Okay, years ago I developed the start of a preliminary theory of computer security. I think it's more than time we had one. It went something like this.
The main concepts of computer security are resources and objects. Counter-intuitively, it's not objects that you protect but resources, and objects are what you use to protect them with.
Every computer security problem falls in one of three categories:
- a storage medium (resource) that must be encrypted to protect against intrusion
- a capability (object) that provides access to a resource, part of a resource, another capability or another object
Note that a communications channel is a storage medium for all intents and purposes. It turns out that computation
cannot be encrypted (see
EncryptedComputation) though I still have difficulty understanding exactly why. Capabilities can themselves be encrypted; does that turn them into resources?
So on the one hand, we've got the security of storage and the field of encryption covers this completely. On the other hand, we've got security of access and the field of capability theory covers this completely.
And on the third hand,
- information leaks through metachannels (eg, page faults, TCP headers)
The theory is that there are only these three categories of security problems, that two of them are completely covered by mature theories, and that the third admits to no theory or algorithm. At least for now. I've got some inkling that every resource and object creates a metachannel but that's fairly vague and I'm not even sure it's true. Mostly, there is no algorithm for plugging metachannels; making them noisy is NOT acceptable and usually not even tolerable.
Economic problems like resource starvation are outside the bounds of computer security as they are economic in nature.