Chapter 10. System Security Engineering

I once heard that Yahoo has full-time employees who are responsible for replacing failed hard drives in its 50,000+ servers. If the average hard drive lasts for two years, then Yahoo has to replace roughly 69 hard drives per day! System security engineering in cybersecurity is about building and evaluating systems to be dependable in the face of adversaries and errors. Building a secure system is ideally about taking an unambiguous policy, formally validating the hardware design and implementation, formally validating the software, and generating scads of documentation. Such a system, despite precise, formalized elegance, is not usable. Therefore, we have to compromise on pieces of this idealized development and engineering process. For every compromise there comes some risk, and the security engineer must try to drive down that risk, recognizing that it can never reach zero. Science can help you analyze the options and figure out how to mitigate them.

Understanding security requirements at the system level—the big picture—requires cross-disciplinary skills and tools. Security engineers should consider economics, psychology, and ethics in addition to information technology. Examples of broad systems of this nature include enterprise networks, electronic voting solutions, and online web services. You probably don’t have to think about system security for anything the size of Facebook, but the principles of system-level security are just as important ...