Security as a Systems Property

Steven M. Bellovin; Daniel G. Conway

doi:10.1109/MSP.2009.134

Security&Privacy
2009
Issue No. 5 - September/October
Abstract - Security as a Systems Property

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Steven M. Bellovin Articles by Daniel G. Conway

Security as a Systems Property

September/October 2009 (vol. 7 no. 5)

pp. 88

	ASCII Text	x
	Steven M. Bellovin, Daniel G. Conway, "Security as a Systems Property," IEEE Security & Privacy, vol. 7, no. 5, pp. 88, September/October, 2009.

	BibTex	x
	@article{ 10.1109/MSP.2009.134, author = {Steven M. Bellovin and Daniel G. Conway}, title = {Security as a Systems Property}, journal ={IEEE Security & Privacy}, volume = {7}, number = {5}, issn = {1540-7993}, year = {2009}, pages = {88}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2009.134}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security & Privacy TI - Security as a Systems Property IS - 5 SN - 1540-7993 SP EP EPD - 88 A1 - Steven M. Bellovin, A1 - Daniel G. Conway, PY - 2009 KW - Steve Bellovin KW - systems KW - encryption KW - phishing KW - clear text VL - 7 JA - IEEE Security & Privacy ER -

Steven M. Bellovin, Columbia University

Daniel G. Conway, Augustana College

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.134

How do we protect systems? The answer is straightforward: each component must be evaluated independently and protected as necessary. Beware the easy answers, such as deploying stronger encryption while ignoring vulnerable end points; that's too much like looking under the streetlamp for lost keys, not because they're likely to be there but because it's an easy place to search. Remember, too, that people and processes are system components as well, and often the weakest ones—think about phishing, but also about legitimate emails that are structurally indistinguishable from phishing attacks. I'm not saying you should ignore one weakness because you can't afford to address another serious one—but in general, your defenses should be balanced. After that, of course, you have to evaluate the security of the entire system. Components interact, not always in benign ways, and there may be gaps you haven't filled.

Index Terms:

Steve Bellovin, systems, encryption, phishing, clear text

Citation:

Steven M. Bellovin, Daniel G. Conway, "Security as a Systems Property," IEEE Security & Privacy, vol. 7, no. 5, pp. 88, Sept.-Oct. 2009, doi:10.1109/MSP.2009.134

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.