[Cryptography] What do we mean by Secure?

[Phillip Hallam-Baker]

On Sat, Feb 7, 2015 at 7:05 PM, Bill Frantz <frantz at pwpconsult.com> wrote:

> On 2/6/15 at 3:10 PM, kentborg at borg.org (Kent Borg) wrote:
>
>  Ah, but then one would have to stop and figure out what one is trying to
>> do...damn! Can't I just ask for Wholesome Apple Pie and be done?
>>
>
> The more I hear people talk about making thing secure, the more I hope
> they will explain what they mean by secure. What I mean, in the broadest
> sense, is "Bad Things Won't Happen". Now this is a bit over nebulous. :-)
>
> In general, we think computers should enforce a policy. But what policy?
> When I ask this question, the answer I generally get is, "Any policy you
> want". But there are many policies we can't implement with our current
> security mechanisms.
>
> On our home computers, my wife and my security policy is that both of us
> should have full ownership permissions on all of our files since the owner
> is the only one who can change certain meta-data, like who can access the
> file.. However, on our Unix based systems, a file can have only one owner.
> Our solution is to share accounts. As far as the computer is concerned,
> there is only one of us.)
>

This is the wrong policy. You are never going to open those files, nor is
your wife. You don't speak binary.

Applications are going to open those files and what matters is that one
application does not go rogue.

We have the wrong metaphor for applications. They are not static objects,
they are zombies or gollems . We can give them tasks, but their true
masters are the wizards that originally brought them to life by their
incantations.


Of course, I don't know of any system that would make such a policy viable.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150209/2019cd08/attachment.html>