1  Cover

      2  Title Page

      3  Preface to the Third Edition

      4  Preface to the Second Edition

      5  Preface to the First Edition

      6  For my daughter, and other lawyers…

      7  Foreword

      8  PART I CHAPTER 1: What Is Security Engineering? 1.1 Introduction 1.2 A framework 1.3 Example 1 – a bank 1.4 Example 2 – a military base 1.5 Example 3 – a hospital 1.6 Example 4 – the home 1.7 Definitions 1.8 Summary Note CHAPTER 2: Who Is the Opponent? 2.1 Introduction 2.2 Spies 2.3 Crooks 2.4 Geeks 2.5 The swamp 2.6 Summary Research problems Further reading Notes CHAPTER 3: Psychology and Usability 3.1 Introduction 3.2 Insights from psychology research 3.3 Deception in practice 3.4 Passwords 3.5 CAPTCHAs 3.6 Summary Research problems Further reading Notes CHAPTER 4: Protocols 4.1 Introduction 4.2 Password eavesdropping risks 4.3 Who goes there? – simple authentication 4.4 Manipulating the message 4.5 Changing the environment 4.6 Chosen protocol attacks 4.7 Managing encryption keys 4.8 Design assurance 4.9 Summary Research problems Further reading Notes CHAPTER 5: Cryptography 5.1 Introduction 5.2 Historical background 5.3 Security models 5.4 Symmetric crypto algorithms 5.5 Modes of operation 5.6 Hash functions 5.7 Asymmetric crypto primitives 5.8 Summary Research problems Further reading Notes CHAPTER 6: Access Control 6.1 Introduction 6.2 Operating system access controls 6.3 Hardware protection 6.4 What goes wrong 6.5 Summary Research problems Further reading Notes CHAPTER 7: Distributed Systems 7.1 Introduction 7.2 Concurrency 7.3 Fault tolerance and failure recovery 7.4 Naming 7.5 Summary Research problems Further