In the context of computer security, or security in general, I think that the saying, “A system’s security is as strong as the weakest link”, summarized the relationship of the video “Father Guido Five Minute University” to the gist of the article “Why Cryptosystems Fail”.
The point of Father Guido in his idea of a Five Minute University is that the value of education we get over the years of our stay in a learning institution is relevant to their usability in dealing with the realities we face in the outside world. He says that we usually remember just the things that are actually of use to us (in our job for example), and tend to forget everything else.
In the same manner, the quote above implicitly states the real value/strength of any security system how complex or simple it may be. It’s very common to implement multi-level security system these days. And the value of these security systems is just as good as the weakest component in the chain. A single hole is enough to enable attackers to break into the whole system. In the article, it was stated that most of the attacks on cryptosystems do not exploit their technical weakness, but rather directed to other aspects of the system i.e. physical implementation, poor management, quality control.
So the author suggested a shift in the way we think, in our evaluation of the strength of computer security systems. He said that efforts should be diverted on strengthening the competence of the people involved in implementing other aspects of a security system.
References:
[1] Anderson, Ross. Why Cryptosystems Fail.
[2] _____. Father Guido Sarducci Five Minute University. @[youtube.com]
No comments:
Post a Comment