A great security book, Security Engineering is now available online for free. The author, Ross Anderson, convinced Wiley to make it available so that as many people as possible can have access.

Bruce Schneier is quoted `If you’re even thinking of doing any security engineering, you need to read this book’. I’d go further and extend this to any kind of engineering. I think it’s one of those rare books that pretty much everyone involved in computers or technology in general should read (another might be Brooks’ The Mythical Man Month). Security Engineering is packed with knowledge and deep insight across a wide range of topics. It’s also comprehensively referenced, making it a great stepping off point for further study.

For those interested in learning more about historical Mandatory Access Control, MLS and other advanced security models, the Multilevel Security chapter is worth reading. While only touching on Type Enforcement, it provides a lot of background material for understanding the historical context of SELinux.

Also, Ross has a blog.