Law 4: Trust No One

Diehl, Eric

doi:10.1007/978-3-319-42641-9_4

Eric Diehl²

1344 Accesses

Abstract

There are many definitions of trust. Trust has many aspects. Trust encompasses different fields such as psychology, sociology, economics, and computer science. Trust is essential when the environment is uncertain and risky. Trust allows taking some decisions based on prior knowledge and experience. However, trust is subjective and evolves with time.

Honesty is the best policy

(old saying)

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Hardcover Book: USD 79.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
“You also my son.” Brutus was a proponent of the republic that Julius Caesar replaced by the empire.
2.
Ganelon is indeed a fictitious character who was created three centuries later in the “Chanson de Roland.”
3.
Sneaker net is the vocable that describes the use of a physical detachable storage to exchange data between two systems.
4.
Network protocols assume that every MAC address is unique. If, in a network, two devices present the same MAC address, the network may have some failures. Furthermore, if the conflicting devices are routers, then the network will collapse.
5.
The main difference with consumer products is the resistance to environmental conditions. Military grade components must operate on a larger range of temperature and higher humidity ratio. For instance, military grade components operate from −65 to 175 °C, whereas commercial grade components operate from 0 to 70°C. The mean time before failure should also be higher for military grade components than for consumer grade ones. Usually, the military grade is not reached by a different design but rather by a stricter final qualification test during manufacturing.
6.
Apple produces iOS; Google produces Android; Microsoft produces Windows RT and Windows 10.
7.
Baidu is the Chinese equivalent of Google.
8.
If the attacker is able to request revocation of a valid certificate, she can create a nice, efficient DoS attack, especially if the revoked certificate is rather high in the certificate hierarchy. Indeed, if the certificate of one leaf of the hierarchy is revoked, then all the certificates of its branches are also revoked.
9.
The British GCHQ is the equivalent to the US NSA.
10.
This section does not consider Virtual Private Cloud (VPC) as a private cloud. VPCs are public clouds that have more sophisticated secure intra- and extra-communication means.
11.
At least, this is true for company B. In the case of company A, the assumptions are weaker as it does not anymore control the hardware and OS.
12.
There is another mode of certification of AIK, called Direct Anonymous Attestation, that does need a private CA. It uses a zero-knowledge protocol.
13.
TPM is cheaper and dedicated to consumer applications. They do not need to sustain the same attacks as smart cards or HSMs.
14.
For systems using specialized chips such as SoC, BIOS may be replaced by a dedicated secure mode of this specialized chip.
15.
It had always been clear for the smart card community that with enough time, plenty of money, the right skill set, and access to expensive specialized equipment such as electron beam microscopes or focus ion beam etchers, it would be possible to break into any smart card.
16.
The advent of serious artillery made obsolete the advantages of balistraria. The artillery blew down the entire wall. Therefore, Renaissance castles used large windows and privileged aesthetics over security as balistrarias were not anymore an efficient defense mechanism.
17.
Sometimes, a firewall may protect one unique appliance rather than a set of connected principals.
18.
The only valid scenario is that the computer has to communicate with a legacy device that only supports telnet and not SSH. This scenario should be banned where possible.
19.
C&C channels are systems used to control a set of remote botnets, zombies, or Trojan-infected computers. For instance, the instruction set may request to exfiltrate a given type of files to a given IP address, or erase them.
20.
This is called the similarity principle. It is one of the favorite tools of social engineers. See Sect. 7.2.3.
21.
This limits also the liability of the IT administrators in case of leakage.
22.
Of course, the software development cycle includes many more phases such as specifications, analysis, or design.
23.
Despite its name, the signature file does not contain any signature.

Author information

Authors and Affiliations

Sony Pictures Entertainment, Culver City, California, USA
Eric Diehl

Authors

Eric Diehl
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eric Diehl .

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Diehl, E. (2016). Law 4: Trust No One. In: Ten Laws for Security. Springer, Cham. https://doi.org/10.1007/978-3-319-42641-9_4

Download citation

DOI: https://doi.org/10.1007/978-3-319-42641-9_4
Published: 17 November 2016
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-42639-6
Online ISBN: 978-3-319-42641-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics