The Need for Integrity
Why the lack of interest in integrity? In part, we believe that this is because integrity is not the central concern of military security—the driving force behind most computer security research and commercial development over the past few decades. In the military model of security, the primary goal is to prevent unauthorized personnel from reading sensitive data. This is called confidentiality and is of paramount importance in the military view of computer security.
Confidentiality is a priority that’s easy to understand, but it can be weird in practice. It leads us to security policies that say it is acceptable, at some level, to blow up the computer center, burn the backup tapes, and kill all the users—provided that the datafiles are not read by an attacker! (The “self-destruct” system of Star Trek’s USS Enterprise was designed with this kind of confidentiality in mind.)
We believe that in most commercial and research environments, the often ignored goal of integrity is actually more important than confidentiality or availability. If integrity were not the priority, the following scenarios might actually seem reasonable:
Well, whoever came in over the Net wiped out all of /usr and /etc, but they weren’t able to read any of the files in /tmp. I guess our security worked!
or:
Somebody compromised the root account and added 15 new users to /etc/passwd, but our security system kept them from doing an ls of the /usr/spool/mail directory. We dodged a bullet on this ...
Get Practical UNIX and Internet Security, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
