May 05, 2007

H6.1: Designing (Security) Without Requirements is like Building a Road Without a Route Map to a Destination You've Never Seen.

Number 6.1 in a series of Hypotheses, as sparked by the earlier post that suggests that S/MIME and its critics alike lack foundation.

Lay down your requirements before you start.

I find it takes longer to lay down the security requirements of the application than to actually design the protocol to meet the needs. And, it takes longer to design than it does to code up the first version. The hard work is in knowing what to build, not in building it.

During later phases, you will find challenges that bounce you back to your original requirements.

Let that happen. Bounce things back and forward for as long as it takes to prove your requirements are really what is needed for the application. Don't be surprised if you get half-way through and discover a real doozy.

The alternative is to pick up someone else's requirements out of a textbook or off a cypherpunks list and assume they make sense. If that happens you'll be into a perpetual battle that will eventually end up in a dog's breakfast when some real canine attacker works out the joke. If you're in that game, use a psuedonym when designing, and change jobs before it gets serious.

To come: 6.2 through 6.6, to complete Hypothesis #6: It's your job. Do it!

Posted by iang at May 5, 2007 06:07 PM | TrackBack
Comments

should i say pet-peeve?

the other aspect is not having done a detailed end-to-end threat and vulnerability analysis and then stating exactly what is trying to be accomplished (it is tempted to make a statement with regard to not knowing something ... that they don't even know that they don't know). related
posts about not knowing what they don't know
http://www.garlic.com/~lynn/aadsm26.htm#64 Dr Geer goes to Washington

not only is there the requirement to know what route the road is to transverse ... but there is a requirement to have detailed knowledge of the conditions involved in the route as well as what traffic the road is to carry.

for instance ... is part of the route subject to frost heaves ... and are specific countermeasures necessary. past post discussing frost heaves affecting road construction requirements:
http://www.garlic.com/~lynn/99.html#22 Roads as Runways Was: Re: BA Solves Y2K (Was: Re: Chinese Solve Y2K)
http://www.garlic.com/~lynn/2002i.html#28 trains was: Al Gore and the Internet
http://www.garlic.com/~lynn/2002i.html#35 pop density was: trains was: Al Gore and the Internet
http://www.garlic.com/~lynn/2002i.html#36 pop density was: trains was: Al Gore and the Internet
http://www.garlic.com/~lynn/2002j.html#42 Transportation
http://www.garlic.com/~lynn/2002j.html#68 Killer Hard Drives - Shrapnel?
http://www.garlic.com/~lynn/2003j.html#11 Idiot drivers
http://www.garlic.com/~lynn/2006h.html#45 The Pankian Metaphor

another part of road construction is knowing what kind of traffic will be involved ... for instance past posts discussing that road lifetime construction considerations are related to ton/axle loads for heavy trucks (traffic from automobiles and light trucks can be ignored) ... long winded past thread exploring the subject of heavy truck axle-loads traffic affecting road construction
http://www.garlic.com/~lynn/2006g.html#5 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#6 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#10 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#12 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#15 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#19 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#26 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#32 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#35 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#46 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#49 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#53 The Pankian Metaphor
http://www.garlic.com/~lynn/2006g.html#54 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#5 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#6 The Pankian Metaphor
http://www.garlic.com/~lynn/2006h.html#23 The Pankian Metaphor

Posted by: Lynn Wheeler at May 5, 2007 10:45 AM
Post a comment









Remember personal info?






Hit preview to see your comment as it would be displayed.