Wednesday, August 10, 2011

The truth about computer security, a military analogy

Imagine if you could only decide if you trusted a soldier or not, a binary decision, for each and every soldier in the military, at their time of enlistment.
    If you trusted him, he had full access to every weapon and resource at our countries command, until he decided to leave.
    If not, he wouldn't have access to anything.
Would it be possible to have a classification system in such a regime, when one spy could give away everything to the highest bidder?
Would it be possible to have an effective command and control system, when rank means nothing because there are no privileges that go with it?
Would it be possible to even have a country, if one loose cannon could launch Armageddon?
No, of course not... security decisions have to be much more fine grained than that... you don't trust any soldier absolutely, it would be insane to do so.
Even the tightest background checks in the world wouldn't help, because it only takes one mistake to lose everything.
Yet we have no problem with giving that soldier (or any user, for that matter) a computer and that same choice... either trust the program he's about to run with every resource at his command, or don't accomplish anything.
Until we remove this false choice, we can never have secure computing.

No comments: