Revisiting the Immutable Laws

For many years I, and many others, have been referring to the immutable laws of security when trying to explain why something works, or does not work, a particular way. However, I've always wondered how immutable the laws really are? I finally sat down and went through them. The result is a three-piece article series in TechNet Magazine. The first installment just hit your favorite newsstand, or web browser, as the case may be. The second and third pieces will be in the November and December issues of TechNet Magazine.

Published Mon, Sep 22 2008 11:00 PM by jesper

Comments

# Harry Johnston said on 23 September, 2008 05:41 PM

I note that you haven't defined "immutable".  I don't think it is a good word, because it implies that they apply not only for existing hardware designs and operating systems, but for any possible hardware design and operating system.

I don't know whether this is what you mean by it, but if so, I'd dispute law 1.  It's entirely possible for an operating system to be designed so that malicious or faulty code can't do you any harm simply by virtue of being run.  (Of course this can't eliminate all possible social engineering attacks, but it can make it much more difficult to confuse a user into doing something bad, particularly in a corporate setting.)

Law 3 is also marginal in this respect - a better hardware design would go a long way towards mitigating this, at least in the context where either the attacker is under observation or the computer is connected to an alarm system.

# Chris said on 23 September, 2008 05:48 PM

Thank you for re-energizing the immutable laws of security.  Seems most people don't want to heed the third tenant of the laws:  If someone has physical access to your computer, then it isn't your computer anymore.

This fact was extremely evident when the various news outlets published harsh articles talking about how vulnerable the DieBold Voting machines are to physical tampering.  It would seem that we will have an electronic voting machine only when it becomes possible to allow someone to vote electronically without making physical contact with the voting machine.  Not likely anytime soon.

And on a side note... why is it that our current non-electronic voting methods aren't held up to the same rigorous security requirements as what is being held against the electronic voting machines?

# Harry Johnston said on 23 September, 2008 06:08 PM

Chris: there's no reason a voting machine can't be made reasonably resistant to physical tampering.  If the electronics are inside a suitable container - strong, locked, and alarmed - and provided the unit is stored appropriately when not in use, there's no problem.  Think automatic teller machine.

Physical audit trail is also a key idea here.  The machine needs to print out a copy of the vote for the user to check.  This copy can be put in a traditional ballot box in the event the machine's results are challenged (or selected at random for auditing).

# YADmitry said on 30 September, 2008 10:49 AM

I liked the paragraph about edlin. Honestly I didn't know it was still there (checking it on win2K3). Looking inside this exe: MS DOS Version 5.00 (C)Copyright 1981-1991

Wow! Unchanged since MS DOS 5!

The same applies to exe2bin. All my old DOS friends are still there - even my favourite debug.exe.

Another surprising thing - the presence of upg351db. WINS DB upgrade when you jump from NT3.5 to 2000. I reckon this program can compete with edlin in terms of frequency of use.

# Rob said on 06 October, 2008 01:49 PM

I read your article this morning, and wanted to point out that USB devices do not support DMA.  The USB host controller (a PCI-type device) does, but USB devices themselves only return data when polled by the host controller.  One cannot build a USB flash drive or other peripheral that can write to arbitrary memory addresses.  A PCI device, however, could do this; think ExpressCard (which supports both USB and PCI Express) or even 32-bit CardBus devices (perhaps).

# Marta Guillen said on 21 October, 2008 11:56 PM

Mr. Jesper,

I have to appologize for using this way of communication with You, but after hours and hours of searching the Web for technical support in order to get help and solutions to my problem, I bumped into Your blog which I found very interesting.

I am facing a security problem, where somebody has stolen passwords for old hotmail accounts of mine and is using them to harass me and harm me in many ways.

I don't seem to be able to find answers anywhere and don't know how to stop it. Would You be so kind to help me with this problem if you could?

Thank you very much and Best Regards.

# jesper said on 22 October, 2008 12:33 AM

Marta, I am sorry to hear that. Could it possibly be that they re-activated old hotmail accounts you let lapse? Either way, it is not something I can help with. I recommend you contact the Security Support Center at Microsoft. The various options for doing that are listed at technet.microsoft.com/.../cc165610.aspx.

# Vincenzo Di Russo [MVP] said on 30 October, 2008 01:40 AM

PingBack from

blogs.dotnethell.it/.../Security-Watch-le-10-leggi-immutabili-della-sicurezza.__14446.aspx