[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The Laws (was the principles) of secure information systems design

On 12/07/16 22:52, Steve Kinney wrote:
Hash: SHA1

On 07/12/2016 05:19 PM, Peter Fairbrother wrote:
I've been revising the principles, and came up with this. It's an
early version.

The laws of secure information systems design:

Law 0: It's all about who is in control
Law 1: Someone else is after your data
Law 2: If it isn't there it can't be stolen
Law 3: Only those you trust can betray you

Law 4: Attack methods are many, varied, ever-changing and eternal
Law 5: The entire system is subject to attack
Law 6: A more complex system has more places to attack
Law 7: Openings for good guys are openings for bad guys too

Law 8: Kerckhoffs's Principle rules
Law 9: A system which is hard to use will be abused or unused
law 10: Design for future threats
Law 11: Security is a Boolean

Law 12: People offering the impossible are lying
Law 13: Nothing ever really goes away
Law 15: "Schneier's law c" holds illimitable dominion over all... including these laws

I call these "Network Security Axioms."  You will recognize most of
them, I am sure.  A couple are originals.

Yes, I especially recognise 1,2, 7-11.

If you don't mind, I might include something with 8 and 9: as-is the "Laws" are a bit too theoretical, and too skewed towards security over availability.

I have always regarded the "Principles", soon to be "Laws", as mostly widespread and preexisting, and more of a communal than an individual effort - (revised) two come from Schneier, one from Satoshi, two from Jerry Leichter, several others are just well-known homilies recast - with myself more as an editor and arranger than anything else.

In fact I would like to see them written so as to be applicable to all systems, not just especially secure systems, or systems which have to be secure.

But that is even harder...

-- Peter Fairbrother

Everything is under control; your control or someone else's.

A trusted system is one that can break your security model.

A hardened perimeter is easily broken; a hardened system, not so much.

The laws of nations are easily broken; the laws of physics, not so much.

In God we trust, all others provide full source code for peer review.

Given enough observers, all bugs are shallow.

To make a system stronger, attack it.

Physical access can compromise any network security model.

A failed data backup may cost more than a successful break-in.

An unexamined assumption is a ticking time bomb.

User refusal is the principal barrier to secure networking.

Three years old, but holding up fairly well:

Version: GnuPG v2.0.22 (GNU/Linux)