Since the Internet comes with security issues, attack and defense technologies undergo constant development. At the micro level, in a given period, a party may have prevailed, but from a macro point of view, a period of always using attack or defense techniques cannot always be effective. This is because attack techniques are constantly being upgraded to keep pace with developments in defense technology; the two are mutually reinforcing a dialectical relationship. Attack is a means of defense against the continuous development of technology and committing the error of disregarding the changing circumstances. In the area of security, there is no silver bullet.
Several security vendors show the user some really good blueprint when selling their products; it seems omnipotent, and the user can sleep well after purchase. But in fact, the security products themselves also need to be constantly upgraded and need someone to operate them. The product itself also needs a metabolic process otherwise it will not be effective. The automatic update feature in modern Internet products has become a standard configuration; a dynamic product will always continue to improve on its own.
When Vista released, Microsoft had vowed to ensure that this is the most secure operating system. We see the effort put in by Microsoft as security issues in Vista are much less than in its predecessors (Windows XP, Windows 2000, Windows 2003, etc.), especially with regard to high-risk vulnerabilities. In spite of this, hackers have managed to attack Vista in the Pwn2Own competition in 2008. The Pwn2Own contest is held every year, so hackers make indiscriminate attacks on the operating system, and they prepare a 0day vulnerabilities procedure in advance in order to win in Pwn2own.
Hackers continue to research and find new attack techniques, as does the defense side. Microsoft, in recent years, has improved the safety of products; it has taken into account the safety aspects throughout the development process and the security checks across the entire software life cycle and has proven that this is viable. Each product now has a sustained implementation of stringent security checks, which is a valuable experience that Microsoft has taught the industry. Safety checks need to be constantly upgraded to counter new attack detection and prevention programs.
Since there is no silver bullet and security program design and implementation are bound to be an ongoing process, where do we start? The design of security solutions should follow certain ideas and methods; with these methods, we can clarify our thinking and design excellent solutions. Because of breach of trust, security issues arise. We can determine what the problems are by using trust domains and boundaries. This process allows us to have clear objectives, but then what’s next?
Before designing security solutions, we should have a comprehensive view of security issues. This can be done in a variety of ways, but we must first understand the different elements of security issues. Through numerous previous practices, three elements of security, called CIA, have been identified: confidentiality, integrity, and availability. Confidentiality can protect data content from being leaked; encryption is a common means to meet confidentiality requirements.
As in the former example, if the file is not in a drawer but in a transparent glass box, outsiders cannot have direct access to the file, but because the glass box is transparent, the contents of the file may still be seen, so it does not meet the requirements of confidentiality. However, if we add a cover to the file, then it has a hiding effect, which meets confidentiality requirements. We can see that in the choice of security, solutions need to be flexible and adapted to local conditions; there is no hard and fast rule. Integrity is required to ensure data content is complete and has not been tampered with. The common technical means to guarantee this is a digital signature.
Legend has it that Emperor Kangxi of the Qing Dynasty wrote, “14th son should be the next emperor,” which had been tampered by the 4th son called Yin Zhen. Regardless of the authenticity of the legend, the protection of this testament clearly did not meet integrity requirements. Had digital signature technology been present at the time, this could have been avoided. The importance of data integrity can also be seen from this story.
Availability requirements for the protection of resources is a derived demand. Suppose there are 100 spaces in a parking lot; under normal circumstances, 100 vehicles can be parked. But one day, a bad man moves in 100 stones, thus occupying all the parking space available and disrupting normal service. In the security field, this kind of attack is called a denial-of-service (DoS) attack. A DoS attack damages the availability of security. In the security field, these are the three most important elements; we will expand these to more elements later, such as audit ability, nonrepudiation, etc. In the design of safety programs, these three elements should be the starting point.
