Was down in Austin yesterday, and got to spend some time with Kapil Sachdeva at AxAlto. Kapil has blogged about his work on PSTS, and how smart cards fit in federated identity. The meeting was good, but the best part was talking with Kapil about where things are going. Like I blogged earlier in The Road to Assurance, Brian Snow points out that one of the vastly underutilized elements for improving our collective security is hardware features. Smart cards have excellent utility as the "Island of security" that Brian advocates for. Like I blogged in another post about Thinking in Layers, many of the smartest people in the last 100 years have come to realize "A problem cannot be properly resolved at the same logical level that it was created." The smart card is so killer because it not only provides a level of indirection (with which we can solve anything, right?), but it also takes us out of the physical stack and all its dependent defense in depth layers. So when we think about increasing the security in a system, sometimes the most cost effective answers are not about cramming more stuff into the box we are trying to protect, but using composition of separate physical elements to achieve our aim. I believe this is part of what Brian Snow is after when he asks the question:
How do we get high assurance in commercial gear?
a) How can we trust or,
b) If we cannot trust, how can we safely use, security gear of unknown quality?
As Bob Blakley says: "Trust is for suckers", and this really needs to guide our design thinking. It is not about blithely assigning "trust" to some network, app, host, or physical element. It is about considering all of the options at all layers (Physical, Identity, Network, Host, App, Data) to compose a system where the controls can collectively achieve higher assurance.