security notions
|
security notions |
|
|
[autonomic/autonomous] [firewall]
[fortress] [guard/guarded]
[immune/immunity] [impersonation]
[inference control] [patch]
[privacy] [secrecy/secret]
[security] [trust] [vaccination]
|
Microsoft's notion of autonomous computing refers to secure (well-guarded) islands of computing in a hostile world - sometimes known as fortresses.
IBM's notion of autonomic computing refers to self-configuring, self-healing, self-optimizing and self-protecting systems, including capabilities similar to biological immune systems.
Normally doesn't deal with content.
| Veryard Project Papers | Autonomous Computing |
| Internet |
| Veryard Project Papers | Autonomic Computing |
| Internet |
Sometimes impersonation may be relatively innocent or harmless. Authors frequently use pennames, especially if they want to write novels in more than one genre without confusing the reading public. I may use a false name when I register on a website, in an attempt to preserve my own privacy and to avoid further increasing the amount of spam I receive. And I always lie, on principle, when I'm asked for my mother's maiden name.
Sometimes impersonation may be contained within a context that somehow
makes it okay. A London journalist wrote a regular column, which purported
to be the diary of a well-known British politician. The politician sued,
on the grounds that some readers might not recognize that it was a spoof.
The debate was not about the content or legitimacy of the spoof itself,
but how the spoof was framed - where and how it was published. (If it had
been in a satire magazine, everyone would have known that it was a spoof,
and the politician would have shrugged it off.)
| Veryard Project Papers | Identity |
| Internet | Identity Theft |
Note that inaccurate inference (intelligent guess) may be good enough
for many purposes, and may be damaging enough to the security of systems
- especially when combined with social attacks.
| Veryard Project Papers | Inference
Inference Control Privacy and Confidentiality The Raw and the Cooked |
Among other things, software patches are applied to close security loopholes
in systems. There are at least four problems with this:
 |
People Don't Apply Patches | Users and administrators are overwhelmed with patches, and they simply don't apply them. |
|
Developers Forget Patches | New versions of software may restore the loophole, because the patch has been forgotten. |
|
Patchy Patches | The patches themselves may be flawed - either failing to close the loophole properly, or introducing further problems and side-effects. |
|
Patch Interference | Multiple patches may interact in unpredictable ways - especially if the sequence of applying the patches is important. |
In broader intervention however, the question isn't whether patches work, but whether we have any other choice. Any finite and manageable intervention into a large complex system is necessarily a patch - at least from some perspective. Although our fantasies and plans may be more grandiose, we can only make real changes in patches (components).
The challenge is to weave many patches (components) together into a coherent fabric (system). This is where we need an organic approach - something akin to Christopher Alexander.
| Veryard Project Papers | Organic Planning |
| Veryard Project Papers | Privacy and Confidentiality |
If you want to be elected to public office, or marry a Norwegian prince, you apparently have to accept this as a matter of routine - for your nearest and dearest as well as for yourself.
Paper records in dusty offices may be hard to access, and therefore
"practically obscure". But these records are still public, and therefore
vulnerable to sudden broadcast, if someone chooses to turn a searchlight
on you.
| Veryard Project Papers | Do you have
a secret past?
Information Leakage |
| Internet | Practically Obscure |
| security as fence | Security is a container. It keeps the good stuff in and the bad stuff out. |
| security as game | Security is a battle between attackers and defenders. Attackers try to navigating a complex (and changing) space, where each place or state gives you access to certain other places or states, and visibility of some further places or states not directly accessible. Defenders try to detect intrusion, close off as many access points as possible, set traps, and keep changing the configuration of the space. This is a topological way of conceiving security. |
| security as landscape | Security involves a complex terrain, where some points are (or appear) more attractive or vulnerable than others - to a range of diverse stakeholders. Security involves a balance of risk and reward. |
| Veryard Project Papers | Security |
| Veryard Project Papers | Trust
Trust Notes |
Someone sent me a notice about a conference called The Joy of Work - about management and spirituality. My heart sank at the thought of all those earnest and jovial people, waffling knowingly about spirituality in a five-star hotel at some fancy Mexican resort. (Nice work if you can get it, though.)
Such conferences are packaged to make them as undangerous as possible. Business is a complex self-healing system, perfectly capable of neutralizing any really dangerous ideas, including spiritual ones. Let's send a few maverick middle managers off to Mexico to be vaccinated - infused with a weak and warm teabag spirituality - so that they will become immune to the real thing. They can then return to their organizations and spout pseudo-spiritual jargon, which in turn increases the resistance to dangerous ideas within these organizations.
Vaccination works by educating and exercising the immune
system. A network security manager might try and persuade staff NOT
to open weird email attachments by disseminating an extremely weak software
virus -- perhaps one that does something mildly annoying and embarrassing
-- Code Pale Pink perhaps.
| Veryard Project Papers | Resistance |
|
 |
