Scope of computer security
What is security? Security is the definition and fulfillment of a set of requirements detailing all the:
- legitimate operations which are available to entitled actors
- illegitimate operations which are denied to all other actors
Where an actor is an object or a user and reassignment of operations is itself just an operation.
The first item is integral to and is the most important part of security. It is wrong to think that security deals only with the latter and that the former are merely functional requirements. It is wrong to think that there is a fundamental distinction between the two. Every defensive security requirement can be expressed as an assertive security guarantee. For example, "nobody but me should have access to my bank account" can be restated as "if I put X euros into my bank account then it must always be possible for me to withdraw X euros afterwards". The reverse is probably false.
Delineating a set of self-consistent, realistic, useable and powerful security requirements is part of security. Analyzing the properties of security requirements is part of security.
Moved material related to dealing with security related problems to ComputerSecurityIsnt
Theory of computer security
The two main concepts of computer security are access security
and content security
s are concerned with access security. Cryptography is concerned with content security. The theories behind both are independent, orthogonal, disparate and very well-developed. Even in cases where you have both aspects the two aspects can be easily and completely separated.
Consider for example encrypted passwords. A password is just content in a different medium from the one it provides access to, and as content it can be encrypted or unencrypted independently of its being a capability, of its property of giving access to the other medium.
The application of these concepts is governed by confinement
, subdivided again into access confinement and content (aka information) confinement. The latter involves things like information leaking through covert channels. Plugging information leaks is fairly standard but identifying them is a different matter entirely. I don't know of any theory of (identifying) covert channels.
Typically, information leaks occur due to unsecured meta-information; covert channels are meta to some normal channel. For example, if you have paged memory as a channel then you also get a page fault meta-channel. So people can communicate outside of paged memory by using the rate of page faults to convey information. Another example is the header information in IP datagrams or TCP segments. Both provide content, which is obvious and can be easily secured using standard cryptographic techniques, but also meta-content which is far from obvious and much more difficult to secure.
The application of cryptography to computation (algorithms) as opposed to storage or communication (a special kind of storage) is called obfuscation
. As far as anyone knows, obfuscation is impossible. People used
to think that obfuscation was a much easier special case of cryptography, back before public key cryptography was invented, but not anymore.
That was never generally agreed to be the case. It used to be frequent to hear unsubstantiated claims that obfuscation was really effective, but there have always been people skilled at unobfuscation and reverse engineering, right from the beginning, and if you'd ever asked them their opinion (the logical people to ask), they'd never have supported those claims -- which BTW were most often made by commercial concerns who had a vested interest in making the claims
- On The Impossibility of Obfuscating Programs http://www.math.ias.edu/~boaz/Papers/obfuscate.html
- The way I read the impossiblity result, it is more about the impossiblity of general purpose obfuscators (i.e. those who wuill obfuscate any program). I don't think it applies to special purpose obfuscation schemes, designed to obfuscate particular programs.
Overview of computer security
The National Institute of Standards and Technology provides a good overview of computer security at this location: http://csrc.nist.gov/publications/nistpubs/800-12/800-12-html/index.html
. I found it well organized and easy to follow.
Reference Model and application
Note that OpenSystemsInterconnect
has absolutely nothing to do with security. Hell, it's not even a reference for networking.
Overview and introductory resources
The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn't stake my life on it.
Using encryption on the Internet is the equivalent of arranging an armoured car to deliver information from someone living in a cardboard box to someone living on a park bench.
-- Gene Spafford (http://homes.cerias.purdue.edu/~spaf/quotes.html
Sadly, the first quote exemplifies a common misconception of security. In actuality, a system which doesn't let you perform legitimate operations to which you are entitled is insecure
. A computer that's switched off is completely, totally, perfectly and pathologically insecure. It's the most insecure system theoretically imaginable.
Of course, this is only obvious when you think about the meaning of 'security' in 'food security', 'financial security', and others, as opposed to the state where all your enemies are dead.
That is of course why Spafford's silly scenario is so ironic; it would be a case of cutting your nose to spite your face; completely misguided.
Merge with misnamed ComputerSecurityIsImpossible
- Disagree. The page ComputerSecurityIsImpossible is not designed for people wanting to know what security is all about, it may be useful as a further reading later on
- Its purpose was exactly that, and it contains content relevant to that. Especially security vs insecurity.
See SecurityIsHard WebApplicationSecurity