By Dr. Alan Radley, 10 Sep 2017
YOU MAY sometimes here a security professional say something like: ‘in the field of information security— (there are no absolutes)—except that (there are no absolutes)’—or words to that effect. Perhaps these same people do not realise that this statement is, in actual fact, an example of circular reasoning—or a logical statement that restates the premise as the conclusion. Anyway, a few eminent security experts—have expressed objection to the word ‘absolute’ in our book’s title.
What I think these same experts are alluding to—is the impossibility of making any absolute security predictions; or attaining perpetual—ever-lasting—security protection in relation to information that is stored/transferred by means of networked computers. Such an interpretation is correct—because security is (and always has been throughout history) an arms race between those who seek to protect information and those who seek to circumvent those protections. Today’s best ciphers will doubtless be trivially broken in the future at some point. However, it seems that the dissent surrounding the word “absolute” is due to varied interpretations of what it means. In this post I would like to fully define “absolute” in the context of security literature.
Let us begin by assuming that the term ‘absolute security’—alludes to a system that is permanently impregnable for all time (i.e. it can never be broken into).
That is not what I am claiming here for the meaning of the term absolute security—and for several reasons. Earlier (in my book: “The Science Of Cybersecurity”); I had defined security as protection of Privacy Status for an item; and absolute security (for a private-copy) as single-copy-send—or no access whatsoever for unsafe-actors. Wherein absolute security is a kind of ruler or metric—one that indicates/reflects the specific Accessibility (or Privacy) Status for the datum-copy.
An item is absolutely secure when it is—at the present epoch—out of reach of any unsafe actors—and there are no illegitimate copies. Henceforth, I would suggest that absolute security is a measurable protective status—and one that does not have to be possible—or permanent—in order for it to be a valid goal or metric in relation to a copy. Accordingly, we have neatly moved emphasis away from systems—and onto datum-copies—in accordance with the basic theme of the present site (security = protecting copies). However any copy-related insecurity must be the result of system failure(s)—so how/where do these problems arise?
Evidently, computing systems are extremely complex, varied and changeable—and many uncertainties can be the case for a datum-copy existing in a networked computing environment (even an ostensibly protected one). It follows that the privacy status for any item on a networked computer system—is a situation-specific property that may (quite possibly) change over time. However this does not mean that we should adopt an attitude whereby we just shrug our shoulders whenever a leak/data-breach occurs. And then make the excuse that when it comes to security there are no absolutes—or even idealised metrics with which to judge security status. Systematic security is therein misrepresented as (forever) a contradiction in terms—something not even worthy of comprehensive de nition and/or accurate measurement.
Inevitably, security experts encourage us all to install protective mechanisms, but often without providing the concordant means to adequately adjudge/measure if they are, in fact, working. It would seem essential to first-of-all define the security goal for a private datum-copy—being absolute security (i.e. single-copy-send for a specific communication instance). A clear security target is required in order to have any chance of discovering whether we have attained it—or lost it—and why! Surely we cannot be expected to just passively await the arrival of evil tidings in the form of system exploits— without full knowledge of what is the key goal/measure of communications security (single-copy-send).
Unsurprisingly, such an ‘no-absolutes’ attitude pre-shadows a built in excuse for the designers of security systems. It gives them a get-out-clause; because they do not have to explain why or how the security targets failed—and because there are none—or at least highly specific ones like single-copy-send—complete with appropriate logical happenings. We may conclude that successful exploits are not the result of a lack of absolutes in security—that is a wholly illogical argument—and because it renders uncertainty/lack-of-knowledge/poor-defences as a valid excuse for failure. Whereby we put the symptom ahead of the cause. Rather we must accurately define continuous security as the goal—which is itself a type of absolute—or how else would you define successful protection of privacy—but as a kind of temporary permanence to be constantly achieved.
Please note, that I am not claiming here that we cannot have zero-day-exploits—or unknown-unknowns in terms of system design/operations—but rather that we should wake up and smell the gunpowder. We must seek to identify bone de explanations for our security failure(s)—and not hide behind logical-conundrums/meaningless-mantras. Rather, we embrace the truth—that it is a complete lack of precise, logical and measurable—security targets that holds us back. Accordingly, we hereby define: A) The absolute security method(s) for a communications system as consideration of every aspect of security to produce an all-round system that works coherently as a whole against all types of attacks, using the full gamut of known defensive techniques.
We do not mean that the system is permanently impregnable for all time (i.e. that it can never be broken). Absolute security is an attainable ideal (potentially), with a robust theoretical footing to back up its practicality and achievability. We also provide a second related definition: B) The absolute security target for a private datum-copy is de ned as single-copy-send—whereby it is the communications system’s absolute security method(s) that helps to deliver the same. Note that both definitions are ideal status metrics to be achieved and not permanent features that somehow self-perpetuate.
In conclusion, we need absolutes—and the concept of absolute security—not because it is a nieve dream-like state of system/data safety. We need the target(s) and method(s) of absolute security because these are idealised goal(s)—or assurance objective(s)—and reflect the very status values that we seek to measure our success and/or failure against. We could choose another grouping of words to represent the goal of continuous security (i.e comprehensive security). Nevertheless the underlying security metric is the same—a system that strives towards ideal and (hopefully) attainable security protection for our private information.