[*Cipher* is at http://www.ieee-security.org/cipher.html
   It is published 6 times per year]

            Security Engineering: A Guide to Building
             Dependable Distributed Systems by Ross Anderson
  		    Book Review By Sven Dietrich

Wiley Publishing 2020, ISBN ISBN-13: ISBN: 978-1-119-64278-7 (Hardcover)
1232 pages, Third Edition

We live amid constant reminders in real life about what could have been done
better from a computer security perspective.  When something goes wrong, we
find it is a protocol that is exhibiting an exploitable vulnerability, or a
software repository that has been infiltrated with code containing a
vulnerability, or a critical infrastructure system held for ransom. One
wonders what design principles the system authors and builders had
considered to mitigate any compromises or to allow them to continue to
function in the presence of those compromises. How can we engineer those
solutions, how can we build better systems: more secure, more dependable?
One book attempts to provide this background.

At over 1200 pages, Ross Anderson's third edition of 'Security Engineering:
A Guide to Building Dependable Distributed Systems' is a large update after
the first edition in 2001 and the second edition in 2008. This is a
comprehensive book on security engineering, providing anywhere from an
introduction to the various subfields of computer and network security to
considerations necessary to building secure and resilient real-world
systems, and all the way to identifying research problems that remain to be
addressed for the topics in each chapter.

The book is divided into three parts, with a total of 29 chapters, and
contains an extensive bibliography. The first part covers the basics, the
second part looks at applications of secure systems, and the third part
broadly discusses politics, management, and assurance. Each chapter covers
several themed subsections, followed by a chapter summary, a set of research
problems, and further reading. The chapters read well and flow easily within
themselves as well as from one chapter to the next. While it is a a
descriptive treatise, not a rigorous mathematical treatment of the various
subjects, nonetheless occasional mathematical formulas or charts will pop up
inline to illustrate the broad concepts brought forth and to whet the
reader's appetite to seek out the original research paper or other
references cited.

The first part spans 8 chapters that quickly set the stage for Ross
Anderson's approach to the subject matter: 'What is Security Engineering?',
'Who is the Opponent?', 'Psychology and Usability', 'Protocols',
'Cryptography', 'Access Control', 'Distributed Systems', and last but not
least 'Economics'. The reader learns about what it means to deal with
adversity in the 2020s, identifying the threat models, the pitfalls, and the
consequences of not getting security right. The big impact here is from the
author's contribution to the security field, the systems view, the
psychology and usability aspects, as well as the economics aspects, topics
for which the author has organized (or otherwise contributed to) workshops
and conferences.

The second part discusses real-world applications of secure systems,
covering many decades of security work, from the early days of 'Multilevel
Security' and 'Nuclear Command and Control', to 'Advanced Cryptographic
Engineering', 'Biometrics' and 'Tamper Resistance' as well as Digital Rights
Management in 'Copyright and DRM', to 'Network Attack and Defence',
'Phones', 'Locks and Alarms', just to mention some of the 16 chapters in
here. This part is wrapped up with thoughts on 'New Directions' in the
field, talking among others about the combination of Machine Learning,
Artificial Intelligence and Security and what it means for both attacker and
defender sides.

The third part covers politics, management, and assurance in four
chapters. Here the reader learns about 'Surveillance or Privacy', 'Secure
Systems Development', 'Assurance and Sustainability'.  Controversial topics
of surveillance versus privacy are brought up in the context of political
and technological settings that have affected Internet users for many years,
including wiretapping and censorship. Risk quantification and DevSecOps are
brought into the picture here as well. This part wraps up with 'Beyond
"Computer Says No"', reminding us what Ross Anderson has told us all along
in these chapters: think about the big picture, and how does it fit in?

This is a fantastic book for organizing one's thinking about security
engineering and design. The reader how all the facets fit together in the
real world through both scientific references and anecdotes from the last
few decades. The depth is provided, should the reader care to delve deeper,
through an absolutely impressive bibliography of close to 2100 entries. The
narrative is easy to follow throughout the book, whether the reader is
learning about DDoS attacks (always close to my heart), espionage (Snowden's
surveillance revelations, for example), security protocol failures,
financial transaction protocols, mobile phone security, electronic voting
security (very relevant in the last few years), security printing, covert
channels, DNS security, deception, or ransomware, among others.

The breadth of the topics covered provides a good perspective for
appreciating the impact that good (secure?) design can have on real-world
systems that surround us. That is even more so relevant now that the
Internet has invaded, uh, permeated our homes with Internet-of-Things
devices that make our lives more Internet-centric with all the advantages
and risks that come with it.

The accessible style of this book and, most importantly, the relevant
context of the discussed secure systems, make for one pleasurable
reading. While it could be considered a very comprehensive introduction to
the idea of security engineering, there are enough timely and
thought-provoking musings to keep more advanced readers interested in
seeking out the scientific articles providing the adequate depth, hindsight,
and foresight. This book is a must-have if security engineering is your
intended field or connected to your field.

Ross Anderson did a great job of producing the third edition of 'Security
Engineering: A Guide to Building Dependable Distributed Systems' in 2020, a
book intended to last for many years. He is a well-known expert in the
security field and this overarching treatise makes for one impressive (and
heavy!) book. The book is a welcome addition to my bookshelf, to be used as
a reference or even textbook in the years to come.

  Sven Dietrich reviews technology and security books for IEEE Cipher. He
  welcomes your thoughts at spock at ieee dot org.]

By admin