다음을 통해 공유


Security Analogies are usually Wrong

I have long believed that if someone makes an argument and uses an analogy, then the argument is often weak. But that’s just me!

This is why I usually roll my eyes when I hear statements like, “If [bridges|cars|airplanes] were built like software then…” because comparing physical items and software is just wrong. They are not the same thing, you cannot compare them.

That being said, I thought I would offer a counter-analogy.

Enjoy.

If cars operated in an environment like the Internet, they would…

  • Be driven by people with little regard safe automobile operation.
  • Have their windshields shot out every 60 secs.
  • Once you have bullet-proof glass, the bad guys place nails at freeway off-ramps next to signs like, “free coffee this way”
    • and someone is always trying to steal your keys
    • and pull out your sparkplugs
    • and siphon your gas
  • Talking of gas, you fill up at a Shell station, only to realize the gas really isn’t gas, it’s vegetable oil and sand
  • Oh, that gas station isn’t a Shell station, it certainly looked like one, but they took your credit card details anyway
  • As this all goes on, you can’t see the adversary
  • And the adversaries are sharing new weapons with each other

And you thought you were going to work this morning!

Comments

  • Anonymous
    March 09, 2006
    My favorite analogy I bring up when engineers complain about the stability of software by saying that bridges rarely fall down whereas software fails on a constant basis:

    Engineers are never asked to build a car then 2 months later told it has to be able to travel under water and 2 months after that that it has to be able to go into space and also be ready the next week.

  • Anonymous
    March 09, 2006
    Sounds like something I've been saying for years: http://groups.google.com/group/comp.security.misc/msg/17850ff7425950d9

  • Anonymous
    March 10, 2006
    Bad nerd joke, try to code better because
    jokes are not your best area.

  • Anonymous
    March 10, 2006
    Don't forget, as you enter the station they install a remote control under your hood.  It doesn't work very well, and often causes you to crash, but since they attack a lot of cars, they don't care a lot.

  • Anonymous
    March 10, 2006
    Very nice and very true!. Being a security guy, I have to say its sad that I didn't make that counter analogy. I guess that's why you work at MS :)

  • Anonymous
    March 10, 2006
    Well,
    don't want to sound to stuborn, but:
    - you cannot run your own gas-station without certain certificates, even if you manage to fake these certificates, you will surely get cought sooner or later (if you mix sand with gas) -> analogy: on the Internet it is way too easy to counterfeit "secure" web pages.

    - automobiles are made dead-sure, it is not an  an option that you get BSOD during your ride with 100 mph, i.e. quality assurance/testing is way better/standardized compared to software engineering.

    - when buying spare parts (applications/plugins, whatever) for your car, you have two options, original (dead sure quality, for a bigger price) or produced by someone else (cheaper, quality MIGHT not be that good as the original, but still works). The choice is yours and either you choose, you still get a working car after replacement. Analogy: buy a software, you know absolutely sh*t about its quality. none. zero. doesn't even matter if it's from the "original" or a 3rd party supplier, it still can work badly.
    Quality assurance? Laugh my heads off.

    So pardon me Mike, but the analogy is better
    than you would think.
    Cheers,

    a senior sw engineer

  • Anonymous
    March 10, 2006
    I thought I would share Michael Howard's recent blog on "Security Analogies are Wrong".  I agree...

  • Anonymous
    March 10, 2006
    From a presentation by a security contractor on campus:

    1 bottle of beer on the wall, 1 bottle of...

  • Anonymous
    March 10, 2006
    The comment has been removed

  • Anonymous
    March 12, 2006
    The comment has been removed

  • Anonymous
    March 14, 2006
    Security and robustness are easy.

    Except that no-one is willing to set the development schedule to accomodate the security/robustness requirements.

    Except that no-one is willing to set the pricing to accomodate the security/robustness requirements.

    Except that no-one is willing to deny feature requests to accomodate the security/robustness requirements.

  • Anonymous
    March 14, 2006
    When the environment (O/S) that software operates in is basically flawed and insecure, how can the software be anything else ? People use analogies so often because they're limited in their ability to communicate thoughts with words, and hope to rely on preconceptions to make their point.

    We're lucky when the masses can spell simple words correctly, much less express thoughts and concepts.

  • Anonymous
    March 15, 2006
    The comment has been removed

  • Anonymous
    March 20, 2006
    The comment has been removed

  • Anonymous
    March 20, 2006
    Counterfactual conditionals are always true. That is, an implication (such as "if x then y") where the antecedent (in this case "x") is false will always be true.

    Uninteresting, perhaps, but true nonetheless.

    So if this is an example:
    If cars operated in an environment like the Internet, they would be driven by people with little regard safe automobile operation.

    Then, because cars are not operated in an environment like the Internet, the statement must be true.

    Instead of "Security Analogies are usually Wrong", I'm afraid security analogies are always true. Uninteresting, but true.

    And cars are frequently driven by people with little regard for safe automobile operation. But the truth value of the consequent is not relevant when the antecedent is false.

  • Anonymous
    March 20, 2006
    The comment has been removed

  • Anonymous
    March 21, 2006
    The comment has been removed

  • Anonymous
    March 22, 2006
    The comment has been removed

  • Anonymous
    March 23, 2006
    Most analogies are inherently flawed.  It's sort of an apples and oranges situation.  While you can attempt to compare and contrast, the dissimilarities between the 2 disparate subjects can often cloud the message.  Such as Helium's cat analogy; very well put.

  • Anonymous
    March 31, 2006
    Web Resources





    [.NET Framework] GotDotNet CodeGallery
    Share, find, download and discuss evolving...

  • Anonymous
    June 05, 2006
    In his entry "Security Analogies are Usually Wrong, Michael Howard does a bit of delving into the "software security by analogy" poing of view: I usually roll my eyes when I hear statements like, “If [bridges|cars|airplanes] were built

  • Anonymous
    March 22, 2007
    After reading Alik Levin's Security Language That Everyone Understands and Michael Howard's Security

  • Anonymous
    January 04, 2008
    PingBack from http://actors.247blogging.info/?p=4024

  • Anonymous
    January 05, 2008
    PingBack from http://boxing.247blogging.info/?p=2829

  • Anonymous
    March 20, 2008
    PingBack from http://dinnermoviesblog.info/michael-howards-web-log-security-analogies-are-usually-wrong/

  • Anonymous
    May 31, 2009
    PingBack from http://woodtvstand.info/story.php?id=4645

  • Anonymous
    June 08, 2009
    PingBack from http://quickdietsite.info/story.php?id=4772

  • Anonymous
    June 17, 2009
    PingBack from http://pooltoysite.info/story.php?id=10692

  • Anonymous
    June 19, 2009
    PingBack from http://edebtsettlementprogram.info/story.php?id=22818

  • Anonymous
    June 19, 2009
    PingBack from http://mydebtconsolidator.info/story.php?id=6054