Rules of thumb
- Holistic approach: big picture, consider all attacks, computer-based or not (Dumpster diving, bribery, false-alarm flood, extortion)
- Security as risk-management
- Nothing is perfectly secure -- security is not "all or nothing"
- Cost of security vs benefit; may ignore problem until important
- Confidentiality: restricted access
- Integrity: data not modified except as intended
- Availability: System there when needed (beware denial of service attacks)
Policy: The rules
Enforcement: ensures rules are followed
- Monitor and deter: allow to happen, punish when does (like police)
- Technical prevention: make impossible to happen (locks on a safe)
- Incentive management: reward for good behavior, no reason to do bad. Very effective if done properly.
Who is adversary? Motivation, goals, resources, capabilities
Design to withstand attacks from some adversary (Better adversary may still break into system)
Straw-man design
- Get simple, functioning system
- Fill in security gaps afterwards
- Usually based on physical security (locks, fences, safes, guards, locked rooms)
- Humans involved -- have to trust somebody
- Ergonomics: make it easy and pleasant for people to set up security
- Computer security -- hard to configure, so people do not
More than 1 solution to security problems, some not so obvious
Not always deep technical issues
Good solution requires more work (emailing out passwords, etc.)
- Forgetting that foundation of security is physical
- Getting tied up with technical issues when non-technical ones are the problem
