没有合适的资源?快使用搜索试试~ 我知道了~
首页Secuirty Engineering 第1版
Secuirty Engineering 第1版
需积分: 10 16 下载量 201 浏览量
更新于2023-06-23
收藏 16.38MB PDF 举报
Secuirty Engineering 第1版,作者在自己网站上提供下载,但下载速度很慢。
资源详情
资源推荐
![](https://csdnimg.cn/release/download_crawler_static/4025730/bg1.jpg)
xix
Preface
For generations, people have defined and protected their property and their privacy
using locks, fences, signatures, seals, account books, and meters. These have been sup-
ported by a host of social constructs ranging from international treaties through na-
tional laws to manners and customs.
This is changing, and quickly. Most records are now electronic, from bank accounts
to registers of real property; and transactions are increasingly electronic, as shopping
moves to the Internet. Just as important, but less obvious, are the many everyday sys-
tems that have been quietly automated. Burglar alarms no longer wake up the neigh-
borhood, but send silent messages to the police; students no longer fill their dormitory
washers and dryers with coins, but credit them using a smartcard they recharge at the
college bookstore; locks are no longer simple mechanical affairs, but are operated by
electronic remote controls or swipe cards; and instead of renting videocassettes, mil-
lions of people get their movies from satellite or cable channels. Even the humble
banknote is no longer just ink on paper, but may contain digital watermarks that enable
many forgeries to be detected by machine.
How good is all this new security technology? Unfortunately, the honest answer is
“nowhere near as good as it should be.” New systems are often rapidly broken, and the
same elementary mistakes are repeated in one application after another. It often takes
four or five attempts to get a security design right, and that is far too many.
The media regularly report security breaches on the Internet; banks fight their cus-
tomers over “phantom withdrawals” from cash machines; VISA reports huge increases
in the number of disputed Internet credit card transactions; satellite TV companies
hound pirates who copy their smartcards; and law enforcement agencies try to stake
out territory in cyberspace with laws controlling the use of encryption. Worse still,
features interact. A mobile phone that calls the last number again if one of the keys is
pressed by accident may be just a minor nuisance—until someone invents a machine
that dispenses a can of soft drink every time its phone number is called. When all of a
sudden you find 50 cans of Coke on your phone bill, who is responsible, the phone
company, the handset manufacturer, or the vending machine operator? Once almost
every electronic device that affects your life is connected to the Internet—which Mi-
crosoft expects to happen by 2010—what does ‘Internet security’ mean to you, and
how do you cope with it?
As well as the systems that fail, many systems just don’t work well enough. Medical
record systems don’t let doctors share personal health information as they would like,
but still don’t protect it against inquisitive private eyes. Zillion-dollar military systems
prevent anyone without a “top secret” clearance from getting at intelligence data, but
are often designed so that almost everyone needs this clearance to do any work. Pas-
senger ticket systems are designed to prevent customers cheating, but when trustbust-
ers break up the railroad, they cannot stop the new rail companies cheating each other.
![](https://csdnimg.cn/release/download_crawler_static/4025730/bg2.jpg)
xx
Many of these failures could have been foreseen if designers had just a little bit more
knowledge of what had been tried, and had failed, elsewhere.
Security engineering is the new discipline that is starting to emerge out of all this
chaos.
Although most of the underlying technologies (cryptology, software reliability, tam-
per resistance, security printing, auditing, etc.) are relatively well understood, the
knowledge and experience of how to apply them effectively is much scarcer. And since
the move from mechanical to digital mechanisms is happening everywhere at once,
there just has not been time for the lessons learned to percolate through the engineering
community. Time and again, we see the same old square wheels being reinvented.
The industries that have managed the transition most capably are often those that
have been able to borrow an appropriate technology from another discipline. Examples
include the reuse of technology designed for military identify-friend-or-foe equipment
in bank cash machines and even prepayment gas meters. So even if a security designer
has serious expertise in some particular speciality—whether as a mathematician work-
ing with ciphers or a chemist developing banknote inks—it is still prudent to have an
overview of the whole subject. The essence of good security engineering is under-
standing the potential threats to a system, then applying an appropriate mix of protec-
tive measures—both technological and organizational—to control them. Knowing what
has worked, and more importantly what has failed, in other applications is a great help
in developing judgment. It can also save a lot of money.
The purpose of this book is to give a solid introduction to security engineering, as
we understand it at the beginning of the twenty-first century. My goal is that it works
at four different levels:
• As a textbook that you can read from one end to the other over a few days as
an introduction to the subject. The book is to be used mainly by the working
IT professional who needs to learn about the subject, but it can also be used in
a one-semester course in a university.
• As a reference book to which you can come for an overview of the workings of
some particular type of system. These systems include cash machines, taxi
meters, radar jammers, anonymous medical record databases, and so on.
• As an introduction to the underlying technologies, such as crypto, access con-
trol, inference control, tamper resistance, and seals. Space prevents me from
going into great depth; but I provide a basic road map for each subject, plus a
reading list for the curious (and a list of open research problems for the pro-
spective graduate student).
• As an original scientific contribution in which I have tried to draw out the
common principles that underlie security engineering, and the lessons that
people building one kind of system should have learned from others. In the
many years I have been working in security, I keep coming across these. For
example, a simple attack on stream ciphers wasn’t known to the people who
designed a common antiaircraft fire control radar so it was easy to jam; while
a trick well known to the radar community wasn’t understood by banknote
printers and people who design copyright marking schemes, which led to a
quite general attack on most digital watermarks.
![](https://csdnimg.cn/release/download_crawler_static/4025730/bg3.jpg)
xxi
I have tried to keep this book resolutely mid-Atlantic; a security engineering book
has to be, as many of the fundamental technologies are American, while many of the
interesting applications are European. (This isn’t surprising given the better funding of
U.S. universities and research labs, and the greater diversity of nations and markets in
Europe.) What’s more, many of the successful European innovations—from the smart-
card to the GSM mobile phone to the pay-per-view TV service—have crossed the At-
lantic and now thrive in the Americas. Both the science, and the case studies, are nec-
essary.
This book grew out of the security engineering courses I teach at Cambridge Univer-
sity, but I have rewritten my notes to make them self-contained and added at least as
much material again. It should be useful to the established professional security man-
ager or consultant as a first-line reference; to the computer science professor doing
research in cryptology; to the working police detective trying to figure out the latest
computer scam; and to policy wonks struggling with the conflicts involved in regulat-
ing cryptography and anonymity. Above all, it is aimed at Dilbert. My main audience
is the working programmer or engineer who is trying to design real systems that will
keep on working despite the best efforts of customers, managers, and everybody else.
This book is divided into three parts.
• The first looks at basic concepts, starting with the central concept of a security
protocol, and going on to human-computer interface issues, access controls,
cryptology, and distributed system issues. It does not assume any particular
technical background other than basic computer literacy. It is based on an In-
troduction to Security course that I teach to second-year undergraduates.
• The second part looks in much more detail at a number of important applica-
tions, such as military communications, medical record systems, cash ma-
chines, mobile phones, and pay-TV. These are used to introduce more of the
advanced technologies and concepts. It also considers information security
from the viewpoint of a number of different interest groups, such as compa-
nies, consumers, criminals, police, and spies. This material is drawn from my
senior course on security, from research work, and from experience consulting.
• The third part looks at the organizational and policy issues: how computer se-
curity interacts with law, with evidence, and with corporate politics; how we
can gain confidence that a system will perform as intended; and how the whole
business of security engineering can best be managed.
I believe that building systems that continue to perform robustly in the face of mal-
ice is one of the most important, interesting, and difficult tasks facing engineers in the
twenty-first century.
Ross Anderson
Cambridge, January 2001
![](https://csdnimg.cn/release/download_crawler_static/4025730/bg4.jpg)
xxii
About the Author
Why should I have been the person to write this book? Well, I seem to have accumu-
lated the right mix of experience and qualifications over the last 25 years. I graduated
in mathematics and natural science from Cambridge (England) in the 1970s, and got a
qualification in computer engineering; my first proper job was in avionics; and I be-
came interested in cryptology and computer security in the mid-1980s. After working
in the banking industry for several years, I started doing consultancy for companies
that designed equipment for banks, and then working on other applications of this
technology, such as prepayment electricity meters.
I moved to academia in 1992, but continued to consult to industry on security tech-
nology. During the 1990s, the number of applications that employed cryptology rose
rapidly: burglar alarms, car door locks, road toll tags, and satellite TV encryption sys-
tems all made their appearance. As the first legal disputes about these systems came
along, I was lucky enough to be an expert witness in some of the important cases. The
research team I lead had the good fortune to be in the right place at the right time when
several crucial technologies, such as tamper resistance and digital watermarking, be-
came hot topics.
By about 1996, it started to become clear to me that the existing textbooks were too
specialized. The security textbooks focused on the access control mechanisms in oper-
ating systems, while the cryptology books gave very detailed expositions of the design
of cryptographic algorithms and protocols. These topics are interesting, and important.
However they are only part of the story. Most system designers are not overly con-
cerned with crypto or operating system internals, but with how to use these tools ef-
fectively. They are quite right in this, as the inappropriate use of mechanisms is one of
the main causes of security failure. I was encouraged by the success of a number of
articles I wrote on security engineering (starting with “Why Cryptosystems Fail” in
1993); and the need to teach an undergraduate class in security led to the development
of a set of lecture notes that made up about half of this book. Finally, in 1999, I got
round to rewriting them for a general technical audience.
I have learned a lot in the process; writing down what you think you know is a good
way of finding out what you don’t. I have also had a lot of fun. I hope you have as
much fun reading it!
![](https://csdnimg.cn/release/download_crawler_static/4025730/bg5.jpg)
xxiii
Foreword
In a paper he wrote with Roger Needham, Ross Anderson coined the phrase “pro-
gramming Satan’s computer” to describe the problems faced by computer-security en-
gineers. It’s the sort of evocative image I’ve come to expect from Ross, and a phrase
I’ve used ever since.
Programming a computer is straightforward: keep hammering away at the problem
until the computer does what it’s supposed to do. Large application programs and op-
erating systems are a lot more complicated, but the methodology is basically the same.
Writing a reliable computer program is much harder, because the program needs to
work even in the face of random errors and mistakes: Murphy’s computer, if you will.
Significant research has gone into reliable software design, and there are many mis-
sion-critical software applications that are designed to withstand Murphy’s Law.
Writing a secure computer program is another matter entirely. Security involves
making sure things work, not in the presence of random faults, but in the face of an
intelligent and malicious adversary trying to ensure that things fail in the worst possi-
ble way at the worst possible time ... again and again. It truly is programming Satan’s
computer.
Security engineering is different from any other kind of programming. It’s a point I
made over and over again: in my own book, Secrets and Lies, in my monthly newslet-
ter Crypto-Gram, and in my other writings. And it’s a point Ross makes in every
chapter of this book. This is why, if you’re doing any security engineering ... if you’re
even thinking of doing any security engineering, you need to read this book. It’s the
first, and only, end-to-end modern security design and engineering book ever written.
And it comes just in time. You can divide the history of the Internet into three
waves. The first wave centered around mainframes and terminals. Computers were ex-
pensive and rare. The second wave, from about 1992 until now, centered around per-
sonal computers, browsers, and large application programs. And the third, starting
now, will see the connection of all sorts of devices that are currently in proprietary
networks, standalone, and non-computerized. By 2003, there will be more mobile
phones connected to the Internet than computers. Within a few years we’ll see many of
the world’s refrigerators, heart monitors, bus and train ticket dispensers, burglar
alarms, and electricity meters talking IP. Personal computers will be a minority player
on the Internet.
Security engineering, especially in this third wave, requires you to think differently.
You need to figure out not how something works, but how something can be made to
not work. You have to imagine an intelligent and malicious adversary inside your sys-
tem (remember Satan’s computer), constantly trying new ways to subvert it. You have
to consider all the ways your system can fail, most of them having nothing to do with
the design itself. You have to look at everything backwards, upside down, and side-
ways. You have to think like an alien.
As the late great science fiction editor John W. Campbell, said: “An alien thinks as
well as a human, but not like a human.” Computer security is a lot like that. Ross is
剩余599页未读,继续阅读
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
安全验证
文档复制为VIP权益,开通VIP直接复制
![](https://csdnimg.cn/release/wenkucmsfe/public/img/green-success.6a4acb44.png)