Chess has some lessons to teach us here. Chess has three main stages - the Opening(where vast analysis applied to the various opening strategies: the Sicilian, Ruy Lopez and so on), the Middle game (which is chaotic), and the End game (strategies to capture the opponent's King). Each stage in the game has a unique set of strategies that are related but separate from the other stage strategies.Following through the analogy - once the Opening game (authentication) has passed, then identity can survive in the chaotic Middle game by propagating verifiable identity (or attributes) in the transaction (which Gunnar covered back in 07). Then the End game is when, at the endpoint, a fine-grained authorization decision can be made based on identity and attributes. The key, like in chess, is not to only perfect the Opening game and then just hope for the best.
A Chess match is not one side dictating rules and the other side simply moving, instead its a synthesis of each side trying various gambits that result in unique permutations from match to match. The nature and structure of these permutations are not possible to calculate effective beyond a certain point so pattern recognition must be used.
Coming full circle back to infosec, the best we can hope for is a good design that facilitates a good Opening game followed by a stream of events and logs that enable effective middle and end games. I think of AAA access control technologies as Opening Game strategies - many people think of Kerberos and other ticketing systems are security, but really they just establish the initial ruleset for operations, the real game begins once they're in place, in use, and under attack. The structure used at the opening does not dictate all or maybe even most of the events that occur in the middle and end game.
Wednesday, January 27, 2010
AAA as Chess
These paragraphs by Gunnar Peterson in a larger blog post deserve a blog post of their own:
Posted by Mark O'Neill at Wednesday, January 27, 2010