Computer Security Theory

Okay, years ago I developed the start of a preliminary theory of computer security. I think it's more than time we had one. It went something like this.

The main concepts of computer security are resources and objects. Counter-intuitively, it's not objects that you protect but resources, and objects are what you use to protect them with.

Every computer security problem falls in one of three categories:

Note that a communications channel is a storage medium for all intents and purposes. It turns out that computation cannot be encrypted (see EncryptedComputation) though I still have difficulty understanding exactly why. Capabilities can themselves be encrypted; does that turn them into resources?

So on the one hand, we've got the security of storage and the field of encryption covers this completely. On the other hand, we've got security of access and the field of capability theory covers this completely.

And on the third hand,

The theory is that there are only these three categories of security problems, that two of them are completely covered by mature theories, and that the third admits to no theory or algorithm. At least for now. I've got some inkling that every resource and object creates a metachannel but that's fairly vague and I'm not even sure it's true. Mostly, there is no algorithm for plugging metachannels; making them noisy is NOT acceptable and usually not even tolerable.

Economic problems like resource starvation are outside the bounds of computer security as they are economic in nature.


EditText of this page (last edited September 6, 2005) or FindPage with title or text search