Book: Security Engineering by Ross Anderson

Very excellent book for security geeks

Ross J. Anderson
Security Engineering: A Guide to Building Dependable Distributed Systems
Wiley, 2001
ISBN: 0-471-38922-6
$75.00 (list price, routinely discounted; available free online)
543 pages (main text)

Ross Anderson's book Security Engineering is a big and very excellent book. At least it's very excellent for any geek who has an interest in medium- and large-scale security problems. Since Bruce Schneier has praised the book, it's likely that anything I have to say will be beside the point. But I'll have a couple of things to say anyway. And I think it's also worth mentioning that the book's free availability online caused me to buy a physical copy.

When I have a particular hat on, I'm a bit of a security geek. But my experience is limited to computers and relatively small networks of them. So, while I know something about some of the subjects that Mr Anderson touches on, there are large sections that I'm not qualified to criticize. On the subjects I do know about, I learned some useful things and found nothing to complain about. On the subjects I don't know well, I learned a lot from the book. The book was published a few years ago and the security field changes quickly, but on the subjects that I'm familiar with I could find only a few unimportant facts that are no longer true.

To begin with, the book has a very broad scope. There are the chapters you'd expect on cryptography, passwords, access control, and so on. But there are also chapters on multilevel security (handling data with different security requirements on the same machine), multilateral security (preventing one user from finding out another user's data), banking, monitoring systems, nuclear command and control, security printing, tamper-resistance, project management, system evaluation, and half a dozen others. Mr Anderson's has wide experience in security and the amount of detail here is very great. He gives examples from banking, intelligence, and the military that I would have supposed were secret.

There is lots of nonsense written about security by people in marketing departments and on committees. Mr Anderson's style and candor are a delightful antidote to that. Security is a hard problem and Mr Anderson doesn't try to hide that. He does, however, always provide useful advice. Here are a couple of quotes that give some of the flavor of the book:

    But making such systems work well in real life
    is much harder than it looks. (p. 181)


    In conclusion, the main thing we did wrong
    when designing ATM security systems in the
    early to mid-1980s was to worry about
    criminals being clever; we should rather
    have worried about our customers -- the
    banks' system designers, implementers, and
    testers -- being stupid. (p. 203)

Mr Anderson delighted me by mentioning my favorite pet security observation. That's that unreliable software doesn't seem to get much more reliable over time, even as bugs are patched.

There's much in Security Engineering that's likely to be new even to quite an accomplished security geek. For example, I was genuinely surprised to read:

    I have long since given up reporting crooked
    bankers to the [U.K.] police: there has been no
    prosecution of a senior banker that anyone
    can remember. In the United States, about a
    thousand bankers at the grade of vice
    president and up get prosecuted every year,
    and over a third get jail time. This isn't a matter
    of British virtue, or American vice, but has to do
    with how the two law enforcement systems are
    organized. (p. 471)

Security really does encompass many systems.

There's a good many references forward and backward through the book and a great many numbered subdivisions. Those are both no doubt very useful to people dipping into it. They're a bit distracting when reading it through.

There are a couple of tiny editing errors. There's a quote missing from "('Quality of Service Technology is promised by Microsoft for 'the Win2K timeframe'.)" (p. 64). And "In some countries, notably Scandinavia...." is missing an "in" (p. 352).

Posted: Sat - November 4, 2006 at 05:20 PM   Main   Category: