Security
Introduction
What do we mean by security? I think of these things:
- Identification: Who are you?
- Authentication: Are you allowed to do that?
Let's break up these two parts.
Identification
How can we tell a person is who they claim they are? Unfortunately, we can't. We can get pretty close, most of the time, but we can never get perfect.
What we can also get really good at is identifying people as "the person I gave X to".
These topics are of utmost concern with identification.
- Association. Who claims to know this person? How sure are they? How well do you know the people who that person?
- Attributes. What attributes does the person possess? Are these the same or different than the attributes that you know the person should possess? Just because some are different doesn't mean that it's not the person. For instance, a person may have their face disfigured in a car accident.
- Secrets. If you tell a secret to a person, and then tell them that whoever knows that secret you will trust to be that person, is that good enough?
In the world of the internet, these topics are vitally important. It's important that you think about them deeply.
Concerning secrets, the most common type of secret we keep and entrust is passwords. But there are others, such as secret keys.
If you are writing a new app, think hard about the issue of identification. How do you truly identify people? What attributes may change and how? What happens when a user forgets their password or their password is no longer a personal secret?
Authentication
Once we can identify a person, we then limit what they are allowed to do with authentication schemes. It's important that we thing of these topics as well.
- Privileges: What are things people can do? What privileges does an individual posses?
- Privilege escalation: Under what condition can a person with one privilege gain a new privilege? After all, you'll need someone to be a system administrator.
- Privilege issue: Who is allowed to hand out what kinds of privileges to which people?
- Groups: How can you aggregate entire classes of individuals into groups, and then grant that group privileges?
There are several authentication schemes out there. The most common are the UNIX file permissions and also the SELinux system.
If you write a new application, you'll have to think hard about how you are going to handle the issues of authentication.
You might also consider what happens if someone dies and their privileges should be transferred according to a will. Also, what happens if the laws of the land dictate that the privileges should be transferred to someone else, for instances as part of a court order?