Cover: Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Ed.

Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Ed.

Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack. The third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020.

Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Ed. Read More
Schneier on Security - Masthead

Schneier on Security – “Crypto-Gram” Newsletter

I am a public-interest technologist, working at the intersection of security, technology, and people. I’ve been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I’m a Special Advisor to IBM Security, a fellow and lecturer at Harvard’s Kennedy School, and a board member of EFF. This personal website expresses the opinions of none of those organizations.

Schneier on Security – “Crypto-Gram” Newsletter Read More
Security Engineering, 2nd Ed.

Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Ed.

“The world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here’s straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.”

Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Ed. Read More

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

Communications of the ACM, January 2019, Vol. 62 No. 1, Pages 106-114
Research Highlights: “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice”
By David Adrian, Karthikeyan Bhargavan, et al.

“We investigate the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed.”

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice Read More