Web security covers attack techniques as well as defense techniques. Before a specific technical explanation, we need to clearly recognize the nature of “ security” or “the nature of the security problem.”
What is web security? What circumstances will cause a security problem? How do we view security issues? Only by clearly understanding these basic issues can we get to understand all defense technologies and procedures we carry out.
In the martial arts, a true master must have a thorough understanding of the essence to achieve a return to the realm. By applying the same principles in the security field, we can design security programs to meet any challenge no matter how complex. So, how is a security issue generated? Let us start with the real world. In railway stations and airports, all passengers have to undergo a mandatory security check. The airport security scans the passengers’ luggage and checks whether they are carrying lighters, flammable liquids, and other dangerous items. Abstractly speaking, this security check filters out harmful objects so that once the aircraft is off the ground the passengers are safe. From a safety point of view, regions are carved out according to different degrees of importance.
Through a security check (filtration, purification) process, you can sort out the unknown person or thing to make it trusted. Regions are divided into different trust levels we refer to as domains of trust; divisions of the boundary between two different trust domains are called trust boundaries. Trust domain data from the high level of trust to a low grade do not need a security check; for data from the low levels to the high levels of a trust domain, you need to go through a security check of the trust boundary.
Though a security check is not required if you want to go out of the terminal, you need to undergo a security check if you want to come back again.
The nature of security issues is a question of trust. The bases for the design of all security programs are built on trustworthy relationships. Security programs can only be established if we believe in something; if we negate everything, security programs will be like a river without water or woods without roots; nothing can be designed.
For example, assume that we are in possession of very important documents. We must safeguard these documents and devise a way of locking them in a drawer. Here are a few basic assumptions: First, one must ensure that the craftsman of the lock did not have unauthorized possession of a key; second, one must verify that the craftsman of the drawer did not secretly install a back door to the drawer; finally, the key must be given to the custody of a trustworthy person and must not go to the wrong hands. If we are unable to trust these persons, it will not be possible to safeguard the document. The possibility of the threat’s existence depends on the level of trust on the artisan. If we trust the craftsman, then, under this assumption, we can determine the security of the document. The level of trust in such conditions is the foundation to determine whether an object is safe.
In real life, we rarely expect the most extreme condition, because this would mean the least probability with the highest cost. When our budget is limited, we tend to design a program within these constraints and allow this to dictate decision making. When designing physical security, for example, we have to take into consideration different locations and different political environments: this may include factors such as typhoons, earthquakes, and wars. However, when considering the design of those programs, we need to have different priorities based on the probability of occurrence. Deep in the mainland, for example, considering factors such as typhoon is not very necessary; by the same token, in the stable region of continental plates, considering earthquake factors will result in higher costs. Considering extreme cases, such as a comet colliding with Earth to ensure that the engine room will not be affected is a waste because there is hardly any likelihood of tis happening.
From another perspective, once the conditions we regard as bases for decision making are broken or bypassed, then a prerequisite will lead to the assumption that is no longer reliable and decline into a false proposition. Therefore, to grasp the degree of trust conditions is the most difficult in designing programs, but it is also an art.