Security Engineering: A Guide to Building Dependable Distributed Systems (2ed)
by Ross Anderson

Wiley 2008. ISBN 978-0-470-06852-6 . USD 56.00, USD 59.50

Reviewed by  Richard Austin   September 8, 2008 

Anderson defines security engineering as "building systems to remain dependable in the face of malice, error or mischance" (p. 3). He then spends the following 888 pages immersing the reader in just how wide the range of "systems" actually is and the multitude of ways malice, error and mischance can interact with them to produce results that were at least "unintended".

The book's breadth of coverage is impressive; ranging from the bread-and-butter subjects of security models, access control and cryptography to more exotic topics such as bank note printing and command and control of nuclear weapons.

Anderson successfully navigates the Sylla and Charybdis of mind-numbing detail and superficial treatment by clearly presenting the gist of each topic and providing extensive references (a total of 1,379 of them) for further details. An especially helpful feature is that he concludes each chapter with a "Further reading" section that points to recommended sources for more information. Many authors content themselves with a bibliography that catalogues everything anyone ever said on a subject and abandon the hapless reader to ferret out the best place to begin exploring the conversation on a particular subject so these "marked trails" for navigating the topics are much appreciated.

Structurally, the book is divided into three parts with the first covering the foundations (usability and psychology, protocols, access control, etc). Chapter 2 on "Usability and Psychology" is a particular gem as it reminds us that adversaries can "exploit psychology at least as much as technology" (p. 17) when attacking our systems. Using passwords as an example, Anderson delves deeply into why systems so often don't work as we intended when people are part of the interface.

The second part is devoted to applications of secure systems (e.g., banking and bookkeeping, security printing and seals, electronic and information warfare). Of special interest is chapter 16 on "Physical Tamper Resistance", which gives a clear presentation of how techniques such as "potting" (sealing devices in epoxy) are defeated. His descriptions of "How to hack a smartcard" are both troubling and instructive as he presents the active interplay of attack and defense in the evolution of a technology.

The concluding part is devoted to politics, management and assurance. Chapter 24 on "Terror, Justice and Freedom" is a must-read examination of how the security systems we design and deploy can impinge on our daily lives with consequences beyond their original security objectives.

Anderson's wide experience with the topics he discusses shines throughout the presentation and soundly grounds it in the real world struggle between defenders and attackers. If there is a flaw with the book, it is the lack of a good copy-editing pass that would have cleared up some distracting spelling errors and word confusions.

This is a book that belongs on your shelf and, more importantly, one you should make the time to read. It counters our growing tendency to insularity by revealing what a wide field of endeavor "security" actually is. As noted by Bruce Schneier in the foreword, Anderson (and Roger Needham) coined the phrase "programming Satan's computer" as an aphorism for the difficulties faced by security professionals in securing systems against active and innovative adversaries. Perhaps it's not going too far to call this book the "owner's manual" for Satan's computer.

Before beginning life as an itinerant university instructor and security consultant, Richard Austin was the storage network security architect for a Fortune 25 company. He welcomes your thoughts and comments at rda7838 at Kennesaw dot edu