Security Engineering: A Guide to Building Dependable Distributed Systems 3/e

Now that there's software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic

In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.

This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability.

Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including:

• How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of Things Who the attackers are - from nation states and business competitors through criminal gangs to stalkers and playground bullies What they do - from phishing and carding through SIM swapping and software exploits to DDoS and fake news Security psychology, from privacy through ease-of-use to deception The economics of security and dependability - why companies build vulnerable systems and governments look the other way How dozens of industries went online - well or badly How to manage security and safety engineering in a world of agile development - from reliability engineering to DevSecOps

The third edition of Security Engineering ends with a grand challenge: sustainable security. As we build ever more software and connectivity into safety-critical durable goods like cars and medical devices, how do we design systems we can maintain and defend for decades? Or will everything in the world need monthly software upgrades, and become unsafe once they stop?

現在幾乎所有事物都有軟體，那麼如何確保任何事物的安全性呢？劍橋大學教授羅斯·安德森在這本全新更新的經典教材《安全工程：建立可靠分散系統指南，第三版》中，教導讀者如何設計、實施和測試系統，以抵禦錯誤和攻擊。

這本書於2001年成為暢銷書籍，並幫助建立了安全工程學科。到了2008年的第二版，地下黑市讓壞人專業化並擴大規模；攻擊越來越多地針對用戶而不是技術。這本書通過展示安全工程師如何關注可用性，再次取得了成功。

現在的第三版將其更新至2020年。隨著人們現在更多地通過手機上網，大多數伺服器都在雲端，網絡廣告推動著互聯網，社交網絡已經取代了很多人類互動，許多犯罪和濫用的模式是相同的，但方法已經演變。羅斯·安德森探討了2020年的安全工程意味著什麼，包括：

- 在手機、雲服務、社交媒體和物聯網的新世界中，基本的加密、協議和存取控制如何轉化
- 攻擊者是誰 - 從國家和商業競爭對手到犯罪團伙、跟蹤者和欺凌者
- 他們做什麼 - 從釣魚和刷卡到SIM交換和軟體漏洞利用，再到分散式阻斷服務攻擊和假新聞
- 安全心理學 - 從隱私到易用性再到欺騙
- 安全和可靠性的經濟學 - 為什麼公司建立易受攻擊的系統，政府視而不見
- 數十個行業如何上網 - 好或壞
- 如何在敏捷開發的世界中管理安全和安全工程 - 從可靠性工程到DevSecOps

《安全工程》第三版以一個宏大的挑戰結束：可持續的安全性。隨著我們將越來越多的軟體和連接性融入汽車和醫療設備等安全關鍵的耐用品中，我們如何設計能夠在數十年內維護和保護的系統？或者一旦停止更新，所有事物都需要每月軟體升級，並變得不安全？

ROSS ANDERSON is Professor of Security Engineering at Cambridge University in England. He is widely recognized as one of the world's foremost authorities on security. In 2015 he won the Lovelace Medal, Britain's top award in computing. He is a Fellow of the Royal Society and the Royal Academy of Engineering. He is one of the pioneers of the economics of information security, peer-to-peer systems, API analysis and hardware security. Over the past 40 years, he has also worked or consulted for most of the tech majors.

ROSS ANDERSON 是英國劍橋大學的安全工程學教授。他被廣泛認識為世界上最重要的安全專家之一。在2015年，他獲得了洛夫萊斯獎章，這是英國在計算機領域的最高榮譽。他是英國皇家學會和英國皇家工程學院的院士。他是信息安全經濟學、點對點系統、API分析和硬件安全的先驅之一。在過去的40年中，他也曾為大多數科技巨頭工作或提供諮詢服務。