Alan Karp identifies 11 security questions:

  • Authentication Who am I talking to?
  • Authorization What should I be able to do?
  • Audit Who did that?
  • Access control Should this request be honored?

  • Non-repudiation Can I pretend I never said that?

  • Confidentiality Can others see what I'm seeing?
  • Privacy Can others see that I'm seeing it?
  • Integrity Can this data be changed?
  • Anonymity Can others find out who I am?

  • Denial of service Can I be assured of access?

  • Physical security Who can touch it?

Mark Miller proposes some ways to think about security relationships:

A way to talk about security relationships

Permissions channels (necessarily overt in a sensible system) are phisical:

  • Alice gives Bob a car or a car key.

Online overt information channels are visual:

  • Bob can see Carol. Bob can see Carol's car.
  • (Potential, transitive) overt connectivity is line of sight.
  • Lack of overt connectivity (including revocation) is occlusion.
  • Alice tells the Caretaker to turn opaque, blocking Bob's view of Carol.

Offline overt channels are visual but indirect:

  • Bob can see that Kilroy was here.

Online non-overt channels (both covert & side) are auditory:

  • Bob can hear Carol (e.g., hear Carol banging on the wall)
  • Alice tries to silence (or mute) Carol
  • Alice deafens Bob (or creates a deaf Bob)
  • In order for Bob to hear Carol's wall banging, Bob and Carol, must be awake at the same time

Offline non-overt channels are olfactory:

  • Bob can smell that Kilroy was here, even if Kilroy is asleep or dead.

Open Issues related to security.