Dan Simon is wrong July 8, 1998

Dan Simon is wrong
July 8, 1998
“What is Security?”
“Security is about implementing people’s
preferences for privacy, trust and
information sharing (i.e., their `Security
– Wrong (or incomplete)
Security is also about eliminating
unforeseen consequences
 Constructing the policy is the hard part
You can’t handle the truth
Who should be able to open the front door
on my house?
– Me, my family, our guests
– Police, firefighters, paramedics
 But they should be logged and audited
– Locksmiths?
It’s hard to construct the right lists
 Physical metaphors may not help
Social constructs
Security policies are based on experience
 Less experience on computers than in real
 Unforeseen consequences may be far
more numerous
 Predicting consequences is
computationally complex
 Analogies may not maintain consequences
I need an administrator
– I’m not alone
My policy might simply parameterize the
administrator’s policy
 I need auditing
 I need undo
 I need someone to explain my policy to