veryard projects - innovation for demanding change

security notions

notion finder
home page contact us
notion finder
other notions
on this page

[autonomic/autonomous] [firewall] [fortress] [guard/guarded] [immune/immunity] [impersonation] [inference control] [patch] [privacy] [secrecy/secret] [security] [trust] [vaccination]

 eTrendOnline - Glossary of Security Terms

Autonomic, Autonomous

Despite the similar names, these are contrasting notions.

Microsoft's notion of autonomous computing refers to secure (well-guarded) islands of computing in a hostile world - sometimes known as fortresses.

IBM's notion of autonomic computing refers to self-configuring, self-healing, self-optimizing and self-protecting systems, including capabilities similar to biological immune systems.


A system boundary or barrier that permits or denies access, depending on the identity of the source/destination of a message or transaction.

Normally doesn't deal with content.


A supposedly secure space, protected by barriers such as firewalls.
Veryard Project Papers Autonomous Computing

Guard, Guarded

A role associated with an attitude or state.  An attitude or state associated with a defensive role or position.

Immune, Immunity

see also Vaccination
A system of protection or self-protection, achieving a state of immunity
Veryard Project Papers Autonomic Computing


Pretending to be someone else. Sometimes this is done with malicious or fraudulent intent, either against the person whose identity is used or against a third party. (For example, if you use your friend's season ticket, you and she may be jointly defrauding the company issuing the season ticket.)

Sometimes impersonation may be relatively innocent or harmless. Authors frequently use pennames, especially if they want to write novels in more than one genre without confusing the reading public. I may use a false name when I register on a website, in an attempt to preserve my own privacy and to avoid further increasing the amount of spam I receive. And I always lie, on principle, when I'm asked for my mother's maiden name.

Sometimes impersonation may be contained within a context that somehow makes it okay. A London journalist wrote a regular column, which purported to be the diary of a well-known British politician. The politician sued, on the grounds that some readers might not recognize that it was a spoof. The debate was not about the content or legitimacy of the spoof itself, but how the spoof was framed - where and how it was published. (If it had been in a satire magazine, everyone would have known that it was a spoof, and the politician would have shrugged it off.)

Veryard Project Papers Identity
Internet Identity Theft

Inference Control

Preventing unauthorized people from using intelligent seaches and enquiries to penetrate confidentiality or privacy.

Note that inaccurate inference (intelligent guess) may be good enough for many purposes, and may be damaging enough to the security of systems - especially when combined with social attacks.

Veryard Project Papers Inference
Inference Control
Privacy and Confidentiality
The Raw and the Cooked


A local, temporary fix to a larger problem.  People attach nicotine patches to their arms, and leather patches to their sleeves.

Among other things, software patches are applied to close security loopholes in systems.  There are at least four problems with this:
People Don't Apply Patches Users and administrators are overwhelmed with patches, and they simply don't apply them.
Developers Forget Patches New versions of software may restore the loophole, because the patch has been forgotten.
Patchy Patches The patches themselves may be flawed - either failing to close the loophole properly, or introducing further problems and side-effects.
Patch Interference Multiple patches may interact in unpredictable ways - especially if the sequence of applying the patches is important.

In broader intervention however, the question isn't whether patches work, but whether we have any other choice.  Any finite and manageable intervention into a large complex system is necessarily a patch - at least from some perspective.  Although our fantasies and plans may be more grandiose, we can only make real changes in patches (components).

The challenge is to weave many patches (components) together into a coherent fabric (system).   This is where we need an organic approach - something akin to Christopher Alexander. 

Veryard Project Papers Organic Planning


"Privacy is something we should all get over having lost." [Scott McNealy, Sun Microsystems CEO]
Veryard Project Papers Privacy and Confidentiality

Who Owns Your Mother's Maiden Name?

Privacy and Granularity

Secrecy, Secret

In an electronic age, many secrets are provisional, contingent. Something you had long forgotten - a past indiscretion, a false rumour - can be posted on the Internet and disseminated around the world.

If you want to be elected to public office, or marry a Norwegian prince, you apparently have to accept this as a matter of routine - for your nearest and dearest as well as for yourself.

Paper records in dusty offices may be hard to access, and therefore "practically obscure". But these records are still public, and therefore vulnerable to sudden broadcast, if someone chooses to turn a searchlight on you.

Veryard Project Papers Do you have a secret past?
Information Leakage
Internet Practically Obscure


security  as fence Security is a container.  It keeps the good stuff in and the bad stuff out.
security as game Security is a battle between attackers and defenders. Attackers try to navigating a complex (and changing) space, where each place or state gives you access to certain other places or states, and visibility of some further places or states not directly accessible.  Defenders try to detect intrusion, close off as many access points as possible, set traps, and keep changing the configuration of the space. This is a topological way of conceiving security.
security as landscape Security involves a complex terrain, where some points are (or appear) more attractive or vulnerable than others - to a range of diverse stakeholders. Security involves a balance of risk and reward.
Veryard Project Papers Security


A property of a system or relationship based on expectations of reasonable and fair behaviour.
Veryard Project Papers Trust
Trust Notes


see also Immune/Immunity
Dealing with a serious threat by creating and injecting (or disseminating) a feeble and attenuated version of it.

Someone sent me a notice about a conference called The Joy of Work - about management and spirituality.  My heart sank at the thought of all those earnest and jovial people, waffling knowingly about spirituality in a five-star hotel at some fancy Mexican resort. (Nice work if you can get it, though.)

Such conferences are packaged to make them as undangerous as possible. Business is a complex self-healing system, perfectly capable of neutralizing any really dangerous ideas, including spiritual ones. Let's send a few maverick middle managers off to Mexico to be vaccinated - infused with a weak and warm teabag spirituality - so that they will become immune to the real thing. They can then return to their organizations and spout pseudo-spiritual jargon, which in turn increases the resistance to dangerous ideas within these organizations.

Vaccination works by educating and exercising the immune system. A network security manager might try and persuade staff NOT to open weird email attachments by disseminating an extremely weak software virus -- perhaps one that does something mildly annoying and embarrassing -- Code Pale Pink perhaps.

Veryard Project Papers Resistance

veryard projects - innovation for demanding change

[home page]

[contact us]

This page last updated on November 11th, 2003
Copyright © 2001-2003 Veryard Projects Ltd
in asssociation with 
antelope projects
CBDi Forum