Posts

Posted on

The purpose of security…

A coworker made these assertions about security. I think they’re worth repeating:

  • The purpose of security is to establish accountability of an individual.
  • The purpose of auditing is to verify the trust that has been placed in an individual.
Posted on

Principles of Reputation

One of my past professors, Phil Windley, posted some principles of reputation:

  • Reputation is one of the factors upon which trust is based
  • Reputation is someone else’s story about me – this means that I can’t control what you say about me although I may be able to affect the factors you based your story on. Also, every person should be able to have their own story about me.
  • Reputation exists in the context of community – this is different than saying “communities have a reputation about someone.”
  • Reputation is based on identity – reputation, as someone else’s story, isn’t part of your identity, but is based on an identity or set of identities.
  • Reputation is a currency – while you can’t change it, reputation can be used as a resource. Paul Resnick has a paper showing the value of a positive eBay reputation.
  • Reputation is narrative – you have to apply metaphor to interpret, reputation is dynamic becase the factors that affect it are always changing, reputation may require weaving together of plot lines.
  • Reputation is based on claims (verified or not), transactions, ratings, and endorsements. – this brings up the issue of evidence, recourse for slander or mistakes, etc.
  • Reputation is muti-level – a reputation isn’t just based on facts, but is also based on other’s beliefs about the target of that reputation. This requires some way of signaling beliefs to others.
  • Mutiple people holding the same opinion increases the weight o that opinion – repeat behavior is also another way of weighting reputation.

Posted on

Is Data Mining Fools Gold?

Here’s a thought provoking article about the problems of large-scale data mining by
governments. It’s written by a person living in the UK.

“Data-mining is complicated, and the more data you are mining, the more
false positives your software will throw up. If you act upon a false
positive for a motoring offence, it’s an inconvenience for the motorist,
but for an alleged case of child abuse, it can rip the family apart and
ruin the child’s life.”

“Furthermore, gathering large amounts of data is inherently dangerous.
Whatever information governments find interesting will also draw the
attention of criminals. Databases can be hard to keep secure, and it’s
not necessarily hackers that we should be worried about, but
unauthorised access by employees of the agencies that use these
databases. Equally, the more data you have, the more difficult it is to
maintain accuracy. In 2000, an audit of the Police National Computer
found that 86% of records contained errors, 85% of those errors were
serious, and some were libellous.”

“Technology can be a very powerful tool, but what it can’t do is replace
real human beings or traditional investigative work. Designed badly or
used poorly, databases are the technological equivalent of fools gold.”

Posted on

Article: Crash-only software

Crash-only software: More than meets the eye
by Valerie Henson July 12, 2006:
http://lwn.net/Articles/191059/

Properly implemented, crash-only software produces higher quality, more
reliable code; poorly understood it results in lazy programming. Probably
the most common misconception is the idea that writing crash-only software
is that it allows you to take shortcuts when writing and designing your
code. Wake up, Sleeping Beauty, there ain’t no such thing as a free lunch.
But you can get a more reliable, easier to debug system if you rigorously
apply the principles of crash-only design.

Posted on

The software patent monster impedes innovation

Bruce Perens tells us that patents impede innovation his article, The Monster Arrives: Software Patent Lawsuits Against Open Source Developers:

Patents were created as a means to get inventors to disclose their inventions, rather than keep them secret. The disclosure of an invention was supposed to allow others to more easily build on that invention, thus creating more inventions. But the patent system has evolved into something useless for the purpose of disclosure, and engineers are now instructed to avoid looking at other companies’ patents because if the victim of a patent lawsuit can be shown to have known of a patent, the award to the patent holder is tripled. There have been no reliable studies that show software patenting to have encouraged innovation, and there is much evidence that they actually impede it.

Posted on

Mongrel web server

Here’s an interview with Zed Shaw, the author of the Mongrel web server — a web server for the Ruby programming language that is good for use in combination with Ruby on Rails and other Ruby-based web-app frameworks. It’s interesting in that it’s fast, secure, cross-platform, and it’s not a heavyweight solution (compared to Apache). Why is it more secure than Apache at the HTTP protocol level? Mongrel utilizes the Ragel State Machine Compiler
 to generate the protocol parser, “and that is very strict and seems to block a huge number of attack attempts simply because it is so exacting.”

Posted on

Hard Drive Encryption: PGP Disk, LUKS, BitLocker

Why encrypt a hard drive? It makes it safer to dispose of an old hard disk… your data won’t fall into the wrong hands. This only matters if you want data to remain confidential. Laptop owners should consider using hard disk encryption.

When is it a bad idea to encrypt a hard drive? First, if you have a dual-boot computer (Linux and Windows), and you want Linux to be able to access all of the data on the Windows drive. Second, when the data confidentiality is of low concern and the data availability is of high importance.

Bruce Schneier writes about Microsoft BitLocker, which will be available in Windows Vista:

BitLocker Drive Encryption is a new security feature in Windows Vista, designed to work with the Trusted Platform Module (TPM). Basically, it encrypts the C drive with a computer-generated key. In its basic mode, an attacker can still access the data on the drive by guessing the user’s password, but would not be able to get at the drive by booting the disk up using another operating system, or removing the drive and attaching it to another computer.

PGP Disk is a current solution — no need to wait for Vista. On Linux, there are many solutions. The most current is LUKS and dm-crypt:

Apparently, HAL in Fedora recognizes LUKS volumes. It’s also possible to encrypt only your home directory with LUKS.

Update 5 June 2006

See also http://www.truecrypt.org/ and Wikipedia’s guide to disk encryption software.

Posted on

Security Myths and Passwords

Professor Eugene Spafford “is one of the most senior and recognized leaders in the field of computing.” Here’s what he has to say about password security.


http://www.cerias.purdue.edu/weblogs/spaf/general/post-30

In the practice of security we have accumulated a number of “rules of thumb” that many people accept without careful consideration. Some of these get included in policies, and thus may get propagated to environments they were not meant to address. It is also the case that as technology changes, the underlying (and unstated) assumptions underlying these bits of conventional wisdom also change. The result is a stale policy that may no longer be effective…or possibly even dangerous.

Policies requiring regular password changes (e.g., monthly) are an example of exactly this form of infosec folk wisdom.

Read the article for more details.