Friday, September 01, 2006

Ross Anderson's Security Engineering

Via Bruce Schneier's security blog, I learned that Ross Anderson's Security Engineering is now freely available for download.

While I haven't read the whole yet, I have perused some of the chapters. The book offers a very broad treatment of security design, with chapters covering not just technical aspects such as "Cryptography" and "Biometrics", but also chapters focusing on archetypal applications such as "Banking and Bookkeeping" and "Nuclear Command and Control."

During my brief glance at the material, the book seems mostly accessible to anyone with an interest in security. The "Cryptography" chapter delves into some of the nitty-gritty of the math behind the various systems discussed, but math doesn't seem to play an integral part of the rest of the book. The "Banking and Bookkeeping" chapter offers detail on how banks' computer systems work, how they communicate with each other, how ATMs work, and what has gone wrong with all of those. It is the descriptions of real-world systems like these that most interest me, and they require no mathematical formulae to understand.

I'll probably read the book in its entirety; I may post some additional thoughts here once I'm finished with it.

No comments: