Delegates to Black Hat Europe have been encouraged to turn conventional security thinking on its head by practicing security through distrust.
Security pros normally aim to make (computer) systems (reasonably) secure and trustworthy. This means striving to ensure everything (software, hardware, infrastructure) is trusted. This means the code has no bugs or backdoors, patches are always available and deployed, admins trustworthy, and the infrastructure is reliable.
Security through distrusting
Joanna Rutkowska, chief exec of Invisible Things Lab, argued that it is better to treat any single component in a system as potentially pwned. This involves distrusting (nearly) all components and actors, and having no single point of failure.
“The industry has been way too much focused on this first approach, which I see as overly naive and non-scalable to more complex systems,” Rutkowska told delegates during a keynote presentation at the security conference on Thursday.
Security through distrust is no panacea because it involves trade-offs, particularly in usability and convenience. Rutkowska has applied the principle in designing how Qubes – an operating system she designed – handles image and PDF files. Other implementations are as yet thin on the ground. ®