[Cryptography] Secure erasure

Kent Borg kentborg at borg.org
Tue Sep 13 20:27:34 EDT 2016


On 09/13/2016 03:21 PM, Jerry Leichter wrote:
> So the alternative is to look elsewhere: Security is a *system* 
> property, just like reliability

Yes! Security and reliability are closely wrapped in each other. We need 
one to get the other.

> we need to build secure systems out of insecure components. 

Hard to do, but if we define the component boundaries, there is a 
possibility of carefully composing them into a larger system that has 
some hope. Even Target's PoS system *might* have been secure, had it 
been on an isolated network, but they didn't know if that be so, and 
they probably still don't know.

A religious faith in firewalls and intrusion detection systems distracts 
everyone. We heard a lot about Target ignoring their intrusion detection 
system, but did we hear much about their PoS system being a PoS?

> Though as far as we can tell, there needs to be more of a secure core 
> to bootstrap with than a reliable core.

When we can neither trust the chips nor trust UPS to deliver them 
without further tampering, there are lots of holes, but the way we build 
systems adds more.

-kb, the Kent who repeats Jerry Leichter: "Security is a *system* 
property".


More information about the cryptography mailing list