Alan Karp identifies 11 security questions:
- Authentication Who am I talking to?
- Authorization What should I be able to do?
- Audit Who did that?
Access control Should this request be honored?
Non-repudiation Can I pretend I never said that?
- Confidentiality Can others see what I'm seeing?
- Privacy Can others see that I'm seeing it?
- Integrity Can this data be changed?
Anonymity Can others find out who I am?
Denial of service Can I be assured of access?
- Physical security Who can touch it?
Mark Miller proposes some ways to think about security relationships:
A way to talk about security relationships
Permissions channels (necessarily overt in a sensible system) are phisical:
- Alice gives Bob a car or a car key.
Online overt information channels are visual:
- Bob can see Carol. Bob can see Carol's car.
- (Potential, transitive) overt connectivity is line of sight.
- Lack of overt connectivity (including revocation) is occlusion.
- Alice tells the Caretaker to turn opaque, blocking Bob's view of Carol.
Offline overt channels are visual but indirect:
- Bob can see that Kilroy was here.
Online non-overt channels (both covert & side) are auditory:
- Bob can hear Carol (e.g., hear Carol banging on the wall)
- Alice tries to silence (or mute) Carol
- Alice deafens Bob (or creates a deaf Bob)
- In order for Bob to hear Carol's wall banging, Bob and Carol, must be awake at the same time
Offline non-overt channels are olfactory:
- Bob can smell that Kilroy was here, even if Kilroy is asleep or dead.