< PCI DSS Compliance Deadlines | Climate Change Resources >
Oct 16

The Towelie Encryption Principle

Security No comments »
Security Straight from Dominic's jargon generation lair, come the following two encryption related terms:

The Towelie Encryption Principle states:

Encryption should be implemented as high up the application stack as possible.

The Underground Fortress Effect

The underground fortress effect is a description of encryption's ability to enforce access controls/authorisation at the layers of the application stack below the layer at which they are defined.

Ok, I made them up, but I think they are useful ways of thinking about encryption, someone else may have also made them up, but mine are better branded :)

There is a lot of talk about mass encryption these days, notebook encryption, Vista BitLocker, native SQL 2005 row level encryption, nearly everything supporting SSL, IPSec etc. Many people seem to misunderstand what encryption buys you, and that depending on the level at which it is implemented, has certain exposures that may conflict with the requirement for encryption.

As for a justification, it may be best to start with some examples. If you are trying to decide on sub-OS or OS-level hard drive encryption for your mobile users, many have argued for full disk encryption (even Gartner). However, sub-OS full disk encryption would expose data to administrators with rights to the machine, anyone with access to open shares exposing the data etc. However, OS aware encryption could enforce authorisation defined by the OS and could prevent administrators from accessing the data or users accessing an open share from reading the data in addition to the protection sub-OS full disk encryption would provide i.e. preventing low level reads of the hard drive exposing the data.

By an application stack, I mean the following:

  1. Application
  2. Database
  3. Operating Systems
  4. Hardware

Thus, when deciding where to place the encryption start at the top, and move down once possibilities have been eliminated. For example, if the application can't implement the required encryption, do it at the database level. The only caveat is that if the data you want to encrypt doesn't reside at a tier, then the top can move, for example, if you want to encrypt the page/swap file, the application and database tiers don't exist. The principle was named as such after the "Wanna get high", Towelie character from South Park.

A nice way to think about encryption, is to imagine it as enforcing authorisation. For example, current permission systems e.g. file system/table ACLs, security groups etc. can usually be bypassed by accessing the data at a level lower that they are enforced. For example, if you want to get around database permissions, just copy the file in which the database stores the data, or even lower, do a low level read of the hard drive. With encryption, the enforcement of the ACLs can be down at each tier below the tier at which they are defined. In fact, we need a new catchy phrase for this effect ... ladies and gentlemen, the underground fortress effect.

Posted by Dominic White

0 Trackbacks

Trackback specific URI for this entry
  1. No Trackbacks

0 Comments

Display comments as(Linear | Threaded)
  1. No comments

Add Comment


E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA