[Cryptography] The Laws (was the principles) of secure information systems design
Kent Borg
kentborg at borg.org
Sun Jul 17 12:38:48 EDT 2016
On 07/15/2016 10:31 PM, Rick Smith, Cryptosmith wrote:
> For comparison, take a look at this article:
>
> https://cryptosmith.com/2013/10/19/security-design-principles/
Very interesting. (I like "open design" as a simple term-of-art, gotta
start over-using that.)
What I think is still missing among the interesting details of the trees
is the idea of being explicit about the forest and understanding its
definition and boundaries.
Seems a bit like talking about tactics and strategies of war, without
explicitly discussing particulars of lines of control. (I don't remember
Sun Tsu addressing the five-fold-nature-of-battle-lines, was it there?)
Leaving this as an individual exercise for your officers and soldiers
seems inefficient. Similarly, leaving this unspoken in terms of computer
security seems lacking.
-kb, the Kent who has never been in the military and freely admits he is
tossing out a metaphor he doesn't understand.
P.S. Heck, if nothing else the scene in the old war movie with big map,
a contained buzz of quiet activity including calm subordinates using
rakes to adjust tiny model armies and armadas, is such a powerful
visual. What with all the movies involving cyber-intrigue these days,
Hollywood needs this metaphor to make us better entertainment. I'm
getting sick of meaningless monospaced ASCII whizzing by too fast
indicating "important computer stuff you wouldn't understand".
P.P.S. My earlier rant on this, if anyone missed it and doesn't know
what I am talking about:
http://www.metzdowd.com/pipermail/cryptography/2016-July/029750.html
More information about the cryptography
mailing list