“A system is a set of interacting or interdependent component parts forming a complex or intricate whole. Every system is delineated by its spatial and temporal boundaries, surrounded and influenced by its environment, described by its structure and purpose and expressed in its functioning.” (Wikipedia: system)
I’ve been involved with various types of security over the years, from features within products to storage, network and other communications security, and including stand-alone application security, cryptographic protocol design and other weird and wonderful issues like why you shouldn’t lose too much weight on holiday.* That’s a subject for another post. But what I keep coming back to is systems security.
And that’s because you can design all the security into a particular component that you like, you take as much care in coding it as you like, you can ensure that you compile is safely, you can test it to within an inch of its life, and ensure that it is deployed where and how you like – but if it’s part of a system, and that system has other holes, than you might as well not bother. We** often talk about “the weakest link in the chain” as a way of pointing out that if you have a single problem in a set of components, that’s what will break. That’s too simplistic an analogy***, though, as different components interact in different ways with each other, dependent on a variety of factors.
In order to understand how things will work together, you have to consider them as a system, to define what their behaviour as a system will be, and to architect the system with an understanding of the risks, threats and likely attackers that it will have to deal with in its lifetime.
Much of the content this blog may discuss components, but I hope that I’ll manage to explain their place in systems, and how they work together. Join me: I should be fun****.
*that’s a subject for another post – it’ll be fun
**by which I mean the nebulous “security community”
***don’t start me on analogies
****another disclaimer – I think that security is fun. Not everybody agrees. I’m presuming that the fact that you’ve made it this far means that you are at least open to the suggestion.