Paper: Uncovering Assumptions in Information Security




The structure of security is built upon assumptions. We assume implementations correctly enforce models, that procedures are correct, enforced, and appropriate, and that authorized administrators and users will not compromise the security of the system, either deliberately or accidentally. We assume that configuring systems will cause them to act as configured. We assume that the patches we add to improve security do not conflict with other security components or policies. If our assumptions are wrong, our system has security vulnerabilities we do not realize, and so cannot guard against. This suggests that students must learn to question assumptions. By doing so, they can discover what security mechanisms, and in some cases policies, are unrealistic. Then they can either change the mechanisms to make more realistic assumptions, or institute procedures to detect attackers trying to violate the assumptions and break into the system.

Copyright Notice

The version posted here is a manuscript version. The definitive version was published in the Proceedings of the Fourth World Conference on Information Security Education, May 2005.