The Laws (was the principles) of secure information systems design

Peter Fairbrother peter at m-o-o-t.org
Tue Jul 12 16:17:42 PDT 2016


On 12/07/16 22:52, Steve Kinney wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/12/2016 05:19 PM, Peter Fairbrother wrote:
>> I've been revising the principles, and came up with this. It's an
>> early version.

The laws of secure information systems design:

Law 0: It's all about who is in control
Law 1: Someone else is after your data
Law 2: If it isn't there it can't be stolen
Law 3: Only those you trust can betray you

Law 4: Attack methods are many, varied, ever-changing and eternal
Law 5: The entire system is subject to attack
Law 6: A more complex system has more places to attack
Law 7: Openings for good guys are openings for bad guys too

Law 8: Kerckhoffs's Principle rules
Law 9: A system which is hard to use will be abused or unused
law 10: Design for future threats
Law 11: Security is a Boolean

Law 12: People offering the impossible are lying
Law 13: Nothing ever really goes away
Law 15: "Schneier's law c" holds illimitable dominion over all... 
including these laws


> I call these "Network Security Axioms."  You will recognize most of
> them, I am sure.  A couple are originals.

Yes, I especially recognise 1,2, 7-11.

If you don't mind, I might include something with 8 and 9: as-is the 
"Laws" are a bit too theoretical, and too skewed towards security over 
availability.

I have always regarded the "Principles", soon to be "Laws", as mostly 
widespread and preexisting, and more of a communal than an individual 
effort - (revised) two come from Schneier, one from Satoshi, two from 
Jerry Leichter, several others are just well-known homilies recast - 
with myself more as an editor and arranger than anything else.

In fact I would like to see them written so as to be applicable to all 
systems, not just especially secure systems, or systems which have to be 
secure.

But that is even harder...


-- Peter Fairbrother


> Everything is under control; your control or someone else's.
>
> A trusted system is one that can break your security model.
>
> A hardened perimeter is easily broken; a hardened system, not so much.
>
> The laws of nations are easily broken; the laws of physics, not so much.
>
> In God we trust, all others provide full source code for peer review.
>
> Given enough observers, all bugs are shallow.
>
> To make a system stronger, attack it.
>
> Physical access can compromise any network security model.
>
> A failed data backup may cost more than a successful break-in.
>
> An unexamined assumption is a ticking time bomb.
>
> User refusal is the principal barrier to secure networking.
>
> Three years old, but holding up fairly well:
> http://pilobilus.net/comsec-101.html
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQEcBAEBAgAGBQJXhWa4AAoJEECU6c5Xzmuqg/YIAIqudvOHmV2r1n2fNzZCtMnO
> Hv9QhnwiWmer09SC6bZrDfX7U6hr/M2/nEn5d8aqrypZV4PYpZRYxW5ld3FEVU1Z
> HCQAP+zTEZGxBuZIzHAcniUfDrH5lCvCt9PBMOkrfrV6xh5kqbLoTSpWFcOYunnI
> 5MUXTFX3MqjwbvG1m7ObKYXWMBLUxII+pHhPbKN9NgxiHXUaJVdvl1lMs/z+inUM
> vUTyjj9EASqUcfGNykdFamEmIDyEh4+K2z2nlt7mneKzv+vXGpcEa2ZqroDl+1a/
> ozFTivDR7vBJmsCdnlLcPbwNkGtSMzRiveV216q4zT9WidoZMQpMwodEBgVOY8c=
> =1Rre
> -----END PGP SIGNATURE-----
>




More information about the cypherpunks mailing list