Matasano Chargen - Latest Comments in On Chains, Meshes, and Defense in Depth

Re: On Chains, Meshes, and Defense in Depth

LonerVamp — Thu, 29 Mar 2007 21:50:34 -0000

I also look forward to more examples from anyone, to better illustrate the concept. Chains, defense in depth...they've been pretty beat to death (not that they're dead, but we know what we're talking about with them). I'd love to read more about mesh or "forward security."

Of note, I like reading not only Nate but another (your) rewording of the concept. Seeing it a couple different ways certainly helps the understanding!

Re: On Chains, Meshes, and Defense in Depth

Thomas Ptacek — Thu, 29 Mar 2007 20:07:48 -0000

I actually think Nate is talking more in terms of your "forward security" than my mesh definition.

For 12 defender checks, my progression from chain to mesh goes 1 attacker victory, then 3, then 12. Nate's is 1, 12, 12. Nate is saying "you have to beat all the checks, but the attacker's effort decreases for each one you beat".

The difference between "depth" and "mesh" for him is, as with "forward security", one of leverage: an attacker can concentrate efforts on one defense, like a blade concentrates force on an onion.

There's a spectrum in both interpretations.

Re: On Chains, Meshes, and Defense in Depth

Shawn F — Thu, 29 Mar 2007 19:56:51 -0000

One can also introduce the concept of forward-security (not exactly the same as in the usual cryptographic definition) as well. A good defense in depth chain design should exhibit this property. Forward-security means that breaking an individual chain should not make it easier for an attacker to break any of the other chains. Obviously this cannot be applied to your definition of a mesh.

Also I think there is a balance between a defense in depth design and a mesh design. Like a series of loosely coupled chains. An attacker *could* break each one separately, but the chains reinforce each other such that breaking one is much more difficult in the presence of the others. In this case forward-security would apply. Forcing an attacker to break all at once makes sense for cryptographic algorithms and protocols, but I think it’s much harder to do in software systems.

I gave an example (not a very good one) of how this could be done for physical security on Nate’s page. I look forward to some more non-cryptographic examples.

Re: On Chains, Meshes, and Defense in Depth

Nate — Thu, 29 Mar 2007 18:19:27 -0000

This pretty much matches what I've been saying. I actually have some concrete examples of the mesh design model that aren't cryptography, but you'll have to wait until I finish and post them.

More soon!