Security Engineering: Third Edition

I’m writing a third edition of my best-selling book Security Engineering. The chapters will be available online for review and feedback as I write them.

Today I put online a chapter on Who is the Opponent, which draws together what we learned from Snowden and others about the capabilities of state actors, together with what we’ve learned about cybercrime actors as a result of running the Cambridge Cybercrime Centre. Isn’t it odd that almost six years after Snowden, nobody’s tried to pull together what we learned into a coherent summary?

There’s also a chapter on Surveillance or Privacy which looks at policy. What’s the privacy landscape now, and what might we expect from the tussles over data retention, government backdoors and censorship more generally?

There’s also a preface to the third edition.

As the chapters come out for review, they will appear on my book page, so you can give me comment and feedback as I write them. This collaborative authorship approach is inspired by the late David MacKay. I’d suggest you bookmark my book page and come back every couple of weeks for the latest instalment!

18 thoughts on “Security Engineering: Third Edition

  1. Re:
    Security Engineering: Third Edition, Ch.24
    nicely done. Typos (not exhaustive):

    page 743 near the bottom
    “could either either use their”

    page 746 near the bottom
    “that they simply obeying”

    page 747 near the bottom
    “that this was make it easier”

    1. Security Engineering, Third Edition,

      page 108, chapter 4.1
      Tdiagnostichey often involve interaction,

      page 119, chapter 4.4
      A pirate device can inserts extra pulses

      page 127, chapter 4.8
      there are morer subtle attacks

    2. I apologize, email is brokenly relayed at the mo.

      SEv3-ch3-june29.pdf ERRATA

      the fraudster get the mark to concentrate [ “got” rather than get? ]

      who has got to be root [suggest “who has gained root access” ]

      that he wrote afterwards [ back tic missing after title ]

  2. Beautifully written preface. Maybe more emphasis on data and semantic interoperability over the lifetime of chip embedded products and digital services. Very interested to see if you have something to say about what I believe was the evolution of Bletchley Park to GCHQ.

  3. Don’t you think the preface should mention Stuxnet, “cyber war”, SCADA etc.? To my mind that is a much bigger game changer than Snowden. You should also consider including in the preface the topics of economics as well as people issues like personality and culture.

  4. NZ is in the process of responding to the Christchurch mosque attacks, in particular look hard at control of online hate speech.

    It would be interesting to see your opinion on how this issue should be handled.

    Previously Internet Service Providers have rightly argued that they are neutral carriers like postmen.

    They are not responsible for the content of the letters they deliver.

    But to the extent a service provider _looks_ inside a conversation, to datamine and monetized that information, then yes, they bear responsibility for what they deliver.

  5. Maybe a few words about what you mean with online property crime p.32 would be helpful. AS terms as intelectual property could add up to a confusion here.

  6. I downloaded those PDF files, and I have noticed that they don’t have the model tree available for quick navigation to different sections within the chapter. It would be helpful if that was available

  7. Page 47, second paragraph:

    … it wanted both him and the investigator to declare
    that the paper hadnˆa˘A´Zt relied upon …

    Looks like some sort of encoding issue. I am using Adobe acrobat on Windows 10.

  8. Page 74, first paragraph:

    … arguing that the propositional attitudes we use
    to reason ˆa˘A¸S beliefs, desires and perceptions ˆa˘A¸S some down to the intentions
    of people and animals.

    Again, some sort of encoding issue. I am using Adobe acrobat on Windows 10.

  9. Page 79, section 3.3.2

    … Wilson researched and appeared in nine series of TV programs …

    nine seasons would be easier to understand by most readers, even British ones.

  10. Page 81, 4th paragraph:

    … In the same year, the UK privacy authorities prosecuted a private detective agency that did blagging jobs for top law firms [834].

    You have only used the word “blagging” once in the whole chapter without defining what it means. (I think it refers to social engineering over the telephone).

  11. Surveillance and Privacy chapter

    p. 729, para. 2: FTC, not FDA, punishes privacy policy violations in U.S.

    p. 736, para 3: you might want to include mention of SCOTUS decision in US vs. Carpenter, 2018, which concerns requirement of warrants for cellphone location data.

    p. 753, Sec. 24.4, first para. last sentence: typo — “underling” for “underlying”

  12. P. 61 of the SEv3-ch2-May16.pdf file:
    “As a result, nations are more likely to make strategic miscalculations, *which* could lead not just to cyber conflict*,* but the kinetic variety too.”

    Great read thanks

  13. p. 437 iris recognition

    Iris recognition might not be that accurate in terms of security. People leave high definition pictures of them everywhere and contact lens detection is in its infancy.

  14. p. 269 Second Paragraph DRM

    DRM is not at all dead, it just moved into the browser or the proprietary app. Further I strongly urge to use the term copyright infringement as this has absolutely nothing to do with patents, trademarks et al.

  15. It would be useful if you would put up the new references list. It is sort of doable to match the new reference numbers (with context) with the old list, but not very convenient.

Leave a Reply

Your email address will not be published. Required fields are marked *