Inverting computing protection

Traditionally, the lower levels of a computing system have been considered to be the most trusted and the higher application layers the least trusted.  That's fine for traditional computing environments, but is actually wrong for more modern distributed computing environments.

 

In particular, applications now handle a lot of sensitive data which should not be compromised by problems at lower layers of software, whether those problems be bugs, viruses, human error, sabotage, or criminal behavior by those administering the systems.

 

And in the case of the internet, the Web, web services, et al, one system or user on a system wishes to communicate with an application process on another computer and would like to be assured that their sensitive data will not be compromised by problems at lower levels of software.

 

Traditionally, we've had various software and hardware protection mechanisms or security rings, etc., but those mechanisms were primarily based on the assumption that problems come from above, with no recognition that the lower levels were being granted access to data beyond their "need to know".

 

So, what we need now is an inverted protection mechanism that guarantees the security of data within a set of levels and permits the lower levels to merely "handle" data packets without actually being granted detailed access.

 

This is not an easy problem, but we're never going to see appropriate solutions until we can attack the core issues.

 

-- Jack Krupansky