Price: $15.00
(as of Feb 18,2023 07:11:42 UTC – Details)
From the Publisher
Q and A with Adam Shostack, author of Threats: What Every Engineer Should Learn From Star Wars
What about the Star Wars franchise makes it such a good story to illustrate security concepts?
How does R2-D2 know who Ben Kenobi is? How does he decide to play the recording of Princess Leia for Ben, but not Luke? How does Princess Leia tell R2 her intentions? These three questions touch on fundamental issues of security: authentication, authorization, and usability. (Star Wars geeks have an answer to the first from the prequels, but Leia does not know that answer.) What’s more, the way the world of Star Wars engages with technology and computers gives us a familiar base from which to learn about how technology works in our world.
How does the original Star Wars trilogy relate to what you do on a personal level?
I was a Star Wars fan before I ever wrote a line of code and long before I broke my first system. As I became an expert in computer security, it became clear to me that we in the field are much better at code than with stories, and while it’s tempting to say “That is why you fail,” telling better stories is not our only hope. As I reflected on Star Wars I realized that as the crawl fades, the camera descends onto Princess Leia’s ship being pursued over…a stolen data tape! I realized Star Wars is not only the story of Luke’s hero’s journey and growth into adulthood but also a story of information disclosure and consequences. Over the last decade, I’ve used Star Wars to tell the story of computer security because epic stories give us reference points and illustrations of important issues.
With all the available security information out there, why is it so challenging to keep our systems secure?
Attackers have a great many advantages. They can study their target, plan their attacks, and launch them only when they feel confident. They can do what they will to take control of a system, make it misbehave, or embarrass its creator. And while some of what attackers do is really very clever, all of it is unexpected. That unexpected part’s tremendously important.
Who is this book for?
This book is for every engineer. It will be most useful to those who build or operate complex software-rich systems. There are hard trade-offs in engineering, which are made harder when security goals are obscure or vague. The book is focused on systems that incorporate code, but these days, what doesn’t? Engineers who work in more traditional parts of the field, like aerospace, chemical, civil, or mechanical engineering, are finding that these more elegant systems from a more mechanical time are being supplanted. Your systems must now interface with code, and you must address security properties.
This book is also for security professionals and enthusiasts. There are many pathways into many fields on security and hacking. Few of them provide a broad framework that will serve to organize the flood of information about threats, vulnerabilities, and exploits that you’ll encounter. My hope is that this book serves them all.
What should readers expect to learn from Threats: What Every Engineer Should Learn From Star Wars?
I’d like readers to come away with insight into which timeless threats keep raising their ugly heads, concrete details and true stories of where those threats have emerged, and a framework for organizing the complex, sprawling world of security threats. Human attention is a harsh master. It is hard to perceive what is missing. My intent in cataloging common issues is to say: these matter, and you can do something about them.
Publisher : Wiley; 1st edition (January 25, 2023)
Language : English
Paperback : 352 pages
ISBN-10 : 1119895162
ISBN-13 : 978-1119895169
Item Weight : 12 ounces
Dimensions : 5.4 x 0.9 x 8.4 inches
There are no reviews yet.