Cipher Book Review, Issue E161

Security Engineering: A Guide to Building Dependable Distributed Systems
by Ross Anderson

Wiley Publishing 2020.
ISBN ISBN-13: ISBN: 978-1-119-64278-7 (Hardcover) . 1232 pages

Reviewed by  Sven Dietrich   5/31/21 

We live amid constant reminders in real life about what could have been done better from a computer security perspective. When something goes wrong, we find it is a protocol that is exhibiting an exploitable vulnerability, or a software repository that has been infiltrated with code containing a vulnerability, or a critical infrastructure system held for ransom. One wonders what design principles the system authors and builders had considered to mitigate any compromises or to allow them to continue to function in the presence of those compromises. How can we engineer those solutions, how can we build better systems: more secure, more dependable? One book attempts to provide this background.

At over 1200 pages, Ross Anderson's third edition of 'Security Engineering: A Guide to Building Dependable Distributed Systems' is a large update after the first edition in 2001 and the second edition in 2008. This is a comprehensive book on security engineering, providing anywhere from an introduction to the various subfields of computer and network security, to considerations necessary to building secure and resilient real-world systems, and all the way to identifying research problems that remain to be addressed for the topics in each chapter.

The book is divided into three parts, with a total of 29 chapters, and contains an extensive bibliography. The first part covers the basics, the second part looks at applications of secure systems, and the third part broadly discusses politics, management, and assurance. Each chapter covers several themed subsections, followed by a chapter summary, a set of research problems, and further reading. The chapters read well and flow easily within themselves as well as from one chapter to the next. While it is a a descriptive treatise, not a rigorous mathematical treatment of the various subjects, nonetheless occasional mathematical formulas or charts will pop up inline to illustrate the broad concepts brought forth and to whet the reader's appetite to seek out the original research paper or other references cited.

The first part spans 8 chapters that quickly set the stage for Ross Anderson's approach to the subject matter: 'What is Security Engineering?', 'Who is the Opponent?', 'Psychology and Usability', 'Protocols', 'Cryptography', 'Access Control', 'Distributed Systems', and last but not least 'Economics'. The reader learns about what it means to deal with adversity in the 2020s, identifying the threat models, the pitfalls, and the consequences of not getting security right. The big impact here is from the author's contribution to the security field, the systems view, the psychology and usability aspects, as well as the economics aspects, topics for which the author has organized (or otherwise contributed to) workshops and conferences.

The second part discusses real-world applications of secure systems, covering many decades of security work, from the early days of 'Multilevel Security' and 'Nuclear Command and Control', to 'Advanced Cryptographic Engineering', 'Biometrics' and 'Tamper Resistance' as well as Digital Rights Management in 'Copyright and DRM', to 'Network Attack and Defence', 'Phones', 'Locks and Alarms', just to mention some of the 16 chapters in here. This part is wrapped up with thoughts on 'New Directions' in the field, talking among others about the combination of Machine Learning, Artificial Intelligence and Security and what it means for both attacker and defender sides.

The third part covers politics, management, and assurance in four chapters. Here the reader learns about 'Surveillance or Privacy', 'Secure Systems Development', 'Assurance and Sustainability'. Controversial topics of surveillance versus privacy are brought up in the context of political and technological settings that have affected Internet users for many years, including wiretapping and censorship. Risk quantification and DevSecOps are brought into the picture here as well. This part wraps up with 'Beyond "Computer Says No"', reminding us what Ross Anderson has told us all along in these chapters: think about the big picture, and how does it fit in?

This is a fantastic book for organizing one's thinking about security engineering and design. The reader how all the facets fit together in the real world through both scientific references and anecdotes from the last few decades. The depth is provided, should the reader care to delve deeper, through an absolutely impressive bibliography of close to 2100 entries. The narrative is easy to follow throughout the book, whether the reader is learning about DDoS attacks (always close to my heart), espionage (Snowden's surveillance revelations, for example), security protocol failures, financial transaction protocols, mobile phone security, electronic voting security (very relevant in the last few years), security printing, covert channels, DNS security, deception, or ransomware, among others.

The breadth of the topics covered provides a good perspective for appreciating the impact that good (secure?) design can have on real-world systems that surround us. That is even more so relevant now that the Internet has invaded, uh, permeated our homes with Internet-of-Things devices that make our lives more Internet-centric with all the advantages and risks that come with it.

The accessible style of this book and, most importantly, the relevant context of the discussed secure systems, make for one pleasurable reading. While it could be considered a very comprehensive introduction to the idea of security engineering, there are enough timely and thought-provoking musings to keep more advanced readers interested in seeking out the scientific articles providing the adequate depth, hindsight, and foresight. This book is a must-have if security engineering is your intended field or connected to your field.

Ross Anderson did a great job of producing the third edition of 'Security Engineering: A Guide to Building Dependable Distributed Systems' in 2020, a book intended to last for many years. He is a well-known expert in the security field and this overarching treatise makes for one impressive (and heavy!) book. The book is a welcome addition to my bookshelf, to be used as a reference or even textbook in the years to come.


Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org.