Security engineering
Encyclopedia
Security engineering is a specialized field of engineering
that focuses on the security
aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. It is similar to other systems engineering activities in that its primary motivation is to support the delivery of engineering solutions that satisfy pre-defined functional and user requirements, but with the added dimension of preventing misuse and malicious behavior. These constraints and restrictions are often asserted as a security policy
.
In one form or another, security engineering has existed as an informal field of study for several centuries. For example, the fields of locksmithing
and security printing
have been around for many years.
Due to recent catastrophic events, most notably 9/11, Security Engineering has quickly become a rapidly growing field. In fact, in a recent report completed in 2006, it was estimated that the global security industry was valued at US$150 billion.
Security engineering involves aspects of social science, psychology
(such as designing a system to 'fail well' instead of trying to eliminate all sources of error) and economics
, as well as physics
, chemistry
, mathematics
, architecture
and landscaping
.
Some of the techniques used, such as fault tree analysis
, are derived from safety engineering
.
Other techniques such as cryptography
were previously restricted to military applications. One of the pioneers of security engineering as a formal field of study is Ross Anderson.
However, multiple qualifications, or several qualified persons working together, may provide a more complete solution.
1. Default deny - "Everything, not explicitly permitted, is forbidden"
2. Default permit - "Everything, not explicitly forbidden, is permitted"
s, have now allowed the creation of far more complex systems, with new and complex security problems. Because modern systems cut across many areas of human endeavor, security engineers not only need consider the mathematical and physical properties of systems; they also need to consider attacks on the people who use and form parts of those systems using social engineering attacks. Secure systems have to resist not only technical attacks, but also coercion
, fraud
, and deception
by confidence tricksters.
These activities are designed to help meet security objectives in the software life cycle.
s, stairs or other sturdy obstacles outside tall or politically sensitive buildings to prevent car and truck bombings. Improving the method of visitor management
and some new electronic locks
take advantage of technologies such as fingerprint
scanning, iris or retinal scan
ning, and voiceprint identification to authenticate users.
and many in the practice of security engineering have no engineering degree.
solution. In fact, some rigorous methods do exist to address these difficulties but are seldom used, partly because they are viewed as too old or too complex by many practitioners. As a result, many ad-hoc approaches simply do not succeed.
Physical
Misc. Topics
Engineering
Engineering is the discipline, art, skill and profession of acquiring and applying scientific, mathematical, economic, social, and practical knowledge, in order to design and build structures, machines, devices, systems, materials and processes that safely realize improvements to the lives of...
that focuses on the security
Security
Security is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. It is similar to other systems engineering activities in that its primary motivation is to support the delivery of engineering solutions that satisfy pre-defined functional and user requirements, but with the added dimension of preventing misuse and malicious behavior. These constraints and restrictions are often asserted as a security policy
Security policy
Security policy is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls...
.
In one form or another, security engineering has existed as an informal field of study for several centuries. For example, the fields of locksmithing
Locksmithing
Locksmithing began as the science and art of making and defeating locks. A lock is a mechanism that secures buildings, rooms, cabinets, objects, or other storage facilities. A key is often used to open a lock...
and security printing
Security printing
Security printing is the field of the printing industry that deals with the printing of items such as banknotes, passports, tamper-evident labels, product authentication, stock certificates, postage stamps and identity cards...
have been around for many years.
Due to recent catastrophic events, most notably 9/11, Security Engineering has quickly become a rapidly growing field. In fact, in a recent report completed in 2006, it was estimated that the global security industry was valued at US$150 billion.
Security engineering involves aspects of social science, psychology
Psychology
Psychology is the study of the mind and behavior. Its immediate goal is to understand individuals and groups by both establishing general principles and researching specific cases. For many, the ultimate goal of psychology is to benefit society...
(such as designing a system to 'fail well' instead of trying to eliminate all sources of error) and economics
Economics
Economics is the social science that analyzes the production, distribution, and consumption of goods and services. The term economics comes from the Ancient Greek from + , hence "rules of the house"...
, as well as physics
Physics
Physics is a natural science that involves the study of matter and its motion through spacetime, along with related concepts such as energy and force. More broadly, it is the general analysis of nature, conducted in order to understand how the universe behaves.Physics is one of the oldest academic...
, chemistry
Chemistry
Chemistry is the science of matter, especially its chemical reactions, but also its composition, structure and properties. Chemistry is concerned with atoms and their interactions with other atoms, and particularly with the properties of chemical bonds....
, mathematics
Mathematics
Mathematics is the study of quantity, space, structure, and change. Mathematicians seek out patterns and formulate new conjectures. Mathematicians resolve the truth or falsity of conjectures by mathematical proofs, which are arguments sufficient to convince other mathematicians of their validity...
, architecture
Architecture
Architecture is both the process and product of planning, designing and construction. Architectural works, in the material form of buildings, are often perceived as cultural and political symbols and as works of art...
and landscaping
Landscaping
Landscaping refers to any activity that modifies the visible features of an area of land, including:# living elements, such as flora or fauna; or what is commonly referred to as gardening, the art and craft of growing plants with a goal of creating a beautiful environment within the landscape.#...
.
Some of the techniques used, such as fault tree analysis
Fault tree analysis
Fault tree analysis is a top down, deductive failure analysis in which an undesired state of a system is analyzed using boolean logic to combine a series of lower-level events...
, are derived from safety engineering
Safety engineering
Safety engineering is an applied science strongly related to systems engineering / industrial engineering and the subset System Safety Engineering...
.
Other techniques such as cryptography
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
were previously restricted to military applications. One of the pioneers of security engineering as a formal field of study is Ross Anderson.
Qualifications
Typical qualifications for a security engineer are:- Security+ - Entry Level
- Professional EngineerProfessional EngineerRegulation of the engineering profession is established by various jurisdictions of the world to protect the safety, well-being and other interests of the general public, and to define the licensure process through which an engineer becomes authorized to provide professional services to the...
, Chartered Engineer, Chartered Professional Engineer - Certified Protection Professional (CPP) - International certification by ASIS International
- Physical Security ProfessionalPhysical Security ProfessionalA Physical Security Professional is a certification process for individuals involved in the physical security of organizations. This certification process is offered by ASIS International...
(PSP) - International certification by ASIS International - Certified Information Systems Security ProfessionalCertified Information Systems Security ProfessionalCertified Information Systems Security Professional is an independent information security certification governed by International Information Systems Security Certification Consortium ²...
(CISSP)
However, multiple qualifications, or several qualified persons working together, may provide a more complete solution.
Security stance
The two possible default positions on security matters are:1. Default deny - "Everything, not explicitly permitted, is forbidden"
-
- Improves security at a cost in functionality.
- This is a good approach if you have lots of security threats.
- See secure computingSecure ComputingSecure Computing Corporation, or SCC, was a public company that developed and sold computer security appliances and hosted services to protect users and data...
for a discussion of computer securityComputer securityComputer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
using this approach.
2. Default permit - "Everything, not explicitly forbidden, is permitted"
-
- Allows greater functionality by sacrificing security.
- This is only a good approach in an environment where security threats are non-existent or negligible.
- See computer insecurityComputer insecurityComputer insecurity refers to the concept that a computer system is always vulnerable to attack, and that this fact creates a constant battle between those looking to improve security, and those looking to circumvent security.-Security and systems design:...
for an example of the failure of this approach in the real world.
Core practices
- Security Requirements Analysis
- Security architectureSecurity ArchitectureSecurity provided by IT Systems can be defined as the IT system’s ability to be able to protect confidentiality and integrity of processed data, as well as to be able to provide availability of the system and data....
- Secure codingSecure CodingHistory has proven that software defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities. Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively...
- Security testingSecurity TestingSecurity testing is a process to determine that an information system protects data and maintains functionality as intended.The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, availability, authorization and non-repudiation...
- Security Operations and Maintenance
- Economics of securityEconomics of securityThe economics of information security addresses the economic aspects of privacy and computer security. Economics of information security includes models of the strictly rational “homo economicus” as well as behavioral economics...
Sub-fields
- Physical securityPhysical securityPhysical security describes measures that are designed to deny access to unauthorized personnel from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts...
- deter attackers from accessing a facility, resource, or information stored on physical media.
- Information securityInformation securityInformation security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
- protecting data from unauthorized access, use, disclosure, destruction, modification, or disruption to access.
- See esp. Computer securityComputer securityComputer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
- Technical surveillance counter-measuresTechnical Surveillance Counter-MeasuresTSCM is the original United States Federal government abbreviation denoting the process of bug-sweeping or electronic countersurveillance...
- Economics of securityEconomics of securityThe economics of information security addresses the economic aspects of privacy and computer security. Economics of information security includes models of the strictly rational “homo economicus” as well as behavioral economics...
- the economic aspects of economics of privacy and computer security.
Methodologies
Technological advances, principally in the field of computerComputer
A computer is a programmable machine designed to sequentially and automatically carry out a sequence of arithmetic or logical operations. The particular sequence of operations can be changed readily, allowing the computer to solve more than one kind of problem...
s, have now allowed the creation of far more complex systems, with new and complex security problems. Because modern systems cut across many areas of human endeavor, security engineers not only need consider the mathematical and physical properties of systems; they also need to consider attacks on the people who use and form parts of those systems using social engineering attacks. Secure systems have to resist not only technical attacks, but also coercion
Coercion
Coercion is the practice of forcing another party to behave in an involuntary manner by use of threats or intimidation or some other form of pressure or force. In law, coercion is codified as the duress crime. Such actions are used as leverage, to force the victim to act in the desired way...
, fraud
Fraud
In criminal law, a fraud is an intentional deception made for personal gain or to damage another individual; the related adjective is fraudulent. The specific legal definition varies by legal jurisdiction. Fraud is a crime, and also a civil law violation...
, and deception
Deception
Deception, beguilement, deceit, bluff, mystification, bad faith, and subterfuge are acts to propagate beliefs that are not true, or not the whole truth . Deception can involve dissimulation, propaganda, and sleight of hand. It can employ distraction, camouflage or concealment...
by confidence tricksters.
Web applications
According to the Microsoft Developer Network the patterns & practices of Security Engineering consists of the following activities:- Security Objectives
- Security Design Guidelines
- Security Modeling
- Security Architecture and Design Review
- Security Code Review
- Security Testing
- Security Tuning
- Security Deployment Review
These activities are designed to help meet security objectives in the software life cycle.
Physical
- Understanding of a typical threat and the usual risks to people and property.
- Understanding the incentives created both by the threat and the countermeasures.
- Understanding risk and threat analysis methodology and the benefits of an empirical study of the physical security of a facility.
- Understanding how to apply the methodology to buildings, critical infrastructure, ports, public transport and other facilities/compounds.
- Overview of common physical and technological methods of protection and understanding their roles in deterrence, detection and mitigation.
- Determining and prioritizing security needs and aligning them with the perceived threats and the available budget.
Target hardening
Whatever the target, there are multiple ways of preventing penetration by unwanted or unauthorised persons. Methods include placing Jersey barrierJersey barrier
A Jersey barrier or Jersey wall is a modular concrete barrier employed to separate lanes of traffic. It is designed to both minimize vehicle damage in cases of incidental contact while still preventing crossover in the case of head-on accidents....
s, stairs or other sturdy obstacles outside tall or politically sensitive buildings to prevent car and truck bombings. Improving the method of visitor management
Visitor management
Visitor management refers to tracking the usage of a public building or site. By gathering increasing amounts of information, a visitor management system can record the usage of the facilities by specific visitors and provide documentation of visitor’s whereabouts.Because a visitor management...
and some new electronic locks
Lock (device)
A lock is a mechanical or electronic fastening device that is released by a physical object or secret information , or combination of more than one of these....
take advantage of technologies such as fingerprint
Fingerprint
A fingerprint in its narrow sense is an impression left by the friction ridges of a human finger. In a wider use of the term, fingerprints are the traces of an impression from the friction ridges of any part of a human hand. A print from the foot can also leave an impression of friction ridges...
scanning, iris or retinal scan
Retinal scan
A retinal scan is a biometric technique that uses the unique patterns on a person's retina to identify them. It is not to be confused with another ocular-based technology, iris recognition.-Introduction:...
ning, and voiceprint identification to authenticate users.
Employers of security engineers
- US Department of State, Bureau of Diplomatic SecurityBureau of Diplomatic SecurityThe Bureau of Diplomatic Security, more commonly known as Diplomatic Security, or DS, is the security and law enforcement arm of the United States Department of State. DS is a world leader in international investigations, threat analysis, cyber security, counterterrorism, security technology, and...
(ABET certified institution degree in engineering or physics required)
Use of the term engineer
Some criticize this field as not being a bona fide field of engineering because the methodologies of this field are less formal or excessively ad-hoc compared to other fieldsEngineering
Engineering is the discipline, art, skill and profession of acquiring and applying scientific, mathematical, economic, social, and practical knowledge, in order to design and build structures, machines, devices, systems, materials and processes that safely realize improvements to the lives of...
and many in the practice of security engineering have no engineering degree.
Security engineering as a systems engineering discipline
Security engineering is not considered to be a true form of systems engineering by some. Part of the problem lies in the fact that while conforming to positive requirements is well understood; conforming to negative requirements requires complex and indirect posturing to reach a closed formClosed-form expression
In mathematics, an expression is said to be a closed-form expression if it can be expressed analytically in terms of a bounded number of certain "well-known" functions...
solution. In fact, some rigorous methods do exist to address these difficulties but are seldom used, partly because they are viewed as too old or too complex by many practitioners. As a result, many ad-hoc approaches simply do not succeed.
See also
Computer-related- AuthenticationAuthenticationAuthentication is the act of confirming the truth of an attribute of a datum or entity...
- CryptographyCryptographyCryptography is the practice and study of techniques for secure communication in the presence of third parties...
- CryptanalysisCryptanalysisCryptanalysis is the study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required to do so. Typically, this involves knowing how the system works and finding a secret key...
- Computer insecurityComputer insecurityComputer insecurity refers to the concept that a computer system is always vulnerable to attack, and that this fact creates a constant battle between those looking to improve security, and those looking to circumvent security.-Security and systems design:...
- Data remanenceData remanenceData remanence is the residual representation of data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that does not remove data previously written...
- Defensive programmingDefensive programmingDefensive programming is a form of defensive design intended to ensure the continuing function of a piece of software in spite of unforeseeable usage of said software. The idea can be viewed as reducing or eliminating the prospect of Murphy's Law having effect...
(secure coding) - Earthquake engineeringEarthquake engineeringEarthquake engineering is the scientific field concerned with protecting society, the natural and the man-made environment from earthquakes by limiting the seismic risk to socio-economically acceptable levels...
- Explosion protectionExplosion protectionExplosion protection is used to protect all sorts of buildings and civil engineering infrastructure against internal and external explosions or deflagrations. It was widely believed until recently that a building subject to an explosive attack had a chance to remain standing only if it possessed...
- HackingHacker (computer security)In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
- Information Systems Security Engineering (ISSE)
- Password policyPassword policyA password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization's official regulations and may be taught as part of security awareness training...
- Software crackingSoftware crackingSoftware cracking is the modification of software to remove or disable features which are considered undesirable by the person cracking the software, usually related to protection methods: copy protection, trial/demo version, serial number, hardware key, date checks, CD check or software annoyances...
- Software Security AssuranceSoftware Security AssuranceSoftware security assurance is a process that helps design and implement software that protects the data and resources contained in and controlled by that software...
- Secure computingSecure ComputingSecure Computing Corporation, or SCC, was a public company that developed and sold computer security appliances and hosted services to protect users and data...
- Security PatternsSecurity PatternsDesign pattern can be applied to achieve goals in the area of security. Every classical design pattern has different instantiations to fulfill some of the information security goals as confidentiality, integrity or availability...
- Systems engineeringSystems engineeringSystems engineering is an interdisciplinary field of engineering that focuses on how complex engineering projects should be designed and managed over the life cycle of the project. Issues such as logistics, the coordination of different teams, and automatic control of machinery become more...
- Trusted systemTrusted systemIn the security engineering subspecialty of computer science, a trusted system is a system that is relied upon to a specified extent to enforce a specified security policy...
- Economics of SecurityEconomics of securityThe economics of information security addresses the economic aspects of privacy and computer security. Economics of information security includes models of the strictly rational “homo economicus” as well as behavioral economics...
Physical
- Access controlAccess controlAccess control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...
- Access control vestibuleAccess control vestibuleThe Access Control Vestibule is a security screening system for the detection of individuals carrying weapons into any facility without authorization, therefore minimizing the possibility of an armed takeover. The ACV is composed of an aluminum frame, separate entrance and exit doors, a metal...
- AuthorizationAuthorizationAuthorization is the function of specifying access rights to resources, which is related to information security and computer security in general and to access control in particular. More formally, "to authorize" is to define access policy...
- Critical Infrastructure ProtectionCritical Infrastructure ProtectionCritical infrastructure protection is a concept that relates to the preparedness and response to serious incidents that involve the critical infrastructure of a region or nation....
- Environmental designEnvironmental designEnvironmental design is the process of addressing surrounding environmental parameters when devising plans, programs, policies, buildings, or products...
(esp. CPTEDCrime prevention through environmental designCrime prevention through environmental design is a multi-disciplinary approach to deterring criminal behavior through environmental design. CPTED strategies rely upon the ability to influence offender decisions that precede criminal acts...
) - LocksmithingLocksmithingLocksmithing began as the science and art of making and defeating locks. A lock is a mechanism that secures buildings, rooms, cabinets, objects, or other storage facilities. A key is often used to open a lock...
- Physical SecurityPhysical securityPhysical security describes measures that are designed to deny access to unauthorized personnel from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts...
- SecrecySecrecySecrecy is the practice of hiding information from certain individuals or groups, perhaps while sharing it with other individuals...
- SecuritySecuritySecurity is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
- Secure cryptoprocessorSecure cryptoprocessorA secure cryptoprocessor is a dedicated computer on a chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance....
- Security through obscuritySecurity through obscuritySecurity through obscurity is a pejorative referring to a principle in security engineering, which attempts to use secrecy of design or implementation to provide security...
- Technical surveillance counter-measuresTechnical Surveillance Counter-MeasuresTSCM is the original United States Federal government abbreviation denoting the process of bug-sweeping or electronic countersurveillance...
Misc. Topics
- DeceptionDeceptionDeception, beguilement, deceit, bluff, mystification, bad faith, and subterfuge are acts to propagate beliefs that are not true, or not the whole truth . Deception can involve dissimulation, propaganda, and sleight of hand. It can employ distraction, camouflage or concealment...
- FraudFraudIn criminal law, a fraud is an intentional deception made for personal gain or to damage another individual; the related adjective is fraudulent. The specific legal definition varies by legal jurisdiction. Fraud is a crime, and also a civil law violation...
- Full disclosureFull disclosureIn computer security, full disclosure means to disclose all the details of a security problem which are known. It is a philosophy of security management completely opposed to the idea of security through obscurity...
- Security awarenessSecurity awarenessSecurity awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical and, especially, information assets of that organization...
- Security communitySecurity communitythumb|200px|Despite a long record of armed conflicts between Germany and France, the European security community has made war between these two less likely....
- SteganographySteganographySteganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity...
- Social engineering
- Kerckhoffs' principleKerckhoffs' principleIn cryptography, Kerckhoffs's principle was stated by Auguste Kerckhoffs in the 19th century: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.Kerckhoffs's principle was reformulated by Claude Shannon as...
Further reading
- Ross Anderson (2001). "Why Information Security is Hard - An Economic Perspective"