[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The Laws (was the principles) of secure information systems design
On 12/07/16 22:52, Steve Kinney wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On 07/12/2016 05:19 PM, Peter Fairbrother wrote:
I've been revising the principles, and came up with this. It's an
The laws of secure information systems design:
Law 0: It's all about who is in control
Law 1: Someone else is after your data
Law 2: If it isn't there it can't be stolen
Law 3: Only those you trust can betray you
Law 4: Attack methods are many, varied, ever-changing and eternal
Law 5: The entire system is subject to attack
Law 6: A more complex system has more places to attack
Law 7: Openings for good guys are openings for bad guys too
Law 8: Kerckhoffs's Principle rules
Law 9: A system which is hard to use will be abused or unused
law 10: Design for future threats
Law 11: Security is a Boolean
Law 12: People offering the impossible are lying
Law 13: Nothing ever really goes away
Law 15: "Schneier's law c" holds illimitable dominion over all...
including these laws
I call these "Network Security Axioms." You will recognize most of
them, I am sure. A couple are originals.
Yes, I especially recognise 1,2, 7-11.
If you don't mind, I might include something with 8 and 9: as-is the
"Laws" are a bit too theoretical, and too skewed towards security over
I have always regarded the "Principles", soon to be "Laws", as mostly
widespread and preexisting, and more of a communal than an individual
effort - (revised) two come from Schneier, one from Satoshi, two from
Jerry Leichter, several others are just well-known homilies recast -
with myself more as an editor and arranger than anything else.
In fact I would like to see them written so as to be applicable to all
systems, not just especially secure systems, or systems which have to be
But that is even harder...
-- Peter Fairbrother
Everything is under control; your control or someone else's.
A trusted system is one that can break your security model.
A hardened perimeter is easily broken; a hardened system, not so much.
The laws of nations are easily broken; the laws of physics, not so much.
In God we trust, all others provide full source code for peer review.
Given enough observers, all bugs are shallow.
To make a system stronger, attack it.
Physical access can compromise any network security model.
A failed data backup may cost more than a successful break-in.
An unexamined assumption is a ticking time bomb.
User refusal is the principal barrier to secure networking.
Three years old, but holding up fairly well:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
-----END PGP SIGNATURE-----