THE SUBJECT at hand is network design for secure transfer of meaning between individual human beings. Our goal is to characterise a computer network for replicating datum(s)—safely—between remote computer nodes; whilst protecting the social integrity (privacy) of said datum(s) in place and time.
A second goal of this section is to introduce the two basic kinds of computer network; and to identify key principles of secure network design; and by means of logically consistent performance metrics.
We begin by considering security for a primary-copy; whereby a private-datum is made available on a local access-node within the primary-network—and by means of an access-device (i.e. a personal-computer) connected to the Internet (i.e. an open-network).
Previously, for an act of private communication, we had assumed that a local access-node provided socially restricted access to primary-copies. However such a statement is predicated on the fact that each access-device affords an actor-coherent defence against any data-breaches—successfully [Axiom 19].
Unfortunately this may be a rather big (i.e. false) assumption; because access-device security depends upon a mishmash collection of protective methods provided by network administrators, software vendors, operating system and device manufacturers etc.
Use of the term ‘network’—is problematic to say the least. This is because an access-device may be open to the data-processing activities of (any number of) inter-relating local-actors plus network-actors (i.e. human/automated ones etc). Ergo hybrid-actors are formed that may be partially/fully invisible, overly complex, and/or unknowable in some way—and which may be—as yet—only potentially present [Axiom 20].
A computer network is a telecommunications network which allows computers to exchange data. On computer networks, networked computing devices exchange data with each other along network links. The connections between nodes are established using either cable or wireless media.
Mutability / Immutability
A datum’s content may have a purely informational meaning (be descriptive) and/or a purely logical meaning (be functional)—or posses a combination of both kinds of meaning—according to context of use. However, the process of point-to-point transfer of a datum; is (normally) defined to be a transfer of information alone—and the datum (content) is immutable [Axiom 21].
Replication of a primary-copy (datum from + content) is transfer to a destination-point. It may be that a copy’s form (encapsulating media of storage, communication/delivery, and access etc) changes during replication—hence (datum) copies are mutable (form aspects) [Axiom 22].
Security / Privacy Status
A datum-copy’s Security Status—or protected social accessibility status—specifically its absolute or partial/absent security value—may be either: A) determined/ known; or else: B) undetermined/unknown at a particular epoch.A datum-copy’s Privacy Status (i.e secret/private/open accessibility status); works together with its Security Status (access protection) to perpetuate and defend the datum’s inner meaning.
Lock, Block and/or Conceal
We desire to prevent an actor: knowing, contacting or finding an item.
There are basically three ways to defend/protect an item in the real-world. For example, when protecting an entrance to a house (i.e. walled safe)—we can:
- Lock the entrance and armour reinforce it—or make it difficult to open/know;
- Block the entrance pathway—by preventing an attacker from reaching it—for example by placing objects in the entrance-way—or by eliminating it altogether;
- Conceal the entrance—and make it difficult to see/find.
Similarly for datum-copies/attack-surfaces—we can protect these in analogous way(s) [Axiom 23].
From the perspective of a digital communication system— named a primary-network—we can identify two basic network sub-types as follows:
- Firstly we have cloud-server networks; such as email, Dropbox, Facebook, Twitter etc; in which all of the communicated data is relayed by—and stored on— centralised storage facilities.
- Secondly we have Peer-to-Peer (P2P) networks; such as Napster, BitCoin, BitTorrent etc; the same forming a distributed network of peer-to-peer nodes that render the communicated information directly available to network participants—without the need for centralised co-ordination or central storage (but packet routing servers may still be required).
A key advantage of P2P is that:
Participating users establish a virtual network, entirely independent from the physical network, without having to obey any administrative authorities or restrictions.
Whilst it is not my intention to unduly simplify the inherent (and mammoth) complexity of computer networking as a topic, or else to disregard the great diversity of hybrid network types that are possible; space limitations preclude any further analysis of network system design in terms of implementation details.
SCF 1.0 – InfoGraphic C
Aetiology Of a Datum-Copy
Source: ‘The Science Of Cybersecurity’ (2017) – by Alan Radley
We can identify two—enforced—coherency predicates for absolute security; namely: actor-unity (of purpose); and actor-integrity (of action); for safe hardware/software operations on each access-device [Axiom 24]. Similarly, unsafe-actor repellent/containment techniques can be used to preserve the legitimacy of data-processing operation(s) on the primary-network [Axiom 25].
Moving on to consider security for the primary-network —plus any secondary-network(s)—or privileged-access networks intimately connected to the same—we are concerned here with secondary-copy protection. Accordingly, for those situations that require absolute security; it would seem to be good practice (at least in general) to reduce the number of legitimate secondary-copies—and thus to minimise the number of exposed attack-surfaces (or eliminate the same). Attaining adequate protection for any illegitimate secondary-copies and/or tertiary-copies; requires specialist data-encryption, plus identity and access management techniques.
And that’s about it for now. We have identified key principles of safe network design. Remaining is to ‘explode’ said factors; and to bring visibility, clarity, understanding and predictability to all of the relevant actors, entities and processes, plus attack and defensive methods, that may be present/possible.
SCF 1.0 – InfoGraphic D
Datum-Copy – Elementary Attributes
Source: ‘The Science Of Cybersecurity’ (2017) – by Alan Radley
Building Actor Coherent Defences
The subject at hand is the building of actor-coherent defences—with respect to the safe transfer of meaning between individual human beings. Accordingly, we specify a nominal primary-network’s data-processing stack; and with a view to obtaining absolute security for communicated datum(s).
Security is protection of privacy (of meaning) for a communicated datum. Ergo, a second goal of this Chapter is to identify—attack-surface/window type(s)—for said private-datum; and by means of logically consistent definitions, analysis and exposition.
The term data-processing stack refers to the sum total of all the actors, entities and processes etc; existing on— and/or potentially influencing—a primary-network’s communication ‘pipeline’. As previously indicated, this stack may involve hybrid-actors emanating from outside the primary-network—on secondary/tertiary/ open-network(s)—including known and unknown, and desirable and undesirable, ones etc.
How can we get a grip on something so ephemeral? We begin by identifying (potential) vulnerabilities on a supposedly secure communication ‘pipeline’.
Attack-surfaces come in six basic kinds [Axiom 26]. Firstly we have three related to the datum-copy’s form; or its encapsulating media of storage, transfer and access. Secondly we have three attack-surface types related to the datum-copy’s content; and these are the metrical, descriptive and selectional ones.
Locking / Blocking / Concealment
Patently, the generalised locking, blocking and concealment tools/strategies apply not only to items—but also to processes and methods. But remember that these ideas are analysis tools—which may be mixed, interlaced, overlaid etc and so are not sharply defined physical laws!
A datum-copy—encapsulated on a media device—has three components: two related to form: the physical representation, and the virtual representation, and one related to content: which is the meaning representation (with the aforementioned metrical, descriptive and selectional aspects) [Axiom 28].
Ergo, there are 5 possible attack-surface types for each of three possible media of storage, transfer and access— leading to a grand total of 15 attack-surface types. However each surface may be protected by 6 kinds of protection (entry-method(s) + defence-method(s)): or locking, blocking and concealment mechanism(s); hence we can have up to 90 fundamental kinds/types of protection for a single copy (or a private datum) [Axiom 29].
An actor (i.e. a program/human/process) existing on and/or influencing the data-processing stack that may be structurally—visible/invisible and/or known/unknown in terms of existence—but remain questionable/harmful in terms of purpose, value, action and/or integrity—and hence may (potentially) cause undetermined/detrimental/harmful effects and/or progress unknown or undesirable programming path(s); or else provide unauthorised access to private-datum(s) etc [Axiom 27]. Whereby the term unsafe-actor encapsulates the meaning(s) of the term threat-actor/attacker and similar terminology.
A local-actor is a data processing unit—existing on a local access-device—comprised of either hardware and/or software/human elements—which (potentially) acts on a datum-copy’s form and/or content within the primary-network’s data-processing stack [Axiom 30].
A network-actor is a data processing unit—existing on a remote networked-device—comprised of either hardware and/or software/human elements—which (potentially) acts on a datum-copy’s form and/or content within the primary-network’s data-processing stack [Axiom 31].
An actor-coherent defence is when all of the actors, entities and processes—present in a primary-network’s data-processing stack—are impelled to act together in order to protect the private datum-copy’s form and/or content from unwarranted social access (hopefully for all places/ times) [Axiom 32]. N.B. An actor may originate—from either automated processes and/or human ones.
Access-Node / Access-Device
An access-node is a virtual access gateway (i.e. legitimate login-node/point-of-entry) for a primary/secondary/tertiary network; and is normally used (only) by an authorised party to gain entry to said network. An access-device is a physical access device that enables a human to gain entry to the same network (i.e. a personal computer) [Axiom 33].
In order to facilitate meaningful discussion of the different parts of an open network system; we have categorised networks into three kinds as follows:
The primary-network is a provided point-to-point communication system; whereby a private access-node (the source-point) exists on a networked access-device; which stores a primary-copy of a private-datum; prior to the single-copy-send of the same to a socially restricted access-node (the destination-point) [Axiom 34]. A primary-network may create legitimate secondary-copies of the primary-copy.
A secondary-network is a privileged-access network intimately connected to the primary-network’s communication pipeline; whereby copies of communicated private-datum(s) may exist on an nth-party organisational network and/or various local and/or central replication (backup) network(s) [Axiom 35]. A secondary-network may contain legitimate replicated secondary-copies of primary-copies and/or other secondary-copies.
A tertiary-network is not directly connected to the primary-network—but nevertheless may still (belatedly) access data traffic flowing across primary and/or secondary-networks—resulting in illegitimate tertiary-copies of primary/secondary-copies [Axiom 36].
Operational Defensive Strategies
An actor-coherent defence guarantees that all actors present on a primary-network’s data-processing stack work-together to protect the privacy of a datum’s content.
Two kinds of operational strategies exist for achieving an actor-coherent defence.
Firstly, we can attempt to identify unsafe-actors and limit their harmful activities—but this may be extremely difficult to do—since actor types are numerous and many are unknown/remote/hidden.
Secondly, we can move all copies (or attack-surfaces) beyond the reach of any harmful actors—still a difficult process—but at least the copy types are known—and hence (potentially) defendable. Normally we employ both techniques (to the same effect); but in our thesis we shall emphasise the latter approach—protecting copies from attack. Detailed below is a generalised hacking procedure— but bear-in-mind that all defensive strategies relate to protection of either form or content (for a datum-copy).
SCF 1.0 – InfoGraphic A
Cybersecurity System Access Gateways
Source: ‘The Science Of Cybersecurity’ (2017) – by Alan Radley
Generalised Hacking Procedure
Any attack begins with form. Logically, an intruder must possess a means of engaging with (one or more) of the encapsulating: media of storage, transfer and/or access—for a primary, secondary or tertiary copy. Accordingly, the attacker (and his ‘helper’ actors) must rst connect with the private copy’s physical-representation—and by opening-up an electronic/magnetic/optical ‘container’—in order to obtain a virtual-representation of the copy.
Next because the copy has been transposed into a storage/ transmission/presentation format; the virtual representation must be processed to extract the inner datum(s)—or meaning-representation (normally).
Ergo protection of a form based attack-surface—implies preventing/blocking any unsafe-actor(s) from gaining unwarranted access to (opening-up) the physical and/or virtual representation(s) of the copy (see later sections).
The next task is to extract meaning from datum content. Remember that a representation has metrical, descriptive and selectional aspects. Notably, the metrical aspect—or pattern of atomic facts/symbols—is always present—and works together with a descriptive aspect—to convey meaning. The so-called metrical attack-surface may be protected (for example) by means of encryption (entry locks + content concealment)—or obfuscation of symbolic structure—and so that only an actor with the correct unlocking algorithm(s)/key(s) can decode the underlying symbolic pattern [Axiom 37].
Once the metrical layer is decoded, we must match each symbol to its specific meaning—and according to the common descriptive language employed—named the descriptive attack-surface [Axiom 38]. Notably the sender and receiver may be using an obscure coding language whereby the symbol-to-meaning relationship is protected (i.e. RED means BIG etc). Finally, modal context(s)—named selectional attack-surface(s)—may protect constructive aspect(s) of the representation [Axiom 39].
Do not worry if this Chapter seems overly theoretical— all will become clear soon enough—because we are now in possession of all the principles needed to specify absolute security [ref. Absolute Security: TARGET and METHOD(S)].