The Laws (was the principles) of secure information systems design

Steve Kinney admin at
Tue Jul 12 14:52:56 PDT 2016

Hash: SHA1

On 07/12/2016 05:19 PM, Peter Fairbrother wrote:
> I've been revising the principles, and came up with this. It's an
> early version.

 [ ... ]

> The Laws of secure information systems design:
> Law 0: It's all about who is in control Law 1: Someone else is
> after your data Law 2: If it isn't stored it can't be stolen Law 3:
> Only those you trust can betray you Law 4: Attack methods are many,
> varied, ever-changing and eternal Law 5: The entire system is
> subject to attack Law 6: A more complex system has more places to
> attack Law 7: Holes for good guys are holes for bad guys too Law 8:
> Kerckhoffs's Principle rulez! - usually... Law 9: A system which is
> hard to use will be abused or unused law 10: Design for future
> threats Law 11: Security is a Boolean Law 12: People offering the
> impossible are lying Law 13: Nothing ever really goes away Law 15:
> "Schneier's law c" [1] holds illimitable dominion over all... 
> including these laws

I call these "Network Security Axioms."  You will recognize most of
them, I am sure.  A couple are originals.

Everything is under control; your control or someone else's.

A trusted system is one that can break your security model.

A hardened perimeter is easily broken; a hardened system, not so much.

The laws of nations are easily broken; the laws of physics, not so much.

In God we trust, all others provide full source code for peer review.

Given enough observers, all bugs are shallow.

To make a system stronger, attack it.

Physical access can compromise any network security model.

A failed data backup may cost more than a successful break-in.

An unexamined assumption is a ticking time bomb.

User refusal is the principal barrier to secure networking.

Three years old, but holding up fairly well:

Version: GnuPG v2.0.22 (GNU/Linux)


More information about the cypherpunks mailing list