Название: Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition
Автор: Ross Anderson
Издательство: Wiley
Год: 2020
Страниц: 1235
Язык: английский
Формат: pdf (true)
Размер: 10.1 MB

Now that there’s software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic.

In this newly revised Third Edition of Security Engineering: A Guide to Building Dependable Distributed Systems, celebrated security expert Ross Anderson updates his best-selling textbook to help you meet the challenges of the coming decade. Security Engineering became a classic because it covers not just the technical basics, such as cryptography, access controls and tamper-resistance, but also how they're used in real life. Real-world case studies – of the security of payment systems, military systems, the phone app ecosystems and now self-driving cars – demonstrate how to use security technology in practice, and what can go wrong.

Filled with actionable advice and the latest research, this Third Edition brings a classic book up to date with the modern world of smartphones, cloud computing and AI. As everything gets connected to the Internet, security engineering has come to require inter-disciplinary expertise, ranging from physics to psychology and applied economics. Security Engineering is the only textbook on the market to explain all these aspects of protecting real systems, while still remaining easily accessible.

There are at least four types of attack on a machine-learning system:
First, as I mentioned, you can poison the training data. If the model continues to train itself in use, then it can sometimes be simple to lead it astray.
Second, you can attack the model’s integrity in its inference phase, for example by causing it to give the wrong answer.
Third, Florian Tramer and colleagues showed that you can attack the model's confidentiality in the inference phase, by getting it to classify a number of probe inputs and building a successively better approximation. The result is often a good working imitation of the target model.
Finally, you can deny service, and one way is to choose samples that will cause the classifier to take as long as possible. Ilia Shumailov and colleagues found that one can often deny service by posing a conundrum to a classifier.

Perfect for computer science students and practicing cybersecurity professionals, as well as systems engineers of all sorts, this latest edition of Security Engineering also belongs on the bookshelves of candidates for professional certification such as CISSP.

You'll learn what makes a system secure and reliable and what can render it vulnerable, from phones and laptops through cars and payment terminals to cloud services and corporate networks. You'll find:

The basics: cryptography, protocols, access controls and usability
The attacks: phishing, software exploits and the cybercrime ecosystem
The responses: biometrics, smartcards, enclaves, app stores and the patch cycle
The psychology of security: what makes security hard for users and engineers
The economics of security: how large systems fail, and what to do about it
The big policy questions: from surveillance through censorship to sustainability

Security Engineering is the book that created the discipline. It will continue to define the discipline for the 2020s and beyond.