This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Security as a Systems Property
September/October 2009 (vol. 7 no. 5)
pp. 88
Steven M. Bellovin, Columbia University
Daniel G. Conway, Augustana College
How do we protect systems? The answer is straightforward: each component must be evaluated independently and protected as necessary. Beware the easy answers, such as deploying stronger encryption while ignoring vulnerable end points; that's too much like looking under the streetlamp for lost keys, not because they're likely to be there but because it's an easy place to search. Remember, too, that people and processes are system components as well, and often the weakest ones—think about phishing, but also about legitimate emails that are structurally indistinguishable from phishing attacks. I'm not saying you should ignore one weakness because you can't afford to address another serious one—but in general, your defenses should be balanced. After that, of course, you have to evaluate the security of the entire system. Components interact, not always in benign ways, and there may be gaps you haven't filled.
Index Terms:
Steve Bellovin, systems, encryption, phishing, clear text
Citation:
Steven M. Bellovin, Daniel G. Conway, "Security as a Systems Property," IEEE Security & Privacy, vol. 7, no. 5, pp. 88, Sept.-Oct. 2009, doi:10.1109/MSP.2009.134
Usage of this product signifies your acceptance of the Terms of Use.