Security Engineering is all about designing and building secure systems. Unlike many security books, this one attempts to cover the entire range of security engineering, ranging from cryptography, access control and similar technologies, into security policy, and even into the macro scale of governmental policies. Of course, this is a massive set of subjects to try to cover in a single book, and indeed, Security Engineering weighs in at a little over one thousand pages (though nearly 100 of them go to the bibliography), spread out over 27 chapters. Fortunately Ross Anderson does an excellent job at keeping the book unified, progressing from the basic technology like cryptography, access control, and even plain old locks to how governments and corporations apply the technology. Finally, the last two chapters are about actually developing a secure system, and how to evaluate its resulting security.

The reader should finish Security Engineering with a decent technical introduction in areas like cryptography, and distributed system security, but they should also understand where some of the trade-offs come about to make a system as secure as possible given real-world constraints. A well secured system isn’t one with perfect technical security, but rather one that users can utilize without feeling the need to subvert it to do their work. At the same time, surrendering all hope of securing a system just to make it very easy to use is also a poor outcome. Instead, the level and types of security required need to be assessed per system.

A main theme throughout is that in order to make a secure system, the incentives need to be properly aligned. A banking system which places liability for fraud involving ATM cards on its customers has little incentive to improve the security for its ATMs, whereas a bank forced to cover money lost in fraud will be more inclined to examine its security regularly. Understanding incentives is key to understanding who the security on a device is actually for - often it is not about protecting the customer, but the vendor. This type conflict between interests results in many security failures.

The downside to Security Engineering is that some parts can drag a bit if they are outside the reader’s area of interest. Anderson spent a considerable portion of his career working on banking systems, and now is a security researcher at Cambridge, and as a result many examples are related to the banking system or his research. However, they are relevant, and he covers many other topics. In fact, one key point that is mentioned repeatedly in the early chapters is the realization that cyber security should draw upon other areas of security research, such as the banking industry, electronic warfare, and even physical security. Since many of these other forms of security have been around for some time, they often have insights that would otherwise have to be rediscovered when being applied to cyber security.

Overall Security Engineering is well worth the many hours required to read it all the way through. Happily, you can even try it out without putting up money for a hard copy, you can find the full text (in PDF) on his page at Cambridge.

Alternatively, it can be found at Amazon .