[Cryptography] What do we mean by Secure?
alex at alten.org
alex at alten.org
Mon Feb 9 23:38:27 EST 2015
> Quoting Kent Borg <kentborg at borg.org>:
>
>> On 02/09/2015 02:08 AM, alex at alten.org wrote:
>>> For myself security is just another engineering domain, like software
>>> or electrical engineering.
>>
>> There is that--your engineering could be great.
>>
>> But there are a couple of crucial differences.
>>
>> First, exactly where you draw the boundary of your system matters.
> ...
>> The second difference is that, unlike orderly data and predictably
>> charged electrons, you have active, clever, adaptive, and malicious
>> foes who are looking for holes in your design and
>> implementation--and they are trying to shift the system boundaries
>> to create new holes--trying to make a shift that destroys your
>> otherwise your perfect security.
> ...
>
I was re-reading my reply and realized I had missed a key point you
made about having clever humans trying to break into your system. This
malicious human aspect is actually a really key difference between
Security engineering and other engineering disciplines.
To me the answer is to provide your humans (security officers or police)
the tools to deal with those foes. Thus you need to give them tools
for real-time detection and after-the-fact forensics. Banks catch a
lot of (insider) thieves by reconciling books from different locations.
- Alex
--
Alex Alten
alex at alten.org
More information about the cryptography
mailing list