The Laws (was the principles) of secure information systems design
I've been revising the principles, and came up with this. It's an early version. As ever, corrections and suggestions are welcome. Calling them Laws is perhaps a bit overreaching - but on reflection I thought that's mostly what they are, break them and the system won't be secure. I will put the Laws up on the 'net shortly, hopefully with a link for suggestions and comments. The Laws of secure information systems design: Law 0: It's all about who is in control Law 1: Someone else is after your data Law 2: If it isn't stored it can't be stolen Law 3: Only those you trust can betray you Law 4: Attack methods are many, varied, ever-changing and eternal Law 5: The entire system is subject to attack Law 6: A more complex system has more places to attack Law 7: Holes for good guys are holes for bad guys too Law 8: Kerckhoffs's Principle rulez! - usually... Law 9: A system which is hard to use will be abused or unused law 10: Design for future threats Law 11: Security is a Boolean Law 12: People offering the impossible are lying Law 13: Nothing ever really goes away Law 15: "Schneier's law c" [1] holds illimitable dominion over all... including these laws -- Peter Fairbrother [1] " a: Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. It's not even hard. b: What is hard is creating an algorithm that no one else can break, even after years of analysis. c: And the only way to prove that is to subject the algorithm to years of analysis by the best cryptographers around."
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/12/2016 05:19 PM, Peter Fairbrother wrote:
I've been revising the principles, and came up with this. It's an early version.
[ ... ]
The Laws of secure information systems design:
Law 0: It's all about who is in control Law 1: Someone else is after your data Law 2: If it isn't stored it can't be stolen Law 3: Only those you trust can betray you Law 4: Attack methods are many, varied, ever-changing and eternal Law 5: The entire system is subject to attack Law 6: A more complex system has more places to attack Law 7: Holes for good guys are holes for bad guys too Law 8: Kerckhoffs's Principle rulez! - usually... Law 9: A system which is hard to use will be abused or unused law 10: Design for future threats Law 11: Security is a Boolean Law 12: People offering the impossible are lying Law 13: Nothing ever really goes away Law 15: "Schneier's law c" [1] holds illimitable dominion over all... including these laws
I call these "Network Security Axioms." You will recognize most of them, I am sure. A couple are originals. Everything is under control; your control or someone else's. A trusted system is one that can break your security model. A hardened perimeter is easily broken; a hardened system, not so much. The laws of nations are easily broken; the laws of physics, not so much. In God we trust, all others provide full source code for peer review. Given enough observers, all bugs are shallow. To make a system stronger, attack it. Physical access can compromise any network security model. A failed data backup may cost more than a successful break-in. An unexamined assumption is a ticking time bomb. User refusal is the principal barrier to secure networking. Three years old, but holding up fairly well: http://pilobilus.net/comsec-101.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXhWa4AAoJEECU6c5Xzmuqg/YIAIqudvOHmV2r1n2fNzZCtMnO Hv9QhnwiWmer09SC6bZrDfX7U6hr/M2/nEn5d8aqrypZV4PYpZRYxW5ld3FEVU1Z HCQAP+zTEZGxBuZIzHAcniUfDrH5lCvCt9PBMOkrfrV6xh5kqbLoTSpWFcOYunnI 5MUXTFX3MqjwbvG1m7ObKYXWMBLUxII+pHhPbKN9NgxiHXUaJVdvl1lMs/z+inUM vUTyjj9EASqUcfGNykdFamEmIDyEh4+K2z2nlt7mneKzv+vXGpcEa2ZqroDl+1a/ ozFTivDR7vBJmsCdnlLcPbwNkGtSMzRiveV216q4zT9WidoZMQpMwodEBgVOY8c= =1Rre -----END PGP SIGNATURE-----
On 12/07/16 22:52, Steve Kinney wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/12/2016 05:19 PM, Peter Fairbrother wrote:
I've been revising the principles, and came up with this. It's an early version.
The laws of secure information systems design: Law 0: It's all about who is in control Law 1: Someone else is after your data Law 2: If it isn't there it can't be stolen Law 3: Only those you trust can betray you Law 4: Attack methods are many, varied, ever-changing and eternal Law 5: The entire system is subject to attack Law 6: A more complex system has more places to attack Law 7: Openings for good guys are openings for bad guys too Law 8: Kerckhoffs's Principle rules Law 9: A system which is hard to use will be abused or unused law 10: Design for future threats Law 11: Security is a Boolean Law 12: People offering the impossible are lying Law 13: Nothing ever really goes away Law 15: "Schneier's law c" holds illimitable dominion over all... including these laws
I call these "Network Security Axioms." You will recognize most of them, I am sure. A couple are originals.
Yes, I especially recognise 1,2, 7-11. If you don't mind, I might include something with 8 and 9: as-is the "Laws" are a bit too theoretical, and too skewed towards security over availability. I have always regarded the "Principles", soon to be "Laws", as mostly widespread and preexisting, and more of a communal than an individual effort - (revised) two come from Schneier, one from Satoshi, two from Jerry Leichter, several others are just well-known homilies recast - with myself more as an editor and arranger than anything else. In fact I would like to see them written so as to be applicable to all systems, not just especially secure systems, or systems which have to be secure. But that is even harder... -- Peter Fairbrother
Everything is under control; your control or someone else's.
A trusted system is one that can break your security model.
A hardened perimeter is easily broken; a hardened system, not so much.
The laws of nations are easily broken; the laws of physics, not so much.
In God we trust, all others provide full source code for peer review.
Given enough observers, all bugs are shallow.
To make a system stronger, attack it.
Physical access can compromise any network security model.
A failed data backup may cost more than a successful break-in.
An unexamined assumption is a ticking time bomb.
User refusal is the principal barrier to secure networking.
Three years old, but holding up fairly well: http://pilobilus.net/comsec-101.html
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJXhWa4AAoJEECU6c5Xzmuqg/YIAIqudvOHmV2r1n2fNzZCtMnO Hv9QhnwiWmer09SC6bZrDfX7U6hr/M2/nEn5d8aqrypZV4PYpZRYxW5ld3FEVU1Z HCQAP+zTEZGxBuZIzHAcniUfDrH5lCvCt9PBMOkrfrV6xh5kqbLoTSpWFcOYunnI 5MUXTFX3MqjwbvG1m7ObKYXWMBLUxII+pHhPbKN9NgxiHXUaJVdvl1lMs/z+inUM vUTyjj9EASqUcfGNykdFamEmIDyEh4+K2z2nlt7mneKzv+vXGpcEa2ZqroDl+1a/ ozFTivDR7vBJmsCdnlLcPbwNkGtSMzRiveV216q4zT9WidoZMQpMwodEBgVOY8c= =1Rre -----END PGP SIGNATURE-----
participants (2)
-
Peter Fairbrother -
Steve Kinney