
Security Engineering: A Guide to Building Dependable Distributed Systems - ColinWright
http://www.cl.cam.ac.uk/~rja14/book.html
======
damian2000
Chapter 11 on physical security was great.

[http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c11.pdf](http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c11.pdf)

 _How to steal a painting (7)

Bruno cuts the telephone line to his rival’s gallery and hides a few hundred
yards away in the bushes. He counts the number of men in blue uniforms who
arrive and the number who depart. If the two numbers are equal, then it’s a
fair guess the custodian has said, ‘Oh bother, we‘ll fix it in the morning’,
or words to that effect. He now knows he has several hours to work.

\-- page 384-385_

in this case wouldn't it be better to use two different 3G/4G operators in
addition to the fixed line?

------
JoachimS
There is another book with a very similar name available as a free beta:
Engineering Security by Peter Gutmann.

Gutmanns book is a tour de force with not many, but basically all examples one
could think of. The result is a big, big book.

Of the two, Anderssons book is much more readable. But if you want a deep dive
with (somewhat opinionated) facts take a look at Giutmanns book.

[https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf](https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf)

------
jc123
Both editions of the book were before the invention of blockchains.
Integrating it in the next edition of the book would be solid work: not just
explaining a blockchain but really integrating it with existing parts of
computer science.

~~~
tbrownaw
No, bitcoin isn't the only thing to use blockchains. Git has used them since
2005, and other distributed versioning systems since before then.

------
netman21
Sadly pre-Snowden. Security engineering has changed dramatically now that the
extent of the surveillance state has been exposed. Knowing Ross Anderson, I
would wager he is working on the 3rd edition now!

------
matthiasb
It looks like a good CISSP study book.

------
bburshteyn
As a related note to building dependable distributed systems, we've spoken to
a few ex-military cyber security engineers and private company security
engineers / researchers who say that our new distributed programming language
"Hello" would be useful for building powerful and fast distributed security
applications. Would appreciate any thoughts/feedback on it.

White paper here: [http://www.amsdec.com/wp-
content/uploads/2015/10/hellowhitep...](http://www.amsdec.com/wp-
content/uploads/2015/10/hellowhitepaper.pdf)

User guide here: [http://www.amsdec.com/wp-
content/uploads/2015/10/helloguide....](http://www.amsdec.com/wp-
content/uploads/2015/10/helloguide.pdf)

DL Hello (if you care):
[http://www.amsdec.com/download/](http://www.amsdec.com/download/)

Thanks!

Boris

CTO, CryptoMove

