[ISN] REVIEW: "Security Engineering", Ross Anderson

From: InfoSec News (isnat_private)
Date: Tue Nov 19 2002 - 23:59:51 PST

  • Next message: InfoSec News: "[ISN] Microsoft issues patch for serious security hole"

    Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private>
    BKSECENG.RVW   20021015
    [ http://www.amazon.com/exec/obidos/ASIN/0471389226/c4iorg  - WK]
    "Security Engineering", Ross Anderson, 2001, 0-471-38922-6, U$65.00
    %A   Ross Anderson ross.andersonat_private rja14at_private
    %C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
    %D   2001
    %G   0-471-38922-6
    %I   John Wiley & Sons, Inc.
    %O   U$65.00 416-236-4433 fax: 416-236-4448
    %P   612 p.
    %T   "Security Engineering: A Guide to Building Dependable Distributed
    The preface states that this book is intended as a text for self-study
    or for a one term course, a reference for professionals, an
    introduction to the underlying concepts, and an original scientific
    contribution in terms of the foundational principles for security
    engineering.  A very tall order to promise, but one which, for once,
    seems to have been fulfilled.  I have often been asked, in regard to
    these reviews, whether there are, in fact, any books that I like. 
    Well, I like this one.  If you are involved with security and you
    haven't read it, you should.
    Part one deals with the basic concepts of engineering and security. 
    Chapter one presents four example situations of security needs. 
    Protocols are not limited to the precise but limited structures
    computer people are familiar with.  A set of more conceptual, but more
    formal, authentication problems and protocols are advanced in chapter
    two.  It is unlikely that the models presented exhaust the field, but
    some thought indicates that they are applicable to a wide variety of
    applications.  (Anderson's writing is clear enough, but he does betray
    a taste for symbolic logic that might limit the audience for the book. 
    Still, perserverence on the part of the reader will be amply
    rewarded.)  Much the usual thoughts and advice on passwords is issued
    in chapter three, although the research is better documented, and some
    additional research (passphrase generated passwords are as secure as
    randomly assigned ones, and as memorable as naively chosen ones) is
    presented.  It is strange not to see any mention of the work factor of
    passwords overall.  Chapter four reviews access control, but primarily
    from the perspective of system and hardware internals.  Cryptography,
    in chapter five, is covered reliably and well, although Anderson does
    not work overly hard to make the material easy to follow.  The
    problems of distributed systems are examined; in terms of concurrency,
    failure resistance, and naming; in chapter six.
    Part two uses a number of applications of secure systems to introduce
    particular concepts or technologies.  Chapter seven discusses multi-
    level security, which encompasses most of the formal security models
    such as Bell-LaPadula.  Medical (and census) databases are used, in
    chapter eight, as examples of multilateral, or compartmented,
    security: the need to deal with information of equal sensitivity, but
    restricted to different groups.  There is good discussion of inference
    and aggregation problems.  Integrity controls, particularly related to
    the banking system and fraud, are presented in chapter nine, although
    the material is long on anecdotes, and contains weaker analysis than
    the preceding text.  Chapter ten reviews monitoring systems, of both
    monitoring and metering types.  In regard to nuclear command and
    control systems, chapter eleven examines the tension between
    availability (the ability to fire a missile) and confidentiality (or
    authentication: making sure nobody else does).  Various aspects of the
    technology for security printing and seals is dealt with in chapter
    twelve.  Biometrics, in chapter thirteen, gets a good, but fairly
    standard, treatment.  Chapter fourteen delves into tamper-resistance
    in cryptographic gear and smartcards.  The TEMPEST and Teapot (no, I'm
    not kidding) projects on emission security are reviewed in chapter
    fifteen.  There is good coverage of the basics of traditional
    electronic warfare in chapter sixteen, although the material on
    information warfare is not as thorough.  Chapter seventeen looks at
    telecommunications system security, with some material on phone
    phreaking and lots on cellular encryption.  Network attack and
    defense, in chapter eighteen, is less focussed than other chapters,
    and adds malware.  (There is an odd, and unexplained, assertion that
    malware would formerly have merited a full chapter: In correspondence,
    Anderson has said that the new email viruses show less diversity than
    the old DOS versions.  I disagree.  But then, I would, wouldn't I? 
    :-)  The relation of types of antiviral and intrusion detection
    systems is good.  Chapter nineteen, on protecting e-commerce systems,
    has good information but mixed in a bit of a grab bag: e-commerce is
    always a bit of a fuzzy topic.  There is solid coverage of recent
    controversies in regard to copyright and privacy protection, in
    chapter twenty.
    Part three turns to politics, management, and assurance.  Chapter
    twenty one has a fascinating discussion of major issues in public
    policy.  Management issues, in chapter twenty two, are presented in an
    interesting but generic manner.  The discussion of system evaluation
    and assurance asks the usual question of how we know our systems are
    secure.  In a sense, though, the subtitle of the book is wrong: much
    of the material points out how *not* to build dependable systems, and
    chapter twenty three is a bit disheartening.  The conclusion, in
    chapter twenty four, is that we need more engineers and engineering.
    Although the material is presented in a very formal way, the writing
    is usually quite readable, and the exceptional stilted passages are
    still accessible to the determined reader.  On occasion, one could
    hope for additional explanations of some items that are mentioned
    briefly and passed over, but, by and large, one has to agree with
    Bruce Schneier's assessment, reprinted on the book jacket, that this
    is one of the most comprehensive works on security concepts that is
    available.  The constant emphasis on how security protections have
    failed can be depressing, but the examination of the errors of others
    does provide the basis for better designs in the future.
    copyright Robert M. Slade, 2002   BKSECENG.RVW   20021015
    ======================  (quote inserted randomly by Pegasus Mailer)
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    It is the test of a good religion whether you can joke about it.
                                                      - G. K. Chesterton
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Nov 20 2002 - 02:36:02 PST