Thursday, June 21, 2007

Dear Sirs..

Another bold question if I may. The topic is trust. The subjects are sheeple and computer systems. The framework is IT Security. The context is always changing. The goals are the same. Intent is irrelevant. Miscreants abound.

Excuse me arguing by analogy, but this online age verification system to access movie trailers, sums up many of the major issues and ignorances in IT Security.

This morning, the New York Times has a nice story on gateways to online movie trailers that contain adult content. Trailers online will be preceded by colored tags, just like the green one you see in theaters that indicates the preview is acceptable for anyone watching. A yellow tag indicates the trailer may include PG-13ish content and a red one indicates an R-rated trailer, as it does in theaters, though red tags are rarely used in theaters.

The trailers that appear on the studios' movie sites, the story said, also have time of day restrictions, ostensibly viewable only between 9 p.m and 4 a.m.

More here

As the depth, pace and breadth of technology increases, no one can be expected to be an expert in all systems and subsystems they either use, interface with or build upon. Knowing what's going on 'under the hood' is becoming increasingly abstract and esoteric, especially to the standard consumer of computing resources. The issue is compounded by depth of code, system complexity, legacy systems, and third party drivers and modules, which are either knowingly or unknowingly part of a solution. Users require protection from both themselves and others while interfacing with systems or when having their information stored or utilised.

Unfortunately global systems span geo-political boundaries. Global systems which can be highjacked and used to attack more innocents.(Unfortunately systems will continue to be or will become vulnerable over time!) And I am talking about any node here; routers, switches, firewalls and traditional endpoints.

I am leaning towards the belief that more services should be available to end-users in their local cloud. Not necessarily mandated, but available - depending upon the environment. This is a highly complex and potentially volatile area, and arguments abound, however the question should be 'what's effective?'. DAMN -> fast, reliable and cheap. Though I like reliable!

How can you trust unmanaged systems and users? (also known as an information processing nodes!). See previous post.

How can you trust managed systems and users?

How can you trust infrastructure nodes?

Expect them all to fail. Expect them to be compromised. Expect to lose trust in them.

Now where does that leave us?

Let's look at the enforcement points on a simple systems trust model again... See previous post. (I like to think of the diagram as the equivalent of a Feynman diagram for IT Security, tee hee!)

So some stuff to think about. Here's a new acronym/phrase for you akin to SOA(Service Orientated Architecture).

SOV(Service Orientated Vulnerability) can be a compound or blended vulnerability.
SS(Service Surface) interface, network, user, back-end etc
IS(Interface Surface) subset of the above and takes in to account multiple new input vectors as the future interface will have more than one API/endpoint/processor per endpoint utilising new input devices and virtualisation.

Fun, fun, fun.

Every node will be a client.
Every node will be a server.
Every node will be a cache.

So now, do you trust the node, or introduce another trusted node to watch the node.

This could go on ad infinitum. At some point you hope there are enough checks and balances to watch the watchers.

Can we checksum people, anyone?

Schneier gets credit for leading me to the age verification system...


George said...

Could I get round the watershed if I tweaked my computer clock?

Anonymous said...

No Madams?