Is Cybersecurity an Unsolvable Problem?(arstechnica.com) |
Is Cybersecurity an Unsolvable Problem?(arstechnica.com) |
A high-performing team has quality metrics, not only for the players but for the team. A high-performing individual outperforms a low-performing individual (a tautalogy for sure, definitional even). What qualities would you say the high-performing individual exhibits?
If you give both players high-quality or low-quality gear, what happens?
Can a baseball player who does a quality job of hitting home runs make better baseballs? Oh yeah: can they make better baseballs within the constraints under which baseballs are made? Why do those constraints exist?
The high-performing team is going to practice. They will wear out or destroy equipment in the process. Teammembers could potentially suffer career-ending injuries, during practice. During practice.
But when the real thing comes along, the practice is the deciding factor for performance individually and as a team.
If we did use such systems, the user interface would be almost identical, but our applications would only be able to open the files we fed them, and not everything, by default. The world would be a much more secure place, but that would have made the NSA's job a lot harder, so such systems aren't talked about much.
IME secure systems are hard to use in practice, and performance is usually worse than less secure systems.
If you're talking about tacked on layers of lockdown like SElinux, AppArmor, UAC on windows, "Access to X" on your phone, etc... that's obviously true. However, a capabilities based system should be almost identical in terms of the users view of things.. instead of calling a dialog to get a file name then directly opening the file, a "powerbox" is used which returns the capability to access a file.
As far as the user knows, the code behavior is identical, and they don't need to change their interactions.
We've all adopted ersatz capability systems when we moved to virtual machines, containers, and the like... just a far more course grained control of access instead of individual files at runtime.
I'm hoping that we finally fix computer security before I leave this world, but I'm having my doubts. WASM is a good step in the right direction, as long as they don't bypass the capabilities model in the name of "ease of use", it should help quite a bit.
My priorities now are:
- Don’t use computers if you don’t have to
- if you do, keep complexity at an extreme minimum
- also minimize who needs to access it
- minimize data collection where possible for strictly the task you need it for
- Keep data mostly at rest and with as few stops when it does have to move
- End-to-end is your friend
- Where possible make everything transparent
- State machines for all the things
Imagine a hospital. There will ALWAYS be people looking to break in to find out some specific information. "What did the doctors do that resulted in the death of my loved one?"
This is APT you can never stop regardless of budget. they can build any 0day, go to any extent, build completely custom undetectable tools that will never be stoppable.