[Cryptography] What do we mean by Secure?

Bill Frantz frantz at pwpconsult.com
Mon Feb 9 01:56:00 EST 2015 

On 2/8/15 at 9:16 PM, amccullagh at live.com (Adrian McCullagh) wrote:

>Obviously, Yourdan’s was making a point that a really secure system is unrealistic and uncommercial.

I certainly hope Yourdan was wrong. If he is right, we need to 
keep our computers as game machines only and go back to paper 
for anything where there is real value to be stolen. But, I know 
we can do a lot better than we have.


>I also remember Professor Bill Caelli once telling me that the 
>US Navy had developed an A1 (TCSEC) operating system in the 
>1970’s but unfortunately it was entirely unusable and was 
>later abandoned.  Compromise has to be taken and it really 
>depends on each situation.  The real problem is that most 
>organisations do not undertake the basic risk assessment to 
>understand what their respective risk appetite is.

These TCSEC systems never addressed the problems of data 
sharing. They were designed to follow the US military policies, 
which were unsuitable for the needs of commercial enterprises.

They were also probably unsuitable for military needs as well. 
An example is how you share information with allies. Detail 
weather forecasts are a real-world example.

My favorite A1 story comes from an A1 system which was 
discovered to have a big covert channel. However it still met 
all the Orange Book criteria. One of the designers of the system 
was heard to say, "I don't want to call is secure, I just want 
to call it A1." The moral of this story is that it is really 
hard to enumerate all the attacks that haven't been invented yet.

>In not understanding their respective risk appetite they are not is a position to ever know whether the so called secure system fits within their respective position.

This thought seems more oriented toward how much assurance you 
have that the system actually implements the policy under 
attack, rather than my main interest in this thread: Whether the 
system can implement reasonable policies, and what are 
reasonable policies anyway.

If this thought means how much deviation is from their ideal 
policy due to implementation constraints is a organization 
willing to tolerate, then this statement addresses my topic.


On 2/8/15 at 6:42 PM, andreas.junius at gmail.com (Andreas Junius) wrote:

>I think software is secure if it does what it is supposed to 
>do, nothing else, nothing unintentional. Most attacks probably 
>try to trigger some unintended behaviour using malicious (i.e. 
>unexpected) input. Considering all sources of input for a 
>program, it'll be a broad subject and it's obviously hard to achieve.

Well, the Microsoft autorun feature for floppy disks and flash 
drives did exactly what it was supposed to do and was one of the 
bigest security problems of a system that was rife with problems.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | Truth and love must prevail  | Periwinkle
(408)356-8506      | over lies and hate.          | 16345 
Englewood Ave
www.pwpconsult.com |               - Vaclav Havel | Los Gatos, 
CA 95032

More information about the cryptography mailing list