[Cryptography] The Laws (was the principles) of secure information systems design

Peter Fairbrother peter at m-o-o-t.org
Sat Jul 16 15:17:58 EDT 2016 

On 16/07/16 03:31, Rick Smith, Cryptosmith wrote:
> For comparison, take a look at this article:
>
> https://cryptosmith.com/2013/10/19/security-design-principles/

Thanks, a very interesting link.

However most of my list aren't in there - I think they are somehow more 
fundamental, more universally applicable somehow.

> … which looks at various attempts to codify security design
> principles. It’s a long version of an IEEE S&P article from 12/2012.
> The article starts with Saltzer and Schroeder’s list(s) developed
> during the Multics project. The online version includes a lot of
> less-interesting detail about  national and international attempts to
> draft a ‘complete’ list in the late ‘90s. The efforts eventually
> burned out with few satisfactory results.
>
> Personally, I see no point to drafting a master list of principles.

Sun Tsu - The Art of War?

I don't expect to get there, but..


> Such lists can be useful for specific things - my textbook has a list
> of principles, but it’s purely a pedagogical tool and not an
> engineering tool.

I'd argue, strongly, that The Art of War is an engineering tool.

Perhaps not perfect, nor universally applicable (though I have never 
found a situation where it is inapplicable) - but a d**n useful tool.

For my list, I'd like to see it as a tool as well - break one and you 
break security, follow them and you'll be secure.

Of course I'm nowhere near getting there, but that is another, perhaps 
the, goal.


> A useful list has to be short and pithy. A ‘complete’ list will be
> too long. It will also hit different levels of abstraction, making it
> really hard for different people to interpret.
>
> Just my two cents.

Valued.

Revised list below


-Peter Fairbrother



Revised list 16 Jul 2016:


The laws of secure information systems design:



Law 0: It's all about who is in control

Law 1: Someone else is after your data

Law 2: It can't be stolen if it isn't there

Law 3: Only those you trust can betray you




Law 4: Attack methods are many, varied, ever-changing and eternal

Law 5: The entire system is subject to attack

Law 6: A larger system has more places to attack

Law 7: Openings for good guys are openings for bad guys too




Law 8: Kerckhoffs's Principle usually rules

Law 9: A system which is hard to use will be abused or unused

law 10: Design for future threats


-------------- to be revised:


Law 15: "Schneier's law" holds illimitable dominion over all... 
including these laws

Part d of


a)"Anyone, from the most clueless amateur to the best cryptographer, can 
create an algorithm that he himself can't break. It's not even hard.

b)What is hard is creating an algorithm that no one else can break, even 
after years of analysis.

c) And the only way to prove that is to subject the algorithm to years 
of analysis by the best cryptographers around. "

d) years of analysis by the best cryptographers around helps ... but 
doesn't actually prove anything. For good or bad reasons the best 
cryptographers around might be lying about their results; there may be 
better cryptographers elsewhere; a really good cryptographer may have 
inserted an indetectable backdoor long before the best cryptographers 
around got to looking .. not to mention attacks against the actual, or 
all possible/practical, implementations, rather that attacks directly 
against the algorithm.




--------- bubbling under:

As system designer it's your job to make security choices, not the user's

big secrets, little secrets - treat them all the same . so an attacker 
can't tell the difference, and neither can you, or anybody else.

confidentiality integrity assurance

your bad security affects others

_security always favors the attacker_

defense in depth

System design decides whether security is cheap and effective

Belt-and-braces defence in depth can decrease brittleness, but to be 
effective, each layer must be individually capable of defending the system.


-------- unsure of their place:

Law 11: Security is a Boolean

Law 12: People offering the impossible are lying

Law 13: in code, Nothing ever really goes away

More information about the cryptography mailing list