To round off our first foray into peer-review, FC++ presents a paper my own observations on a term dear to our hearts, if not our heads. Can an economics framework explain what we mean by security?
What do people mean when they say something is secure?Shamir's 1st law says absolute security does not exist, yet the popular press and the security buying process is inundated in secure product. For some of these products, there may be merit in the term, but for many it is more debatable. Such differences of meaning and applicability suggest low efficiency in the market for security, as well as a blackspot on the claim for security as a robust science.
One way to define 'secure' is to apply the economics theory and terminology of Pareto efficiency. This simple structure gives an easy way to categorise and choose among alternates, and identifies when an optimum has been reached. We suggest that this meaning may already be in wide spread usage, intuitively, among security practitioners and the popular press.
As always, comments welcome. For all FC++ discussions, we are interested in where you think these papers might be better published.
Posted by iang at May 12, 2005 01:30 AM | TrackBackKaldor-Hicks corresponds to a lay theory of value, which assumes commensurability where there often is not. The Pareto approach makes far fewer assumptions in this regard.
Another interesting set of Pareto-improvements comes when one can improve the usability of software without decreasing its security. Such improvements are at least as important as when one can improve secrurity without reducing usability.
I'm musing about this. The thing about Pareto-improvements are that they are very strong and useful if the building blocks are small and cohesive. But as we get more complex, it breaks down, leading to as you suggest temptation into Kaldor-Hicks which to me doesn't deliver value.
But the rise of HCI issues in security thinkers' minds is of such import that it might be a good contrasting improvement that means much security software is not Pareto-secure simply because of these shortfalls. (c.f., Kerckhoffs' principles.) The more I think of it the more this seems like a valuable direction. Thanks!
Posted by: Iang at May 24, 2005 07:12 AM