Date: 12/20/97 1:49:17 AM From: "Mark R. Lindsey" Subject: Phil-Sec: Let's finish defining security To: ("Philosophy of Security WG "@LOCAL) Please forgive the length of this message, but we've said a lot here. I don't wish to see us bat about an issue and leave uncompiled ideas lying about in the list archives. (While we may not agree, we should know precisely upon what it is we disagree.) Let me first summarize some of what's been said: Spaf gave the definition that's echoed in the ORA book on Unix/Internet Security: a secure computer does what it should, as prescribed by a policy, come hades or high water. I started with a sort of piece-wise definition: A computer is secure if it enforces proper authentication mechanisms, and controls what access its authenticated users have. Millie went on to introduce Privacity as a function of secure systems. And I believe that Neil essentially expanded the definition that I proposed to include assurance of service. What we saw in our various definitions seems to be two ways of addressing Security: Spaf's definition may well be described as holistic, whereas the piecewise definition addresses security as a distinct issue from other fields of Information Systems. Let me propose this -- many of us may choose to security as a distinct issue, addressable by analyzing `weak' points like authentication, but we expect from our Security Measures a system that adheres to its policy. We attack security as hackers and buffer overruns, and expect perfect operation from our pursuits. Glenn Everhart introduced an intriguing notion of addressing justified versus unjustified actions. Rick Smith mentioned a distinction between `reliability' and `security': ``Dropped bits, replicated messages, and unexpected delays are all "attacks" on the system in some sense.'' I continue to believe that the term `Computer Security' is typically used to address concepts such as authentication and access control; I'm afraid that bringing into its scope things as general as Reliability and Data Integrity are counterproductive. Is severe line noise that causes corrupted messaging a Security issue, or an Engineering issue? Is a faulty starter motor on a hard drive an issue of Computer Security, or should it fall under a more general category of Computer Reliability? Allow me a second proposal: Computer Security is a category of Computer Reliability. Such definitions as Spaf's make the two equivalent, but I maintain that they are distinct. Thank you for the time it took to read my thoughts. Mark