What Should be Hidden and Open in Computer Security: Lessons from Deception, the Art of War, Law, and Economic Theory

Abstract

"What Should be Hidden and Open in Computer Security: Lessons from Deception, the Art of War, Law, and Economic Theory" Peter P. Swire, George Washington University. Imagine a military base. It is defended against possible attack. Do we expect the base to reveal the location of booby traps and other defenses? No. But for many computer applications,a software developer will need to reveal a great deal about the code to get other system owners to trust the code and know how to operate with it. This article examines these conflicting intuitions and develops a theory about what should be open and hidden in computer security. Part I of the paper shows how substantial openness is typical for major computer security topics, such as firewalls, packaged software, and encryption. Part II shows what factors will lead to openness or hiddenness in computer security. Part III presents an economic analysis of the issue of what should be open in computer security. The owner who does not reveal the booby traps is like a monopolist, while the open-source software supplier is in a competitive market. This economic approach allows us to identify possible market failures in how much openness occurs for computer security. Part IV examines the contrasting approaches of Sun Tzu and Clausewitz to the role of hiddenness and deception in military strategy. The computer security, economic, and military strategy approaches thus each show factors relevant to what should be kept hidden in computer security. Part V then applies the theory to a range of current legal and technical issues.

0

Turn this paper into a full lesson

ArcXiv compiles a staged curriculum from this paper: 8-12 lessons across beginner → advanced, synthesised section guides, visuals, flashcards, a quiz, exercises, and on-demand deep dives per section. Grounded in the abstract, never invented.

Discussion (0)

Sign in to join the discussion.

Loading comments…