Security Notes

From The System Administrator Zone
Jump to: navigation, search

Reflections on Trusting Trust

"To what extent should one trust a statement that a program is free of Trojan horses?
Perhaps it is more important to trust the people who wrote the software."

thompson.pdf

Using the Assurance Model for Computer Security

From: Schneier on Security

Several years ago, former National Security Agency technical director Brian Snow began talking about the concept of "assurance" in security. Snow, who spent 35 years at the NSA building systems at security levels far higher than anything the commercial world deals with, told audiences that the agency couldn't use modern commercial systems with their backward security thinking. Assurance was his antidote:

"Assurances are confidence-building activities demonstrating that:
"1. The system's security policy is internally consistent and reflects
    the requirements of the organization,
"2. There are sufficient security functions to support the security policy,
"3. The system functions to meet a desired set of properties and *only*
    those properties,
"4. The functions are implemented correctly, and
"5. The assurances *hold up* through the manufacturing, delivery and
    life cycle of the system."

Basically, demonstrate that your system is secure, because I'm just not going to believe you otherwise.