Re: Security & Obscurity: physical-world analogies

[Dave Aitel <dave () immunitysec com>]

On Thu, 2004-09-02 at 12:24, Peter Swire wrote:
>       Here are arguments for why it is useful to think systematically
> about the relationship between computer- and physical-security issues.
<snip>
> > Peter might be much better to concentrate on the realities and forget
> > about straw-man analogies.  What do you think?
>
>       I think there is a strong analytic similarity between a firewall
> and physical settings where guards are deciding whether to let
> people/trucks/etc. through a gate.
>
>       In both cases, the outsiders might be attackers who want to gain
> control over the system (physical attackers infiltrating and computer
> attackers seeking root control).
>
>       In both cases, the outsiders might be attackers who want to get
> information about the inside (physical attackers spying out the lay of
> the land and computer attackers downloading files or getting other
> information).
>
>       In both cases, there is "filtering" by the defenders.  Some
> entrants are excluded.  Some get more intensive screening.  The level of
> filtering varies with the perceived level of the threat.
>
>       Three reasons why studying physical and computer security
> together is useful.  First, at the level of analytic understanding, the
> paper tries to give a unified way to assess when openness is likely to
> help security (conditions closer to what the paper calls the Open Source
> paradigm) and when openness is likely to reveal vulnerabilities that
> create net problems (conditions closer to what the paper calls the
> Military paradigm).  A unified theory is an academic/intellectual gain.


The thing about a straw man is that it looks a LITTLE bit like a man,
but then it turns out not to be a man at all. A firewall is like a gate,
a service is like a window, and a server is like a house, etc. etc. But
you can't take two non-traitors and have them automatically combine
voltron-like into one super traitor on the back end of a gatehouse,
which you can do with a firewall or information filtering device.
There's just no good analogy for the real work of hacking that can apply
to a simplistic physical model. 


>       Second, policymakers in the government and management in
> companies have to decide, every day, what should be secret and what
> should be open.  Not everyone has time to read FD an hour a day to
> become expert in all these things!!  The paper tries to give a useful
> way for decisionmakers to get an approximation of what sorts of things
> should be disclosed.  A unified approach can help decisionmakers.

Or it can handicap them, because they're basing their decisions on an
incomplete, unverified model that doesn't correspond to reality.


Dave Aitel
Immunity, Inc.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html