Safecracking for the Computer Scientist

Matt Blaze of the University of Pennsylvania CompSci department compares physical security [PDF] of locks protecting safes to computer security of systems protecting information in this draft paper. He concludes that information security has a long way to go and lots to learn from the world of physical security.
"Physical security has been studied for far longer than information security, of course, and the tradeoffs between resistance to attack and the cost of protection are relatively well understood. The situation in computer security is quite different, with new mechanisms, attacks, countermeasures, and threat models being invented and made obsolete in a dizzyingly fast cycle that lacks the luxury of generations of hindsight.
There is much that information security can learn from physical security, and a careful study across the two disciplines should strengthen both of them."
For those who don't recognize the name, Blaze has one that irritates a lot of software vendors, for he has a knack of pointing out in gory detail, the vulnerabilities with their systems. With this latest paper, Blaze continues his foray into physical security and will annoy a new set of people by studying and publishing reports on their vulnerabilities. In fact, if you want to learn how to crack safes, this paper does provide the gory details. The point is however, not to annoy people, but fix the false sense of security that comes from "embracing the security through obscurity."

Comments

  1. dabydeen8:05 a.m., January 03, 2005

    For a sidebar study by Matt Blaze on NiMH Battery Chargers, follow this link.

    ReplyDelete

Post a Comment

Popular posts from this blog

Blogs of Note

Who Would Jesus Hate? -- described as providing "anecdotal evidence of how religion is on the wrong side of every social issue." Fugetaboutit! -- hilarious site from a "48-year-old shrinking Italian comedian ." Take the tagline for instance: "I saw the face of Jesus in my lasagna ... briefly."
Read more

Civil disobedience is called for

Image
In an act of desperation, Tim DeCristopher chose civil disobedience to disrupt the bidding process that saw 149,000 acres of public land leased off to oil companies in Utah. The lease of the land to oil companies, to allow drilling, has been contested by many who wish to preserve the pristine land, located near Arches National Park, the White River, the greater Desolation Canyon region, Labyrinth Canyon, the benches east of Canyonlands National Park, Nine Mile Canyon, the Book Cliffs and the Deep Creek Mountains. It is one of the final sell-off by the dying Bush administration. DeCristopher showed at the auction, registered as a bidder, and started bidding -- and winning -- with no intention of purchasing or paying for the auctions he won. Way to go dude! You're a hero!
Read more
GT Ripple Want to say goodbye to that ole boring desktop? Try GT Ripple. It adds nice soothing movement to your desktop. Once you've downloaded and installed the app, you will need to images to ripple. Go here: Visual Paradox Deviant Art
Read more