Security Engineering
A Guide to Building Dependable Distributed Systems
3rd Edition
Published on 24. November 2020
1232 pages
978-1-119-64283-1 (ISBN)
Description
Now that there's software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic
In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.
This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability.
Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including:
* How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of Things
* Who the attackers are - from nation states and business competitors through criminal gangs to stalkers and playground bullies
* What they do - from phishing and carding through SIM swapping and software exploits to DDoS and fake news
* Security psychology, from privacy through ease-of-use to deception
* The economics of security and dependability - why companies build vulnerable systems and governments look the other way
* How dozens of industries went online - well or badly
* How to manage security and safety engineering in a world of agile development - from reliability engineering to DevSecOps
The third edition of Security Engineering ends with a grand challenge: sustainable security. As we build ever more software and connectivity into safety-critical durable goods like cars and medical devices, how do we design systems we can maintain and defend for decades? Or will everything in the world need monthly software upgrades, and become unsafe once they stop?
In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.
This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability.
Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including:
* How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of Things
* Who the attackers are - from nation states and business competitors through criminal gangs to stalkers and playground bullies
* What they do - from phishing and carding through SIM swapping and software exploits to DDoS and fake news
* Security psychology, from privacy through ease-of-use to deception
* The economics of security and dependability - why companies build vulnerable systems and governments look the other way
* How dozens of industries went online - well or badly
* How to manage security and safety engineering in a world of agile development - from reliability engineering to DevSecOps
The third edition of Security Engineering ends with a grand challenge: sustainable security. As we build ever more software and connectivity into safety-critical durable goods like cars and medical devices, how do we design systems we can maintain and defend for decades? Or will everything in the world need monthly software upgrades, and become unsafe once they stop?
More details
Other editions
Additional editions
Book
12/2020
Wiley
€72.00
Available immediately
Person
ROSS ANDERSON is Professor of Security Engineering at Cambridge University in England. He is widely recognized as one of the world's foremost authorities on security. In 2015 he won the Lovelace Medal, Britain's top award in computing. He is a Fellow of the Royal Society and the Royal Academy of Engineering. He is one of the pioneers of the economics of information security, peer-to-peer systems, API analysis and hardware security. Over the past 40 years, he has also worked or consulted for most of the tech majors.
Content
- Cover
- Title Page
- Copyright
- About the Author
- Acknowledgements
- Contents at a Glance
- Contents
- Preface to the Third Edition
- Preface to the Second Edition
- Preface to the First Edition
- For my daughter, and other lawyers.
- Foreword
- Part I
- Chapter 1 What Is Security Engineering?
- 1.1 Introduction
- 1.2 A framework
- 1.3 Example 1 - a bank
- 1.4 Example 2 - a military base
- 1.5 Example 3 - a hospital
- 1.6 Example 4 - the home
- 1.7 Definitions
- 1.8 Summary
- Chapter 2 Who Is the Opponent?
- 2.1 Introduction
- 2.2 Spies
- 2.2.1 The Five Eyes
- 2.2.1.1 Prism
- 2.2.1.2 Tempora
- 2.2.1.3 Muscular
- 2.2.1.4 Special collection
- 2.2.1.5 Bullrun and Edgehill
- 2.2.1.6 Xkeyscore
- 2.2.1.7 Longhaul
- 2.2.1.8 Quantum
- 2.2.1.9 CNE
- 2.2.1.10 The analyst's viewpoint
- 2.2.1.11 Offensive operations
- 2.2.1.12 Attack scaling
- 2.2.2 China
- 2.2.3 Russia
- 2.2.4 The rest
- 2.2.5 Attribution
- 2.3 Crooks
- 2.3.1 Criminal infrastructure
- 2.3.1.1 Botnet herders
- 2.3.1.2 Malware devs
- 2.3.1.3 Spam senders
- 2.3.1.4 Bulk account compromise
- 2.3.1.5 Targeted attackers
- 2.3.1.6 Cashout gangs
- 2.3.1.7 Ransomware
- 2.3.2 Attacks on banking and payment systems
- 2.3.3 Sectoral cybercrime ecosystems
- 2.3.4 Internal attacks
- 2.3.5 CEO crimes
- 2.3.6 Whistleblowers
- 2.4 Geeks
- 2.5 The swamp
- 2.5.1 Hacktivism and hate campaigns
- 2.5.2 Child sex abuse material
- 2.5.3 School and workplace bullying
- 2.5.4 Intimate relationship abuse
- 2.6 Summary
- Research problems
- 2.6 Further reading
- Chapter 3 Psychology and Usability
- 3.1 Introduction
- 3.2 Insights from psychology research
- 3.2.1 Cognitive psychology
- 3.2.2 Gender, diversity and interpersonal variation
- 3.2.3 Social psychology
- 3.2.3.1 Authority and its abuse
- 3.2.3.2 The bystander effect
- 3.2.4 The social-brain theory of deception
- 3.2.5 Heuristics, biases and behavioural economics
- 3.2.5.1 Prospect theory and risk misperception
- 3.2.5.2 Present bias and hyperbolic discounting
- 3.2.5.3 Defaults and nudges
- 3.2.5.4 The default to intentionality
- 3.2.5.5 The affect heuristic
- 3.2.5.6 Cognitive dissonance
- 3.2.5.7 The risk thermostat
- 3.3 Deception in practice
- 3.3.1 The salesman and the scamster
- 3.3.2 Social engineering
- 3.3.3 Phishing
- 3.3.4 Opsec
- 3.3.5 Deception research
- 3.4 Passwords
- 3.4.1 Password recovery
- 3.4.2 Password choice
- 3.4.3 Difficulties with reliable password entry
- 3.4.4 Difficulties with remembering the password
- 3.4.4.1 Naïve choice
- 3.4.4.2 User abilities and training
- 3.4.4.3 Design errors
- 3.4.4.4 Operational failures
- 3.4.4.5 Social-engineering attacks
- 3.4.4.6 Customer education
- 3.4.4.7 Phishing warnings
- 3.4.5 Systemissues
- 3.4.6 Can you deny service?
- 3.4.7 Protecting oneself or others?
- 3.4.8 Attacks on password entry
- 3.4.8.1 Interface design
- 3.4.8.2 Trusted path, and bogus terminals
- 3.4.8.3 Technical defeats of password retry counters
- 3.4.9 Attacks on password storage
- 3.4.9.1 One-way encryption
- 3.4.9.2 Password cracking
- 3.4.9.3 Remote password checking
- 3.4.10 Absolute limits
- 3.4.11 Using a passwordmanager
- 3.4.12 Will we ever get rid of passwords?
- 3.5 CAPTCHAs
- 3.6 Summary
- Research problems
- Further reading
- Chapter 4 Protocols
- 4.1 Introduction
- 4.2 Password eavesdropping risks
- 4.3 Who goes there? - simple authentication
- 4.3.1 Challenge and response
- 4.3.2 Two-factor authentication
- 4.3.3 The MIG-in-the-middle attack
- 4.3.4 Reflection attacks
- 4.4 Manipulating the message
- 4.5 Changing the environment
- 4.6 Chosen protocol attacks
- 4.7 Managing encryption keys
- 4.7.1 The resurrecting duckling
- 4.7.2 Remote key management
- 4.7.3 The Needham-Schroeder protocol
- 4.7.4 Kerberos
- 4.7.5 Practical key management
- 4.8 Design assurance
- 4.9 Summary
- Research problems
- Further reading
- Chapter 5 Cryptography
- 5.1 Introduction
- 5.2 Historical background
- 5.2.1 An early stream cipher - the Vigenère
- 5.2.2 The one-time pad
- 5.2.3 An early block cipher - Playfair
- 5.2.4 Hash functions
- 5.2.5 Asymmetric primitives
- 5.3 Security models
- 5.3.1 Random functions - hash functions
- 5.3.1.1 Properties
- 5.3.1.2 The birthday theorem
- 5.3.2 Random generators - stream ciphers
- 5.3.3 Random permutations - block ciphers
- 5.3.4 Public key encryption and trapdoor one-way permutations
- 5.4 Symmetric crypto algorithms
- 5.4.1 SP-networks
- 5.4.1.1 Block size
- 5.4.1.2 Number of rounds
- 5.4.1.3 Choice of S-boxes
- 5.4.1.4 Linear cryptanalysis
- 5.4.1.5 Differential cryptanalysis
- 5.4.2 The Advanced Encryption Standard (AES)
- 5.4.3 Feistel ciphers
- 5.4.3.1 The Luby-Rackoff result
- 5.4.3.2 DES
- 5.5 Modes of operation
- 5.5.1 How not to use a block cipher
- 5.5.2 Cipher block chaining
- 5.5.3 Counter encryption
- 5.5.4 Legacy stream cipher modes
- 5.5.5 Message authentication code
- 5.5.6 Galois counter mode
- 5.5.7 XTS
- 5.6 Hash functions
- 5.6.1 Common hash functions
- 5.6.2 Hash function applications - HMAC, commitments and updating
- 5.7 Asymmetric crypto primitives
- 5.7.1 Cryptography based on factoring
- 5.7.2 Cryptography based on discrete logarithms
- 5.7.2.1 One-way commutative encryption
- 5.7.2.2 Diffie-Hellman key establishment
- 5.7.2.3 ElGamal digital signature and DSA
- 5.7.3 Elliptic curve cryptography
- 5.7.4 Certification authorities
- 5.7.5 TLS
- 5.7.5.1 TLS uses
- 5.7.5.2 TLS security
- 5.7.5.3 TLS 1.3
- 5.7.6 Other public-key protocols
- 5.7.6.1 Code signing
- 5.7.6.2 PGP/GPG
- 5.7.6.3 QUIC
- 5.7.7 Special-purpose primitives
- 5.7.8 How strong are asymmetric cryptographic primitives?
- 5.7.9 What else goes wrong
- 5.8 Summary
- Research problems
- Further reading
- Chapter 6 Access Control
- 6.1 Introduction
- 6.2 Operating system access controls
- 6.2.1 Groups and roles
- 6.2.2 Access control lists
- 6.2.3 Unix operating system security
- 6.2.4 Capabilities
- 6.2.5 DAC and MAC
- 6.2.6 Apple's macOS
- 6.2.7 iOS
- 6.2.8 Android
- 6.2.9 Windows
- 6.2.10 Middleware
- 6.2.10.1 Database access controls
- 6.2.10.2 Browsers
- 6.2.11 Sandboxing
- 6.2.12 Virtualisation
- 6.3 Hardware protection
- 6.3.1 Intel processors
- 6.3.2 Arm processors
- 6.4 What goes wrong
- 6.4.1 Smashing the stack
- 6.4.2 Other technical attacks
- 6.4.3 User interface failures
- 6.4.4 Remedies
- 6.4.5 Environmental creep
- 6.5 Summary
- Research problems
- Further reading
- Chapter 7 Distributed Systems
- 7.1 Introduction
- 7.2 Concurrency
- 7.2.1 Using old data versus paying to propagate state
- 7.2.2 Locking to prevent inconsistent updates
- 7.2.3 The order of updates
- 7.2.4 Deadlock
- 7.2.5 Non-convergent state
- 7.2.6 Secure time
- 7.3 Fault tolerance and failure recovery
- 7.3.1 Failure models
- 7.3.1.1 Byzantine failure
- 7.3.1.2 Interaction with fault tolerance
- 7.3.2 What is resilience for?
- 7.3.3 At what level is the redundancy?
- 7.3.4 Service-denial attacks
- 7.4 Naming
- 7.4.1 The Needham naming principles
- 7.4.2 What else goes wrong
- 7.4.2.1 Naming and identity
- 7.4.2.2 Cultural assumptions
- 7.4.2.3 Semantic content of names
- 7.4.2.4 Uniqueness of names
- 7.4.2.5 Stability of names and addresses
- 7.4.2.6 Restrictions on the use of names
- 7.4.3 Types of name
- 7.5 Summary
- Research problems
- Further reading
- Chapter 8 Economics
- 8.1 Introduction
- 8.2 Classical economics
- 8.2.1 Monopoly
- 8.3 Information economics
- 8.3.1 Why information markets are different
- 8.3.2 The value of lock-in
- 8.3.3 Asymmetric information
- 8.3.4 Public goods
- 8.4 Game theory
- 8.4.1 The prisoners' dilemma
- 8.4.2 Repeated and evolutionary games
- 8.5 Auction theory
- 8.6 The economics of security and dependability
- 8.6.1 Why is Windows so insecure?
- 8.6.2 Managing the patching cycle
- 8.6.3 Structural models of attack and defence
- 8.6.4 The economics of lock-in, tying and DRM
- 8.6.5 Antitrust law and competition policy
- 8.6.6 Perversely motivated guards
- 8.6.7 Economics of privacy
- 8.6.8 Organisations and human behaviour
- 8.6.9 Economics of cybercrime
- 8.7 Summary
- Research problems
- Further reading
- Part II
- Chapter 9 Multilevel Security
- 9.1 Introduction
- 9.2 What is a security policy model?
- 9.3 Multilevel security policy
- 9.3.1 The Anderson report
- 9.3.2 The Bell-LaPadulamodel
- 9.3.3 The standard criticisms of Bell-LaPadula
- 9.3.4 The evolution of MLS policies
- 9.3.5 The Biba model
- 9.4 Historical examples of MLS systems
- 9.4.1 SCOMP
- 9.4.2 Data diodes
- 9.5 MAC: from MLS to IFC and integrity
- 9.5.1 Windows
- 9.5.2 SELinux
- 9.5.3 Embedded systems
- 9.6 What goes wrong
- 9.6.1 Composability
- 9.6.2 The cascade problem
- 9.6.3 Covert channels
- 9.6.4 The threat from malware
- 9.6.5 Polyinstantiation
- 9.6.6 Practical problems with MLS
- 9.7 Summary
- Research problems
- Further reading
- Chapter 10 Boundaries
- 10.1 Introduction
- 10.2 Compartmentation and the lattice model
- 10.3 Privacy for tigers
- 10.4 Health record privacy
- 10.4.1 The threat model
- 10.4.2 The BMA security policy
- 10.4.3 First practical steps
- 10.4.4 What actually goes wrong
- 10.4.4.1 Emergency care
- 10.4.4.2 Resilience
- 10.4.4.3 Secondary uses
- 10.4.5 Confidentiality - the future
- 10.4.6 Ethics
- 10.4.7 Social care and education
- 10.4.8 The Chinese Wall
- 10.5 Summary
- Research problems
- Further reading
- Chapter 11 Inference Control
- 11.1 Introduction
- 11.2 The early history of inference control
- 11.2.1 The basic theory of inference control
- 11.2.1.1 Query set size control
- 11.2.1.2 Trackers
- 11.2.1.3 Cell suppression
- 11.2.1.4 Other statistical disclosure control mechanisms
- 11.2.1.6 Randomization
- 11.2.2 Limits of classical statistical security
- 11.2.3 Active attacks
- 11.2.4 Inference control in rich medical data
- 11.2.5 The third wave: preferences and search
- 11.2.6 The fourth wave: location and social
- 11.3 Differential privacy
- 11.4 Mind the gap?
- 11.4.1 Tactical anonymity and its problems
- 11.4.2 Incentives
- 11.4.3 Alternatives
- 11.4.4 The dark side
- 11.5 Summary
- Research problems
- Further reading
- Chapter 12 Banking and Bookkeeping
- 12.1 Introduction
- 12.2 Bookkeeping systems
- 12.2.1 Double-entry bookkeeping
- 12.2.2 Bookkeeping in banks
- 12.2.3 The Clark-Wilson security policy model
- 12.2.4 Designing internal controls
- 12.2.5 Insider frauds
- 12.2.6 Executive frauds
- 12.2.6.1 The post office case
- 12.2.6.2 Other failures
- 12.2.6.3 Ecological validity
- 12.2.6.4 Control tuning and corporate governance
- 12.2.7 Finding the weak spots
- 12.3 Interbank payment systems
- 12.3.1 A telegraphic history of E-commerce
- 12.3.2 SWIFT
- 12.3.3 What goes wrong
- 12.4 Automatic teller machines
- 12.4.1 ATM basics
- 12.4.2 What goes wrong
- 12.4.3 Incentives and injustices
- 12.5 Credit cards
- 12.5.1 Credit card fraud
- 12.5.2 Online card fraud
- 12.5.3 3DS
- 12.5.4 Fraud engines
- 12.6 EMV payment cards
- 12.6.1 Chip cards
- 12.6.1.1 Static data authentication
- 12.6.1.2 ICVVs, DDA and CDA
- 12.6.1.3 The No-PIN attack
- 12.6.2 The preplay attack
- 12.6.3 Contactless
- 12.7 Online banking
- 12.7.1 Phishing
- 12.7.2 CAP
- 12.7.3 Banking malware
- 12.7.4 Phones as second factors
- 12.7.5 Liability
- 12.7.6 Authorised push payment fraud
- 12.8 Nonbank payments
- 12.8.1 M-Pesa
- 12.8.2 Other phone payment systems
- 12.8.3 Sofort, and open banking
- 12.9 Summary
- Research problems
- Further reading
- Chapter 13 Locks and Alarms
- 13.1 Introduction
- 13.2 Threats and barriers
- 13.2.1 Threat model
- 13.2.2 Deterrence
- 13.2.3 Walls and barriers
- 13.2.4 Mechanical locks
- 13.2.5 Electronic locks
- 13.3 Alarms
- 13.3.1 How not to protect a painting
- 13.3.2 Sensor defeats
- 13.3.3 Feature interactions
- 13.3.4 Attacks on communications
- 13.3.5 Lessons learned
- 13.4 Summary
- Research problems
- Further reading
- Chapter 14 Monitoring and Metering
- 14.1 Introduction
- 14.2 Prepayment tokens
- 14.2.1 Utility metering
- 14.2.2 How the STS system works
- 14.2.3 What goes wrong
- 14.2.4 Smart meters and smart grids
- 14.2.5 Ticketing fraud
- 14.3 Taxi meters, tachographs and truck speed limiters
- 14.3.1 The tachograph
- 14.3.2 What goes wrong
- 14.3.2.1 How most tachograph manipulation is done
- 14.3.2.2 Tampering with the supply
- 14.3.2.3 Tampering with the instrument
- 14.3.2.4 High-tech attacks
- 14.3.3 Digital tachographs
- 14.3.3.1 System-level problems
- 14.3.3.2 Other problems
- 14.3.4 Sensor defeats and third-generation devices
- 14.3.5 The fourth generation - smart tachographs
- 14.4 Curfew tags: GPS as policeman
- 14.5 Postage meters
- 14.6 Summary
- Research problems
- Further reading
- Chapter 15 Nuclear Command and Control
- 15.1 Introduction
- 15.2 The evolution of command and control
- 15.2.1 The Kennedy memorandum
- 15.2.2 Authorization, environment, intent
- 15.3 Unconditionally secure authentication
- 15.4 Shared control schemes
- 15.5 Tamper resistance and PALs
- 15.6 Treaty verification
- 15.7 What goes wrong
- 15.7.1 Nuclear accidents
- 15.7.2 Interaction with cyberwar
- 15.7.3 Technical failures
- 15.8 Secrecy or openness?
- 15.9 Summary
- Research problems
- Further reading
- Chapter 16 Security Printing and Seals
- 16.1 Introduction
- 16.2 History
- 16.3 Security printing
- 16.3.1 Threat model
- 16.3.2 Security printing techniques
- 16.4 Packaging and seals
- 16.4.1 Substrate properties
- 16.4.2 The problems of glue
- 16.4.3 PIN mailers
- 16.5 Systemic vulnerabilities
- 16.5.1 Peculiarities of the threat model
- 16.5.2 Anti-gundecking measures
- 16.5.3 The effect of random failure
- 16.5.4 Materials control
- 16.5.5 Not protecting the right things
- 16.5.6 The cost and nature of inspection
- 16.6 Evaluation methodology
- 16.7 Summary
- Research problems
- Further reading
- Chapter 17 Biometrics
- 17.1 Introduction
- 17.2 Handwritten signatures
- 17.3 Face recognition
- 17.4 Fingerprints
- 17.4.1 Verifying positive or negative identity claims
- 17.4.2 Crime scene forensics
- 17.5 Iris codes
- 17.6 Voice recognition and morphing
- 17.7 Other systems
- 17.8 What goes wrong
- 17.9 Summary
- Research problems
- Further reading
- Chapter 18 Tamper Resistance
- 18.1 Introduction
- 18.2 History
- 18.3 Hardware security modules
- 18.4 Evaluation
- 18.5 Smartcards and other security chips
- 18.5.1 History
- 18.5.2 Architecture
- 18.5.3 Security evolution
- 18.5.4 Random number generators and PUFs
- 18.5.5 Larger chips
- 18.5.6 The state of the art
- 18.6 The residual risk
- 18.6.1 The trusted interface problem
- 18.6.2 Conflicts
- 18.6.3 The lemons market, risk dumping and evaluation games
- 18.6.4 Security-by-obscurity
- 18.6.5 Changing environments
- 18.7 So what should one protect?
- 18.8 Summary
- Research problems
- Further reading
- Chapter 19 Side Channels
- 19.1 Introduction
- 19.2 Emission security
- 19.2.1 History
- 19.2.2 Technical surveillance and countermeasures
- 19.3 Passive attacks
- 19.3.1 Leakage through power and signal cables
- 19.3.2 Leakage through RF signals
- 19.3.3 What goes wrong
- 19.4 Attacks between and within computers
- 19.4.1 Timing analysis
- 19.4.2 Power analysis
- 19.4.3 Glitching and differential fault analysis
- 19.4.4 Rowhammer, CLKscrew and Plundervolt
- 19.4.5 Meltdown, Spectre and other enclave side channels
- 19.5 Environmental side channels
- 19.5.1 Acoustic side channels
- 19.5.2 Optical side channels
- 19.5.3 Other side-channels
- 19.6 Social side channels
- 19.7 Summary
- Research problems
- Further reading
- Chapter 20 Advanced Cryptographic Engineering
- 20.1 Introduction
- 20.2 Full-disk encryption
- 20.3 Signal
- 20.4 Tor
- 20.5 HSMs
- 20.5.1 The xor-to-null-key attack
- 20.5.2 Attacks using backwards compatibility and time-memory tradeoffs
- 20.5.3 Differential protocol attacks
- 20.5.4 The EMV attack
- 20.5.5 Hacking the HSMs in CAs and clouds
- 20.5.6 Managing HSM risks
- 20.6 Enclaves
- 20.7 Blockchains
- 20.7.1 Wallets
- 20.7.2 Miners
- 20.7.3 Smart contracts
- 20.7.4 Off-chain payment mechanisms
- 20.7.5 Exchanges, cryptocrime and regulation
- 20.7.6 Permissioned blockchains
- 20.8 Crypto dreams that failed
- 20.9 Summary
- Research problems
- Further reading
- Chapter 21 Network Attack and Defence
- 21.1 Introduction
- 21.2 Network protocols and service denial
- 21.2.1 BGP security
- 21.2.2 DNS security
- 21.2.3 UDP, TCP, SYN floods and SYN reflection
- 21.2.4 Other amplifiers
- 21.2.5 Other denial-of-service attacks
- 21.2.6 Email - fromspies to spammers
- 21.3 The malware menagerie - Trojans, worms and RATs
- 21.3.1 Early history ofmalware
- 21.3.2 The Internet worm
- 21.3.3 Further malware evolution
- 21.3.4 How malware works
- 21.3.5 Countermeasures
- 21.4 Defense against network attack
- 21.4.1 Filtering: firewalls, censorware and wiretaps
- 21.4.1.1 Packet filtering
- 21.4.1.2 Circuit gateways
- 21.4.1.3 Application proxies
- 21.4.1.4 Ingress versus egress filtering
- 21.4.1.5 Architecture
- 21.4.2 Intrusion detection
- 21.4.2.1 Types of intrusion detection
- 21.4.2.2 General limitations of intrusion detection
- 21.4.2.3 Specific problems detecting network attacks
- 21.5 Cryptography: the ragged boundary
- 21.5.1 SSH
- 21.5.2 Wireless networking at the periphery
- 21.5.2.1 WiFi
- 21.5.2.2 Bluetooth
- 21.5.2.3 HomePlug
- 21.5.2.4 VPNs
- 21.6 CAs and PKI
- 21.7 Topology
- 21.8 Summary
- Research problems
- Further reading
- Chapter 22 Phones
- 22.1 Introduction
- 22.2 Attacks on phone networks
- 22.2.1 Attacks on phone-callmetering
- 22.2.2 Attacks on signaling
- 22.2.3 Attacks on switching and configuration
- 22.2.4 Insecure end systems
- 22.2.5 Feature interaction
- 22.2.6 VOIP
- 22.2.7 Frauds by phone companies
- 22.2.8 Security economics of telecomms
- 22.3 Going mobile
- 22.3.1 GSM
- 22.3.2 3G
- 22.3.3 4G
- 22.3.4 5G and beyond
- 22.3.5 General MNO failings
- 22.4 Platform security
- 22.4.1 The Android app ecosystem
- 22.4.1.1 App markets and developers
- 22.4.1.2 Bad Android implementations
- 22.4.1.3 Permissions
- 22.4.1.4 Android malware
- 22.4.1.5 Ads and third-party services
- 22.4.1.6 Pre-installed apps
- 22.4.2 Apple's app ecosystem
- 22.4.3 Cross-cutting issues
- 22.5 Summary
- Research problems
- Further reading
- Chapter 23 Electronic and Information Warfare
- 23.1 Introduction
- 23.2 Basics
- 23.3 Communications systems
- 23.3.1 Signals intelligence techniques
- 23.3.2 Attacks on communications
- 23.3.3 Protection techniques
- 23.3.3.1 Frequency hopping
- 23.3.3.2 DSSS
- 23.3.3.3 Burst communications
- 23.3.3.4 Combining covertness and jam resistance
- 23.3.4 Interaction between civil and military uses
- 23.4 Surveillance and target acquisition
- 23.4.1 Types of radar
- 23.4.2 Jamming techniques
- 23.4.3 Advanced radars and countermeasures
- 23.4.4 Other sensors and multisensor issues
- 23.5 IFF systems
- 23.6 Improvised explosive devices
- 23.7 Directed energy weapons
- 23.8 Information warfare
- 23.8.1 Attacks on control systems
- 23.8.2 Attacks on other infrastructure
- 23.8.3 Attacks on elections and political stability
- 23.8.4 Doctrine
- 23.9 Summary
- Research problems
- Further reading
- Chapter 24 Copyright and DRM
- 24.1 Introduction
- 24.2 Copyright
- 24.2.1 Software
- 24.2.2 Free software, free culture?
- 24.2.3 Books and music
- 24.2.4 Video and pay-TV
- 24.2.4.1 Typical system architecture
- 24.2.4.2 Video scrambling techniques
- 24.2.4.3 Attacks on hybrid scrambling systems
- 24.2.4.4 DVB
- 24.2.5 DVD
- 24.3 DRM on general-purpose computers
- 24.3.1 Windows media rights management
- 24.3.2 FairPlay, HTML5 and other DRM systems
- 24.3.3 Software obfuscation
- 24.3.4 Gaming, cheating, and DRM
- 24.3.5 Peer-to-peer systems
- 24.3.6 Managing hardware design rights
- 24.4 Information hiding
- 24.4.1 Watermarks and copy generation management
- 24.4.2 General information hiding techniques
- 24.4.3 Attacks on copyright marking schemes
- 24.5 Policy
- 24.5.1 The IP lobby
- 24.5.2 Who benefits?
- 24.6 Accessory control
- 24.7 Summary
- Research problems
- Further reading
- Chapter 25 New Directions?
- 25.1 Introduction
- 25.2 Autonomous and remotely-piloted vehicles
- 25.2.1 Drones
- 25.2.2 Self-driving cars
- 25.2.3 The levels and limits of automation
- 25.2.4 How to hack a self-driving car
- 25.3 AI / ML
- 25.3.1 ML and security
- 25.3.2 Attacks on ML systems
- 25.3.3 ML and society
- 25.4 PETS and operational security
- 25.4.1 Anonymous messaging devices
- 25.4.2 Social support
- 25.4.3 Living off the land
- 25.4.4 Putting it all together
- 25.4.5 The name's Bond. James Bond
- 25.5 Elections
- 25.5.1 The history of voting machines
- 25.5.2 Hanging chads
- 25.5.3 Optical scan
- 25.5.4 Software independence
- 25.5.5 Why electronic elections are hard
- 25.6 Summary
- Research problems
- Further reading
- Part III
- Chapter 26 Surveillance or Privacy?
- 26.1 Introduction
- 26.2 Surveillance
- 26.2.1 The history of government wiretapping
- 26.2.2 Call data records (CDRs)
- 26.2.3 Search terms and location data
- 26.2.4 Algorithmic processing
- 26.2.5 ISPs and CSPs
- 26.2.6 The Five Eyes' system of systems
- 26.2.7 The crypto wars
- 26.2.7.1 The back story to crypto policy
- 26.2.7.2 DES and crypto research
- 26.2.7.3 CryptoWar 1 - the Clipper chip
- 26.2.7.4 CryptoWar 2 - going spotty
- 26.2.8 Export control
- 26.3 Terrorism
- 26.3.1 Causes of political violence
- 26.3.2 The psychology of political violence
- 26.3.3 The role of institutions
- 26.3.4 The democratic response
- 26.4 Censorship
- 26.4.1 Censorship by authoritarian regimes
- 26.4.2 Filtering, hate speech and radicalisation
- 26.5 Forensics and rules of evidence
- 26.5.1 Forensics
- 26.5.2 Admissibility of evidence
- 26.5.3 What goes wrong
- 26.6 Privacy and data protection
- 26.6.1 European data protection
- 26.6.2 Privacy regulation in the USA
- 26.6.3 Fragmentation?
- 26.7 Freedom of information
- 26.8 Summary
- Research problems
- Further reading
- Chapter 27 Secure Systems Development
- 27.1 Introduction
- 27.2 Risk management
- 27.3 Lessons from safety-critical systems
- 27.3.1 Safety engineering methodologies
- 27.3.2 Hazard analysis
- 27.3.3 Fault trees and threat trees
- 27.3.4 Failure modes and effects analysis
- 27.3.5 Threatmodelling
- 27.3.6 Quantifying risks
- 27.4 Prioritising protection goals
- 27.5 Methodology
- 27.5.1 Top-down design
- 27.5.2 Iterative design: fromspiral to agile
- 27.5.3 The secure development lifecycle
- 27.5.4 Gated development
- 27.5.5 Software as a Service
- 27.5.6 FromDevOps to DevSecOps
- 27.5.6.1 The Azure ecosystem
- 27.5.6.2 The Google ecosystem
- 27.5.6.3 Creating a learning system
- 27.5.7 The vulnerability cycle
- 27.5.7.1 The CVE system
- 27.5.7.2 Coordinated disclosure
- 27.5.7.3 Security incident and event management
- 27.5.8 Organizational mismanagement of risk
- 27.6 Managing the team
- 27.6.1 Elite engineers
- 27.6.2 Diversity
- 27.6.3 Nurturing skills and attitudes
- 27.6.4 Emergent properties
- 27.6.5 Evolving your workflow
- 27.6.6 And finally.
- 27.7 Summary
- Research problems
- Further reading
- Chapter 28 Assurance and Sustainability
- 28.1 Introduction
- 28.2 Evaluation
- 28.2.1 Alarms and locks
- 28.2.2 Safety evaluation regimes
- 28.2.3 Medical device safety
- 28.2.4 Aviation safety
- 28.2.5 The Orange book
- 28.2.6 FIPS 140 and HSMs
- 28.2.7 The common criteria
- 28.2.7.1 The gory details
- 28.2.7.2 What goes wrong with the Common Criteria
- 28.2.7.3 Collaborative protection profiles
- 28.2.8 The 'Principle of Maximum Complacency'
- 28.2.9 Next steps
- 28.3 Metrics and dynamics of dependability
- 28.3.1 Reliability growth models
- 28.3.2 Hostile review
- 28.3.3 Free and open-source software
- 28.3.4 Process assurance
- 28.4 The entanglement of safety and security
- 28.4.1 The electronic safety and security of cars
- 28.4.2 Modernising safety and security regulation
- 28.4.3 The Cybersecurity Act 2019
- 28.5 Sustainability
- 28.5.1 The Sales of goods directive
- 28.5.2 New research directions
- 28.6 Summary
- Research problems
- Further reading
- Chapter 29 Beyond "Computer Says No"
- Bibliography
- Index
- EULA
