[Cryptography] What do we mean by Secure?
Stephan Neuhaus
stephan.neuhaus at zhaw.ch
Mon Feb 9 02:45:12 EST 2015
On 2015-02-08 03:42, Andreas Junius wrote:
> I think software is secure if it does what it is supposed to do, nothing
> else, nothing unintentional.
I think that may be a bit too strong, in the sense that you probably can
make any reasonably complex software do something unintentional.
I like Dan Geer's definition: "Security is the absence of unmitigatable
surprises". This covers, in one neat sentence, many aspects, for example:
* Most currently deployed systems have no formal specification (or could
be equipped with one in reasonable time), hence there are, strictly
speaking, no bugs, just surprises.
* As said above, you can probably make any reasonably complex software
do something unintentional, but "unintentional" isn't the problem,
really, because "unintentional" doesn't necessarily mean "bad". The
problem is, can you do something about unintentional behaviour when you
find out that it's also bad?
Fun,
Stephan
More information about the cryptography
mailing list