0
...Previously on ISA blog...

…Previously on ISA blog…

Summary of wish N°3 –

The security concerns must be addressed by the base infrastructure of ISA. This means that authentication and  crypting, that are the two pilars of security have to be a) incorporated at the lowest level of and  b) absolutly sure.

Benefits

The first benefit to incorporate security in the lowest layers of ISA is that its safety is generalized every where ISA is deployed, and at anytime. This is a very important advantage when comparing to security problems recurrently occuring on all runtime environments (operating systems, browsers, etc.). Having a common security foundation for all artefacts, promotes security by design. For , the benefit of a shared base for rights management and access checks. If these foundations are “rock solid”, all ISA systems will take advantage. Together with an iterative improvement , it warrants to reach an excellent security level. Remember that a system is only as secure as its weakest element.

Some security properties immediately appear desirable: Integrated crypting, integrated space insulation, resistance to common attacks (Cf. Common Types of Network Attacks) and even to deep spying, like those based on firmware (hard drive, routers, SIM cards, etc.).

The access and the rights must be uniformly managed. To ensure security, they have to be integrated to all objects incorporated in ISA.

Since encryption is one corner stone of security, an absolutely secure encrypting is a “must have”.

The authentication question has to be carefully examined, out of any fashions. Authentication should be as simple and efficient as possible. More advanced functions like “single sign on” could be incorporated in ISA.

Benefits list :

  • Shared security foundation.
  • Avoids weak points in the security chain.
  • Absolute privacy.
  • Unified access and rights managements.

Challenges

Define an absolutely sure crypting mechanism appears very difficult. In particular, for deep attacks based on the hardware/firmware.

Follow the most commonly shared Security Design Principles:  Least Privilege, Fail-Safe Defaults, Economy of Mechanism, Complete Mediation,  Open Design, Separation of Privilege, Least Common Mechanism, Psychological Acceptability, Weakest link, Secure Failure.

As you can't manage what you don't measure, security measurement is required. However, software measuring and more over its security properties is not trivial.

Establish a security evolution and a mechanism. This last aspect has to be taken into account in realization of  Wish N°2 – Distribution.

As some readers could see, I'm not a security specialist. So all helps of the community for enriching and also for building this requirement are welcome!

Related posts:

  1. ISA Wish N°5 – Simple and freed of experts
  2. ISA Wish N°6 – Modern, performant and durable
  3. ISA Wish N°4 – Be both static and dynamic
  4. The State axiom – Part 1
  5. The State axiom – Part 3
Tags: (00 - Summary), (02 - Wishes), Foundations, Language, Requirement

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.