[Cryptography] The Laws (was the principles) of secure information systems design
Peter Fairbrother
peter at m-o-o-t.org
Sat Jul 16 15:17:58 EDT 2016
On 16/07/16 03:31, Rick Smith, Cryptosmith wrote:
> For comparison, take a look at this article:
>
> https://cryptosmith.com/2013/10/19/security-design-principles/
Thanks, a very interesting link.
However most of my list aren't in there - I think they are somehow more
fundamental, more universally applicable somehow.
> … which looks at various attempts to codify security design
> principles. It’s a long version of an IEEE S&P article from 12/2012.
> The article starts with Saltzer and Schroeder’s list(s) developed
> during the Multics project. The online version includes a lot of
> less-interesting detail about national and international attempts to
> draft a ‘complete’ list in the late ‘90s. The efforts eventually
> burned out with few satisfactory results.
>
> Personally, I see no point to drafting a master list of principles.
Sun Tsu - The Art of War?
I don't expect to get there, but..
> Such lists can be useful for specific things - my textbook has a list
> of principles, but it’s purely a pedagogical tool and not an
> engineering tool.
I'd argue, strongly, that The Art of War is an engineering tool.
Perhaps not perfect, nor universally applicable (though I have never
found a situation where it is inapplicable) - but a d**n useful tool.
For my list, I'd like to see it as a tool as well - break one and you
break security, follow them and you'll be secure.
Of course I'm nowhere near getting there, but that is another, perhaps
the, goal.
> A useful list has to be short and pithy. A ‘complete’ list will be
> too long. It will also hit different levels of abstraction, making it
> really hard for different people to interpret.
>
> Just my two cents.
Valued.
Revised list below
-Peter Fairbrother
Revised list 16 Jul 2016:
The laws of secure information systems design:
Law 0: It's all about who is in control
Law 1: Someone else is after your data
Law 2: It can't be stolen if it isn't there
Law 3: Only those you trust can betray you
Law 4: Attack methods are many, varied, ever-changing and eternal
Law 5: The entire system is subject to attack
Law 6: A larger system has more places to attack
Law 7: Openings for good guys are openings for bad guys too
Law 8: Kerckhoffs's Principle usually rules
Law 9: A system which is hard to use will be abused or unused
law 10: Design for future threats
-------------- to be revised:
Law 15: "Schneier's law" holds illimitable dominion over all...
including these laws
Part d of
a)"Anyone, from the most clueless amateur to the best cryptographer, can
create an algorithm that he himself can't break. It's not even hard.
b)What is hard is creating an algorithm that no one else can break, even
after years of analysis.
c) And the only way to prove that is to subject the algorithm to years
of analysis by the best cryptographers around. "
d) years of analysis by the best cryptographers around helps ... but
doesn't actually prove anything. For good or bad reasons the best
cryptographers around might be lying about their results; there may be
better cryptographers elsewhere; a really good cryptographer may have
inserted an indetectable backdoor long before the best cryptographers
around got to looking .. not to mention attacks against the actual, or
all possible/practical, implementations, rather that attacks directly
against the algorithm.
--------- bubbling under:
As system designer it's your job to make security choices, not the user's
big secrets, little secrets - treat them all the same . so an attacker
can't tell the difference, and neither can you, or anybody else.
confidentiality integrity assurance
your bad security affects others
_security always favors the attacker_
defense in depth
System design decides whether security is cheap and effective
Belt-and-braces defence in depth can decrease brittleness, but to be
effective, each layer must be individually capable of defending the system.
-------- unsure of their place:
Law 11: Security is a Boolean
Law 12: People offering the impossible are lying
Law 13: in code, Nothing ever really goes away
More information about the cryptography
mailing list