919</p> <p>26.2.4 Algorithmic processing 920</p> <p>26.2.5 ISPs and CSPs 921</p> <p>26.2.6 The Five Eyes’ system of systems 922</p> <p>26.2.7 The crypto wars 925</p> <p>26.2.7.1 The back story to crypto policy 926</p> <p>26.2.7.2 DES and crypto research 927</p> <p>26.2.7.3 CryptoWar 1 – the Clipper chip 928</p> <p>26.2.7.4 CryptoWar 2 – going spotty 931</p> <p>26.2.8 Export control 934</p> <p>26.3 Terrorism 936</p> <p>26.3.1 Causes of political violence 936</p> <p>26.3.2 The psychology of political violence 937</p> <p>26.3.3 The role of institutions 938</p> <p>26.3.4 The democratic response 940</p> <p>26.4 Censorship 941</p> <p>26.4.1 Censorship by authoritarian regimes 942</p> <p>26.4.2 Filtering, hate speech and radicalisation 944</p> <p>26.5 Forensics and rules of evidence 948</p> <p>26.5.1 Forensics 948</p> <p>26.5.2 Admissibility of evidence 950</p> <p>26.5.3 What goes wrong 951</p> <p>26.6 Privacy and data protection 953</p> <p>26.6.1 European data protection 953</p> <p>26.6.2 Privacy regulation in the USA 956</p> <p>26.6.3 Fragmentation? 958</p> <p>26.7 Freedom of information 960</p> <p>26.8 Summary 961</p> <p>Research problems 962</p> <p>Further reading 962</p> <p><b>Chapter 27 Secure Systems Development 965</b></p> <p>27.1 Introduction 965</p> <p>27.2 Risk management 966</p> <p>27.3 Lessons from safety-critical systems 969</p> <p>27.3.1 Safety engineering methodologies 970</p> <p>27.3.2 Hazard analysis 971</p> <p>27.3.3 Fault trees and threat trees 971</p> <p>27.3.4 Failure modes and effects analysis 972</p> <p>27.3.5 Threat modelling 973</p> <p>27.3.6 Quantifying risks 975</p> <p>27.4 Prioritising protection goals 978</p> <p>27.5 Methodology 980</p> <p>27.5.1 Top-down design 981</p> <p>27.5.2 Iterative design: from spiral to agile 983</p> <p>27.5.3 The secure development lifecycle 985</p> <p>27.5.4 Gated development 987</p> <p>27.5.5 Software as a Service 988</p> <p>27.5.6 From DevOps to DevSecOps 991</p> <p>27.5.6.1 The Azure ecosystem 991</p> <p>27.5.6.2 The Google ecosystem 992</p> <p>27.5.6.3 Creating a learning system 994</p> <p>27.5.7 The vulnerability cycle 995</p> <p>27.5.7.1 The CVE system 997</p> <p>27.5.7.2 Coordinated disclosure 998</p> <p>27.5.7.3 Security incident and event management 999</p> <p>27.5.8 Organizational mismanagement of risk 1000</p> <p>27.6 Managing the team 1004</p> <p>27.6.1 Elite engineers 1004</p> <p>27.6.2 Diversity 1005</p> <p>27.6.3 Nurturing skills and attitudes 1007</p> <p>27.6.4 Emergent properties 1008</p> <p>27.6.5 Evolving your workflow 1008</p> <p>27.6.6 And finally… 1010</p> <p>27.7 Summary 1010</p> <p>Research problems 1011</p> <p>Further reading 1012</p> <p><b>Chapter 28 Assurance and Sustainability 1015</b></p> <p>28.1 Introduction 1015</p> <p>28.2 Evaluation 1018</p> <p>28.2.1 Alarms and locks 1019</p> <p>28.2.2 Safety evaluation regimes 1019</p> <p>28.2.3 Medical device safety 1020</p> <p>28.2.4 Aviation safety 1023</p> <p>28.2.5 The Orange book 1025</p> <p>28.2.6 FIPS 140 and HSMs 1026</p> <p>28.2.7 The common criteria 1026</p> <p>28.2.7.1 The gory details 1027</p> <p>28.2.7.2 What goes wrong with the Common Criteria 1029</p> <p>28.2.7.3 Collaborative protection profiles 1031</p> <p>28.2.8 The ‘Principle of Maximum Complacency’ 1032</p> <p>28.2.9 Next steps 1034</p> <p>28.3 Metrics and dynamics of dependability 1036</p> <p>28.3.1 Reliability growth models 1036</p> <p>28.3.2 Hostile review 1039</p> <p>28.3.3 Free and open-source software 1040</p> <p>28.3.4 Process assurance 1042</p> <p>28.4 The entanglement of safety and security 1044</p> <p>28.4.1 The electronic safety and security of cars 1046</p> <p>28.4.2 Modernising safety and security regulation 1049</p> <p>28.4.3 The Cybersecurity Act 2019 1050</p> <p>28.5 Sustainability 1051</p> <p>28.5.1 The Sales of goods directive 1052</p> <p>28.5.2 New research directions 1053</p> <p>28.6 Summary 1056</p> <p>Research problems 1057</p> <p>Further reading 1058</p> <p><b>Chapter 29 Beyond “Computer Says No” 1059</b></p> <p>Bibliography 1061</p> <p>Index 1143</p>

Autorenportrait

<p><b>ROSS ANDERSON</b> is Professor of Security Engineering at Cambridge University in England. He is widely recognized as one of the world's foremost authorities on security. In 2015 he won the Lovelace Medal, Britain's top award in computing. He is a Fellow of the Royal Society and the Royal Academy of Engineering. He is one of the pioneers of the economics of information security, peer-to-peer systems, API analysis and hardware security. Over the past 40 years, he has also worked or consulted for most of the tech majors.

Back cover copy

<p><b>The classic book on designing secure systems</b> <p>In this newly revised Third Edition of <i>Security Engineering: A Guide to Building Dependable Distributed Systems</i>, celebrated security expert Ross Anderson updates his best-selling textbook to help you meet the challenges of the coming decade. <p><i>Security Engineering</i> became a classic because it covers not just the technical basics, such as cryptography, access controls and tamper-resistance, but also how they're used in real life. Real-world case studies – of the security of payment systems, military systems, the phone app ecosystems and now self-driving cars – demonstrate how to use security technology in practice, and what can go wrong. <p>Filled with actionable advice and the latest research, this Third Edition brings a classic book up to date with the modern world of smartphones, cloud computing and AI. As everything gets connected to the Internet, security engineering has come to require inter-disciplinary expertise, ranging from physics to psychology and applied economics. <i>Security Engineering</i> is the only textbook on the market to explain all these aspects of protecting real systems, while still remaining easily accessible. <p>Perfect for computer science students and practicing cybersecurity professionals, as well as systems engineers of all sorts, this latest edition of Security Engineering also belongs on the bookshelves of candidates for professional certification such as CISSP. <p>You'll learn what makes a system secure and reliable and what can render it vulnerable, from phones and laptops through cars and payment terminals to cloud services and corporate networks. You'll find: <ul> <li><b>The basics: cryptography, protocols, access controls and usability</b></li> <li><b>The attacks: phishing, software exploits and the cybercrime ecosystem</b></li> <li><b>The responses: biometrics, smartcards, enclaves, app stores and the patch cycle</b></li> <li><b>The psychology of security: what makes security hard for users and engineers</b></li> <li><b>The economics of security: how large systems fail, and what to do about it</b></li> <li><b>The big policy questions: from surveillance through censorship to sustainability</b></li> </ul> <p><i>Security Engineering</i> is the book that created the discipline. It will continue to define the discipline for the 2020s and beyond.

Country of final manufacture

US

Diese Produkte könnten Sie auch interessieren:

Symbian OS Explained
Symbian OS Explained
von: Jo Stichbury
PDF ebook
32,99 €
Symbian OS Internals
Symbian OS Internals
von: Jane Sales
PDF ebook
56,99 €
Parallel Combinatorial Optimization
Parallel Combinatorial Optimization
von: El-Ghazali Talbi
PDF ebook
120,99 €