On the basis that any security can be broken if an attacker has enough time and money, we should not describe the security requirements for a design as impossible to bypass. Instead, we describe security requirements in value terms: Attack A on asset B should take at least Y days and Z dollars.If a set of countermeasures mean that a successful attack will take too long or will cost too much, then the defense is a success. In this situation, most attackers will move on to a different target.
This means that we need to balance factors including:
- Value of asset
- What value does the asset have to us, and what value does it have to a potential attacker? Do we value different aspects of an asset differently? For example, we might want to protect the confidentiality and integrity of an asset, but we might value confidentiality more highly than integrity.
- Cost of defense
- There are typically several ways that an asset can be defended. Which defense we choose will depend on the threat model. We consider the value of what is being protected, the likelihood of the attack, and the cost of the defense.
- Practicality and usability
- Passwords are an example of the practicality and usability problem. Users are advised to use long and complex passwords and to use a unique password for each system. Although long, complex, and unique passwords are better for security, many users will not remember and be able to manage them. This means that solutions must balance security needs with user needs.
This diagram shows different security features in the Arm architecture. These features can be used to defend different assets in the system:
The technologies that are highlighted in the diagram provide different levels of protection and at varying levels of cost. System designers identify which technology is most appropriate for protecting particular assets.
Other guides in this series will look at these technologies in more detail.