资源描述:
《Chapter 1 What Is Security Engineering》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、CHAPTER1WhatIsSecurityEngineering?Outofthecrookedtimberofhumanity,nostraightthingwasevermade.ImmanuelKantTheworldisnevergoingtobeperfect,eitheron-oroffline;solet’snotsetimpossiblyhighstandardsforonline.EstherDyson1.1IntroductionSecurityengineeringisaboutbuildingsystemstoremaindependableinthe
2、faceofmalice,error,ormischance.Asadiscipline,itfocusesonthetools,processes,andmethodsneededtodesign,implement,andtestcompletesystems,andtoadaptexistingsystemsastheirenvironmentevolves.Securityengineeringrequirescross-disciplinaryexpertise,rangingfromcryptographyandcomputersecuritythroughhar
3、dwaretamper-resistanceandformalmethodstoaknowledgeofeconomics,appliedpsychology,organiza-tionsandthelaw.Systemengineeringskills,frombusinessprocessanalysisthroughsoftwareengineeringtoevaluationandtesting,arealsoimportant;buttheyarenotsufficient,astheydealonlywitherrorandmischanceratherthanma
4、lice.Manysecuritysystemshavecriticalassurancerequirements.Theirfailuremayendangerhumanlifeandtheenvironment(aswithnuclearsafetyandcontrolsystems),doseriousdamagetomajoreconomicinfrastructure(cashmachinesandotherbanksystems),endangerpersonalprivacy(medicalrecord34Chapter1■WhatIsSecurityEngin
5、eering?systems),underminetheviabilityofwholebusinesssectors(pay-TV),andfacilitatecrime(burglarandcaralarms).Eventheperceptionthatasystemismorevulnerablethanitreallyis(payingwithacreditcardovertheInternet)cansignificantlyholdupeconomicdevelopment.Theconventionalviewisthatwhilesoftwareengineer
6、ingisaboutensur-ingthatcertainthingshappen(‘Johncanreadthisfile’),securityisaboutensuringthattheydon’t(‘TheChinesegovernmentcan’treadthisfile’).Real-ityismuchmorecomplex.Securityrequirementsdiffergreatlyfromonesystemtoanother.Onetypicallyneedssomecombinationofuserauthentica-tion,transactionin
7、tegrityandaccountability,fault-tolerance,messagesecrecy,andcovertness.Butmanysystemsfailbecausetheirdesignersprotectthewrongthings,orprotecttherightthingsbutinthewrongway.Gettingprotectionrightthusdependsonseveraldifferenttypesofprocess.Youhavetofigureout