[langsec-discuss] composability

Scott Guthery sbg at acw.com
Mon Jan 11 15:10:49 UTC 2016


Let’s move beyond the software toys and platitudes found in computer science classrooms and textbooks and talk about software at scale.  
Pick one of the 30+ ObamaCare connectors at random.  Start with a checkbox on the enrollment screen and go all the way through to the 2014 taxable income figure stored on an IRS computer somewhere that will be used to see if the user qualifies for the silver plan.  How many layers or interfaces did you go through? I’ll bet it’s well north of 1,000.
Am I really to believe that adding another interface to this stack will improve security?  Am I to believe that anybody could do a security analysis on this stack?  Heck, I don’t even think we could find out how many layers there are let alone determine the contribution of each layer --- pro or con --- to the overall security of the system.
We may have to compose systems but it is because of our own lack of brain-power.  It has nothing whatsoever to do with security.  The attack surface of true concern is the way we think. 
A very good friend of mine called this the Law of Constant Pain.  Whatever system we build, we will build it just beyond our ability to understand it ... with all the unintended (and painful) consequences.
Cheers, Scott
P.S. I hear Dan Geer loud and clear on the dangers of monolithic systems but where these systems implement law I think we have special case that deserves a more nuanced consideration.  Law is --- or at least is supposed to be --- a monolithic system.  Do I believe that the 30+ connectors embody a common and uniform implementation of the ObamaCare law?  Do you?
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20160111/f8f37a33/attachment.html>


More information about the langsec-discuss mailing list