Mesh-05 Out of Scope

Not my problem

One of the biggest problems in making any presentation on security is that there is always someone who just has to explain that the proposal won't help, actually it is completely useless because there is some problem that the designers obviously didn't understand or think about. And of course, when the time comes to make a proposal to address that other problem that was so very important, the same person will pop up to explain how it doesn't affect the first.

Pointing out that a proposal to solve problem X could also solve problem Y if it worked a little differently is useful and constructive. Lecturing people that a solution to X or Y is useless unless we first solve Z is almost invariably not.

The goal of information security is risk management, not risk elimination. The Mesh does not solve every security problem, nor is it intended to do so.

Overcoming this sort of objection is like Bertrand Russell's turtle stacking problem. Each time you pick a turtle up, the opponent will always find another underneath it:

Code injection makes the system insecure
Write applications that don't use internal scripting languages
Application insecurities make the system insecure
Write applications using managed code that eliminates array bounds overflow, etc. vulnerabilities
Operating System insecurities make the system insecure
Use properly architected operating systems and patch regularly.
Firmware insecurities make the system insecure
Buy equipment from trustworthy vendors.
Hardware may be compromised at source
Buy hardware from trusted foundries.

The astute will realize that the more turtles we remove, the less satisfactory the solutions become. But fortunately, so does the cost of the attacks.

Some of the constituencies I work with are very concerned about the risk of hardware being compromised at source. For them, this attack is real, not theoretical. But the cost of mounting such an attack is very high which almost certainly puts it beyond the capabilities of all except a few well funded national laboratories.

End-Point Security

If you have confidential material on a device that an attacker has compromised, you are likely to suffer a breach.

While this statement is obviously true, it is like any counsel of despair, utterly unhelpful because it assumes that the most effective approaches to providing protection have already failed.

The Mesh provides an infrastructure that could be used to make compromise of the end-point less likely and to mitigate the consequences of a compromise should one occur.

The Internet email infrastructure we use today was based on the interesting security assumption that by default, any Internet user could send any material they like to any other. We have an email system that allows attackers to send millions of logic bombs to their potential victims every hour. Why

Changing that assumption so that only people that a user has identified as trusted can send more than a short contact request message, does not eliminate the possibility of end-point compromise but it reduces the risk considerably.