[Cryptography] The Laws (was the principles) of secure information systems design
Tom Mitchell
mitch at niftyegg.com
Sat Jul 16 12:11:53 EDT 2016
On Fri, Jul 15, 2016 at 11:36 AM, Peter Fairbrother <peter at m-o-o-t.org>
wrote:
> On 14/07/16 17:42, Ron Garret wrote:
>
>>
>> On Jul 12, 2016, at 1:30 PM, Peter Fairbrother <peter at m-o-o-t.org>
>> wrote:
>>
>> Law 11: Security is a Boolean
>>>
>>
>> I vehemently disagree with this.
>>
>> Security is only meaningful with respect to a threat model
>
>
> ......
>
> is it secure
>
> - depends on your attack model
>
> what's an attack model?
Some failure can be random and unrelated to an attack.
i.e. someone noticed something odd.
Then that failure gets exploited to extract value that had
been protected.
Thus the need for protection in depth.
It should take multiple failures where multiple increases with
the value of the protected content.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160716/463b3add/attachment.html>
More information about the cryptography
mailing list