system reliability -- Re: titles
Ed Gerck
egerck at nma.com
Fri Aug 27 03:12:57 EDT 2004
David Honig wrote:
> "Applications can't be any more secure than their
> operating system." -Bram Cohen
That sounds cute but I believe it is incorrect. Example: error-
correcting codes. The theory of error-correcting codes allows
information to be coded so that it can be recovered even after
significant corruption. This allows, for example, for
_secret-sharing_ with multiple systems so that no operating
system platform has enough information or enough power to even
allow a compromise. Such an application can be much more secure
than any operating system supporting it.
RAID is another example of a realiable system that is made out
of unreliable parts.
The human application of these principles is well-known in
information security and also supports the examples above. Humans
are notorious for breaking security systems. Humans are the
wetware equivalent of an operating system. A common solution for
the risk presented by humans is also _secret-sharing_: No person
may have access to classified information unless the person has
the appropriate security clearance and a need-to-know.
What this means is that the search for the "perfect" operating
system as the solution to security is backwards.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list