[Cryptography] The Laws (was the principles) of secure information systems design
Peter Fairbrother
peter at m-o-o-t.org
Wed Jul 13 20:37:50 EDT 2016
On 13/07/16 16:03, Brian Gladman wrote:
> On 12/07/2016 21:30, Peter Fairbrother wrote:
>> I've been revising the principles, and came up with this. It's an early
>> version.
>>
>> As ever, corrections and suggestions are welcome.
>>
>> Calling them Laws is perhaps a bit overreaching - but on reflection I
>> thought that's mostly what they are, break them and the system won't be
>> secure.
>>
>> I will put the Laws up on the 'net shortly, hopefully with a link for
>> suggestions and comments.
>
> I don't think it qualifies as a law but I have always liked the phrase
> "two's company, three's a crowd" given how may countries seem to want
> three people in all conversations when two will do very nicely for those
> who seek privacy and security.
:)
> I also believe you can have at most two of security, functionality and
> scale in any system but not all three.
I was thinking about modifying #6: "A more complex system has more
places to attack" to:
#6: "A larger system has more places to attack"
Larger in the sense of more complex, more complicated, with more
"features" - but also larger in the sense of scale of deployment.
I have to get more about functionality and security vs functionality in
somewhere as well, the present list is too skewed towards security.
Other maybes:
The security of a secret is inversely proportional to the square of the
number of people who know, or can access, it.
security always favors the attacker (needs rewriting)
System design decides whether security is cheap and effective
A good system designer is better qualified to make a security choice
than any user (needs rewriting, better able to decide eg security
levels, methodologies - present the average user with a list of security
choices and he won't have a clue)
ignoring failure costs, the upfront and operating costs of well-designed
secure systems are about the same as those of insecure ones
it _is_ a battle
-- Peter
More information about the cryptography
mailing list