Professional Documents
Culture Documents
(Download PDF) Engineering Trustworthy Systems Get Cybersecurity Design Right The First Time 1St Edition O Sami Saydjari Full Chapter PDF
(Download PDF) Engineering Trustworthy Systems Get Cybersecurity Design Right The First Time 1St Edition O Sami Saydjari Full Chapter PDF
https://ebookmass.com/product/open-radio-access-network-o-ran-
systems-architecture-and-design-1st-edition-wim-rouwet/
https://ebookmass.com/product/engineering-intelligent-systems-
systems-engineering-and-design-with-artificial-intelligence-
visual-modeling-barclay-r-brown/
https://ebookmass.com/product/right-place-right-time-the-
pilsdale-chronicles-book-1-h-l-day/
https://ebookmass.com/product/cybersecurity-in-intelligent-
networking-systems-1st-edition-shengjie-xu/
Law, Engineering, and the American Right-of-Way 1st ed.
Edition David Prytherch
https://ebookmass.com/product/law-engineering-and-the-american-
right-of-way-1st-ed-edition-david-prytherch/
https://ebookmass.com/product/attacking-the-elites-what-critics-
get-wrong%e2%80%95and-right%e2%80%95about-americas-leading-
universities-derek-bok/
https://ebookmass.com/product/stability-control-and-application-
of-time-delay-systems-gao/
https://ebookmass.com/product/thermodynamic-approaches-in-
engineering-systems-1st-edition-stanislaw-sieniutycz/
https://ebookmass.com/product/engineering-plant-based-food-
systems-sangeeta-prakash/
CompRef_2010 / Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time / Saydjari / 126011 817-7 / blind folio: i
“This book is a technical tour de force! Neatly organized between these covers is a
comprehensive review of how to think about designing and building trusted
(secure) systems, representing decades of experience and deep thought by the
author. Sami presents the material clearly, including diagrams, charts, and extensive
pointers to outside references. He has also crafted useful summaries and questions
for further thought, making this book useful as either a valued reference or as an
advanced textbook. Not only does Sami describe techniques to use in designing
trustworthy systems, but he also describes shortcomings—he’s not trying to ‘sell’ a
particular method.
This is the book I have wanted for over a decade, for use in my advanced
information security systems course. This will occupy an honored position on my
bookshelf between Ross Anderson’s Security Engineering and Michael Howard’s
Writing Secure Code. If you are involved with any aspect of designing or evaluating
trustworthy systems, it should be on your bookshelf too.”
—Eugene Spafford,
Professor of Computer Science and
leader of the CERIAS Project, Purdue University
“Sami Saydjari is today’s cybersecurity Renaissance man. Sami was the first to
recognize that failed cybersecurity could one day deliver societal existential change
equivalent to nuclear warfare. His early tenacity led to DARPA’s first cybersecurity
research investment. This book is a definitive textbook on cybersecurity, and will
become the instructional foundation for future trustworthy systems. Like the genius
of Da Vinci, this book delivers insightful philosophy, deep understanding, practical
guidance, and detailed instruction for building future systems that mitigate
cybersecurity threats!”
—Dr. Marv Langston, cybersecurity technologies consultant;
former Naval Officer, DARPA office director,
U.S. Navy’s first CIO, and U.S. Defense Department Deputy CIO
“Sami is one of the great experts in our field and he has produced one of the finest
and most complete works in our field. It should be your priority to purchase and
read this amazing book! For anyone desiring a comprehensive treatment of the
cybersecurity discipline, this is definitely the book. It’s an impressive work that
covers the important issues in a complete and accurate manner.”
—Dr. Edward G. Amoroso, CEO of TAG Cyber, and former CSO, AT&T
“Sami Saydjari’s valuable new book reflects decades of experience in designing and
building secure computer systems. His approach to risk management for secure
system design is innovative and well worth reading.”
—Steven B. Lipner, member of the National Cybersecurity Hall of Fame
“This book brings together all of the important aspects in cybersecurity design for
the first time to include all of the myriad cybersecurity perspectives, the types and
impact of failure, and the latest thinking in mitigation strategy. I can see this book
becoming an essential and complete reference for the new student of cybersecurity
as well as for the well-experienced professional. Sami’s thoughts and insights give
the book an excellent structure and relevant examples that make even the most
difficult concepts easy to digest.”
—Tom Longstaff, Chair, Computer Science, Cybersecurity,
and Information Systems Engineering Programs,
The Johns Hopkins University Engineering for Professionals
“As a long-standing proponent of rigorous, first principles design, I can endorse this
book with unbridled enthusiasm. Cybersecurity practitioners, designers, and
researchers will all find that the lessons in this book add inestimable, tangible value
to their missions. The depth and breadth of this book are truly impressive.”
—Roy Maxion, PhD, Research Professor,
Computer Science Department, Carnegie Mellon University
“‘Yet another cybersecurity book’ this is not. Its real strength lies in going beyond
the requisite scary attack stories and empty claims straight to the heart of very real
operational problems that undermine current defensive capabilities and strategies.
It does this to encourage the reader to think more carefully about the kinds of
strategic design and planning that are so often lacking in building sustainable,
evolvable, and comprehensive cyber protections. I highly recommend this book to
those who actually have to make cyber defense work.”
—Kymie Tan, Systems Engineer, Jet Propulsion Lab
ENGINEERING
TRUSTWORTHY
SYSTEMS
Get Cybersecurity
Design Right the First Time
O. Sami Saydjari
ISBN: 978-1-26-011818-6
MHID: 1-26-011818-5
The material in this eBook also appears in the print version of this title: ISBN: 978-1-26-011817-9,
MHID: 1-26-011817-7.
All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trade-
marked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringe-
ment of the trademark. Where such designations appear in this book, they have been printed with initial caps.
McGraw-Hill Education eBooks are available at special quantity discounts to use as premiums and sales promotions or for use in
corporate training programs. To contact a representative, please visit the Contact Us page at www.mhprofessional.com.
Information has been obtained by McGraw-Hill Education from sources believed to be reliable. However, because of the pos-
sibility of human or mechanical error by our sources, McGraw-Hill Education, or others, McGraw-Hill Education does not
guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the
results obtained from the use of such information.
TERMS OF USE
This is a copyrighted work and McGraw-Hill Education and its licensors reserve all rights in and to the work. Use of this work
is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the
work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit,
distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill Education’s prior consent. You
may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to
use the work may be terminated if you fail to comply with these terms.
THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION AND ITS LICENSORS MAKE NO GUARANTEES
OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED
FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA
HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUD-
ING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE. McGraw-Hill Education and its licensors do not warrant or guarantee that the functions contained in the work will
meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill Education nor its licensors
shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages
resulting therefrom. McGraw-Hill Education has no responsibility for the content of any information accessed through the work.
Under no circumstances shall McGraw-Hill Education and/or its licensors be liable for any indirect, incidental, special, punitive,
consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of
the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or
cause arises in contract, tort or otherwise.
CompRef_2010 / Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time / Saydjari / 126011 817-7 / blind folio: vii
Contents at a Glance
Part I What Do You Want?
1 What’s the Problem? 3
2 Cybersecurity Right-Think 25
3 Value and Mission: Know Thyself 37
4 Harm: Mission in Peril 51
5 Approximating Reality 65
Part II What Could Go Wrong?
6 Adversaries: Know Thy Enemy 89
7 Forests of Attack Trees 115
Part III What Are the Building Blocks
of Mitigating Risk?
8 Countermeasures: Security Controls 131
9 Trustworthy Hardware: Bedrock 155
10 Cryptography: A Sharp and Fragile Tool 167
11 Authentication 189
12 Authorization 199
13 Detection Foundation 225
14 Detection Systems 237
15 Detection Strategy 257
16 Deterrence and Adversarial Risk 273
Part IV How Do You Orchestrate Cybersecurity?
17 Cybersecurity Risk Assessment 287
18 Risk Mitigation and Optimization 313
19 Engineering Fundamentals 331
20 Architecting Cybersecurity 351
21 Assuring Cybersecurity: Getting It Right 369
22 Cyber Situation Understanding: What’s Going On 381
23 Command and Control: What to Do About Attacks 401
ix
x Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time
Index 523
Contents
Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxix
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xli
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xliii
xi
xii Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time
Contents xiii
xiv Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time
Contents xv
xvi Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time
Contents xvii
xviii Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time
Contents xix
xx Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time
Contents xxi
xxii Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time
Contents xxiii
xxiv Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time
Contents xxv
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523
Table of Figures
1-1 History of cybersecurity technologies and attacks . . . . . . . . . . . . . . . . . 5
1-2 Anatomy of a top-down attack design . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1-3 Physiology of a bottom-up attack execution example . . . . . . . . . . . . . 11
1-4 Attack description: Code Red Worm . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1-5 Determining the nature of a network-based cyberattack . . . . . . . . . . 12
1-6 Defense description: Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1-7 The cybersecurity solution landscape and interrelationships . . . . . . . . 19
2-1 The cybersecurity-functionality-performance trade-off . . . . . . . . . . 27
3-1 Attack description: secrecy attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
4-1 Attack description: distributed denial of service . . . . . . . . . . . . . . . . . 53
4-2 Levels of data criticality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
5-1 Attack description: buffer overflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
5-2 U.S. classification hierarchy in which a person cleared
at a given level can see data at that level and lower. . . . . . . . . . . . . . . 69
5-3 Attack description: social engineering and phishing . . . . . . . . . . . . . . 70
5-4 A model of a system including users, adversaries,
and dynamic measures/countermeasures. Users (defense operators)
apply measures/countermeasures to keep the system in a secure state,
while the adversary applies measures/countermeasures to achieve
their attack goals. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
5-5 Attack description: supply chain attack . . . . . . . . . . . . . . . . . . . . . . . . . 72
5-6 Systems engineering “V” showing steps of design
and mapping in which faults can be introduced . . . . . . . . . . . . . . . . . 72
5-7 Issuing cybersecurity commands involves a complex
and hidden sequence of actions that are subject to attack, error,
and delay at each step. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
5-8 The processing path of data packet showing delay,
error, and attack opportunity to consider . . . . . . . . . . . . . . . . . . . . . . . 75
5-9 A defender’s model of a real system can be thought
of as a projection of the complex real system onto a simpler
abstract model system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
5-10 Cybersecurity-relevant security state is complex
and dynamic. The adversary and the defender both have models
approximating the state that are inaccurate in some ways and useful.
These models derive decision making. . . . . . . . . . . . . . . . . . . . . . . . . . . 78
xxvii
xxviii Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time
xxx Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time
xxxii Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time
Table of Tables
1-1 Some Historically Important Cyberattacks . . . . . . . . . . . . . . . . . . . . . . . . 8
1-2 Basic Operational Questions Regarding a Security Breach . . . . . . . . 10
1-3 Asymmetric Nature of Cyberspace Compared
to Physical Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2-1 Factors that Trade Off with Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3-1 Types of Secrecy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
3-2 Problems with Secrecy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
3-3 Secrecy Minimization Worksheet Example . . . . . . . . . . . . . . . . . . . . . 46
4-1 Risk is calculated by probability of an event times
the consequences; shaded cells show potentially strategic risks;
and values are given in exponential format. A probability of 10−6
means 1 chance in 10 with 6 zeros after it, or 1 in a million. . . . . . . . 53
4-2 Criticality Types of Software and Data Based
on the Three Pillars of Cybersecurity . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
4-3 Examples of Criticality Types for Six Categories . . . . . . . . . . . . . . . . . 57
4-4 Sample Mission Elements for Three Sample Organizations . . . . . . . 58
4-5 Example Template for Cybersecurity Harm Statements . . . . . . . . . . 59
6-1 Examples of Representative Adversary Classes . . . . . . . . . . . . . . . . . . 95
6-2 Summary of Roles of Red, Blue, White,
and Purple Teams in Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
12-1 Example of an access control matrix. The upper left-hand
cell means that subject 1 has read, write, and own access
to object 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
12-2 Types of access control based on two independent
properties: (1) who decides access and (2) at what granularity
are those decisions. The result is four separate policy classes. . . . . 207
14-1 Comparison of Signature-Based Versus Anomaly Detection
Schemes with Respect to the Layered Detection Hierarchy . . . . . . 244
14-2 Summary of Signature-Based Versus Anomaly Detection
Schemes with Respect to Strengths and Weaknesses . . . . . . . . . . . . 244
15-1 Detection in Depth and Breadth in Two Dimensions:
Network Expanse and Attack Space . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
15-2 Questions and Rationale Used to Run Alerts to Ground
when Investigating Suspicious Activity . . . . . . . . . . . . . . . . . . . . . . . . 265
15-3 Summary Contrasting Normal Communications
with Attack-Defender Interactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
xxxv
xxxvi Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time
Foreword
I
f you are a cybersecurity professional of any type, read this book; study it, reread it, and
you will find yourself keeping it close at hand.
Engineering Trustworthy Systems has layers of subtlety, breadth, depth, and nuance that
will continue to yield wisdom to the readers on each reading at various stages of their careers.
It carefully builds from the most foundational elements of cybersecurity to the most
complex and nuanced topics that will bring deep and lifelong understanding that can make
your performance in cybersecurity more effective, efficient, and stronger.
Understanding this book can place the readers head and shoulders above their peers and
will offer a key strategic advantage to the individuals and organizations that are lucky enough
to have them.
Whether you are a designer, evaluator, accreditor, tester, red teamer, cyber emergency
response team member, or a manager of information technology, you need this book, now.
Engineering Trustworthy Systems offers the most comprehensive coverage on the topic of
cybersecurity engineering that is available in even a combined library on the topic. It is a
profound technical book, coherently covering some of the most important unpublished
cybersecurity engineering material available.
The book is carefully crafted by the author for completeness, breadth, and depth in the
field. It is designed to fill gaping holes in the literature and is structured to allow the reader to
grasp this complex discipline in digestible chunks that build on each other. Its organization
allows it to act as a guide to cybersecurity engineering as well as a compendium.
This book is for the maven and the newbie alike. True wizards will find that they must
have it on their shelf and refer to it often as a definitive source of cybersecurity knowledge
when they face challenging situations. Aspiring cybersecurity professionals will find it an
invaluable grounding available nowhere else, which will serve to frame all other learning and
experience in the field. It is for students of cybersecurity as well as for professionals who are
lifelong students of their chosen discipline.
As Sami’s professional mentor, I had the pleasure of both observing him and working
alongside him on major initiatives. His performance, insight, and creativity never ceased to
impress me and often stunned me, both in the depth and breadth of his knowledge.
Many senior leaders at the National Security Agency were equally impressed, causing
him to be in extraordinarily high demand. His stellar reputation went well outside of the
walls of government, extending to the commercial sector, academia, and to the leadership
of technical conferences seeking his wisdom on a multitude of cybersecurity topics.
xxxix
xl Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time
I can think of no person better qualified to write this sorely needed tome. Sami is one of
the leading conceptual innovators in the cybersecurity field, with over three decades of
experience in all aspects of cybersecurity engineering. He is internationally recognized and
trusted as a talented cybersecurity architect. His understanding of this complex topic is both
expansively wide and impressively deep in many areas. Despite that, or perhaps because of it,
he has a unique ability to communicate the most complex and subtle content in terms that
are clear and easily understood. He is part of the world’s brain trust on the topic and cares
deeply about passing on the collection of wisdom and deep insights to help make cyberspace
a safer place.
This book will be the reference go-to book in cybersecurity engineering for decades to
come. After benefitting from reading this book, propagate it to everyone you care about in
the field. The information in this book needs to be quickly spread as far and wide as possible
because we are woefully behind where we need to be, and this book can help us keep pace
with advancing attacker capabilities.
—Brian Snow, former National Security Agency,
Technical Director of three different key components,
Research and Engineering, Information Assurance,
and the National Cryptologic School
Acknowledgments
T
eri Shors for being my dedicated author mentor and trusted advisor throughout the
process of writing my first book. She has invested innumerable hours patiently
coaching me on both process and content, for which I am deeply grateful.
Brian Snow for hundreds of invaluable conversations on the principles of cybersecurity
design throughout my career as my primary mentor and very good friend.
Earl Boebert and Peter G. Neumann for their comprehensive technical review and Steve
Lipner for his additional technical input, helping to ensure the highest-quality content
delivered to you, the reader.
I also acknowledge the following individuals (in alphabetical order) and many others who
prefer to remain anonymous for deep and insightful conversations that have contributed to
my thinking in the field.
Scott Borg, Cyber Consequences Unit
Dick Clarke, Formerly NSC
Debbie Cooper, Independent
Jeremy Epstein, National Science Foundation
Don Faatz, Mitre
Wade Forbes, Independent
Tom Haigh, Formerly Honeywell
Jerry Hamilton, Formerly DARPA SETA
Sam Hamilton, Formerly Orincon
Will Harkness, Formerly DoD
Melissa Hathaway, Formerly NSC
Cynthia Irvine, Naval Postgraduate School
Jonathan Katz, University of Maryland
Dick Kemmerer, UC Santa Barbara
Carl Landwehr, Formerly Naval Research Lab
Marv Langston, Formerly DARPA
Karl Levitt, UC Davis
Pete Loscocco, DoD
John Lowry, Formerly BBN
Steve Lukasik, Formerly DARPA
Teresa Lunt, Formerly DARPA
Roy Maxion, Carnegie Mellon University
Cathy McCollum, Mitre
xli
xlii Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time
Introduction
Content
This book is about how to engineer trustworthy systems using timeless principles.
Trustworthiness is a delicate and complex property concerning confidence that a system
meets its requirements. The focus of this book will be on cybersecurity requirements. Trust
is granted by a human user, by faith, or due to reasoned evidence, perhaps in the designer of
the system. One trusts for some specific purpose. For example, you might trust someone to
fix your plumbing, but you are not likely to trust the same person to manage your finances.
This book is about how trust can be earned through sound system design principles.
The reader will learn the principles of engineering trustworthiness from a practical
perspective.
These principles are complementary to basic engineering principles—an understanding
of which is expected of the reader. Further, the book assumes that readers have a basic
understanding of the mechanisms of cybersecurity, such as access control, firewalls, malicious
code, cryptography, and authentication techniques. This book is about how to architect such
mechanisms into a trustworthy system. By analogy, books on architecting physical buildings
assume understanding of basic material science, physics, stress mechanics, and the properties
of bricks, glass, mortar, and steel.
Audience
The book’s intended audience includes various kinds of systems engineers and information
technology professionals. Cybersecurity professionals, computer scientists, computer
engineers, and systems engineers will all benefit from a deeper understanding of the
principles of architecting a trustworthy system.
The goals for this book are to
xliii
xliv Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time
Foci
There are two important foci that the reader might note in this book that I should explain: a
military focus and a respect for “old ideas.” The military focus takes the form of sometimes
explaining cybersecurity in terms of nation-state adversaries and potential global-scale
warfare in cyberspace. Although I have experience in cybersecurity in the commercial
world, the vast majority of my experience in cybersecurity has been in the military and
intelligence communities. This experience bias is partly because this community was the first
to recognize and embrace the need to address this important problem area. Another reason
for the military focus is that in many cases (certainly not all), the military version of the
cybersecurity problem is often a superset or harder version of the same problems that the
commercial sector has. Therefore, addressing the military context allows one to scale down
the solution to a commercial context where the stakes are usually lower. I compensate for
this military focus by offering commercial and nonprofit examples to broaden and clarify
the application of the principles to cybersecurity problems in other than military arenas.
The second focus that the reader may notice is references to “old ideas” alongside new ideas.
Some have a tendency to dismiss ideas that are older than x years, where x seems to be
getting smaller and smaller as the pace of technology development continues to increase at
an exponential rate. There is a tendency among some to think that cybersecurity is purely a
technology problem—that if you just build the right widgets (device or piece of software), the
problem will be solved. I call this the “widget mentality.” Widgets are certainly important, but
knowledge and deep understanding are essential. Indeed, developing widgets without an
understanding of the nature of the problem and what constitutes a real solution to the
problem is ineffective.
The purpose of this book is to focus on the form of principles that underlie cybersecurity so
that designers can understand what widgets to build, to what requirements they should build
them, how they should be deployed and interconnected within cyberspace, and how to operate
them when under attack.
Terminology
The field of cybersecurity is still relatively young (about 60 years old) and so terminology is
still in flux. This can interfere with understanding what people are saying today, as well as
reading papers from as little as two years earlier. Even the field itself has been called by many
different names, including computer security, information assurance, information operations,
digital security, security and privacy, and cybersecurity (the term I have chosen to settle on
for this book). To counter this, I try hard to pick a term and remain consistent throughout the
book and note when there might be variation in terminology in the current field and with
historical literature. I may not have done this perfectly consistently, particularly when there is
a strong historical basis in the use of one term over another. Also, I provide a glossary in the
back of the book to help the reader through what sometimes appears like a Tower of Babel.
In the use of terminology, I have fastidiously steered clear of the use of the prolific number
of acronyms that appear to plague the cybersecurity field. The tendency to use acronyms upon
acronyms frustrates me immensely because it seems to intentionally impede understanding.
Fig. 12.—Saint Michel terrassant le Dragon. Miniature d’un livre d’heures du quinzième siècle.
Bibliothèque de M. Ambr. Firmin-Didot.
CHAPITRE PREMIER
I
SAINT MICHEL DANS LES TEMPS PRIMITIFS.
n remontant le cours des âges, on trouve dès la plus haute
antiquité les traces certaines de la croyance aux esprits, bons
ou mauvais, inférieurs à Dieu, mais supérieurs à l’homme.
Les juifs, héritiers des saines traditions, et les autres peuples,
qui avaient emporté, en se dispersant, quelques lambeaux plus
ou moins défigurés des révélations primitives, ont attribué à
ces mêmes esprits une large part dans la lutte incessante du bien contre le
mal; comme nous, ils ont pensé et ils pensent encore que les anges veillent
sur les hommes, que les démons s’acharnent à leur perte; bien plus, d’après
une découverte récente faite en Assyrie, le grand combat livré au ciel dès
l’origine du monde n’était pas ignoré des anciens. De tout temps on a placé à
la tête des célestes phalanges un chef invincible, personnification vivante de
la vérité, de la justice et de la fidélité, ennemi à jamais irréconciliable du
prince des ténèbres et des mauvais génies rangés sous son empire, ami des
âmes et défenseur des droits de Dieu.
Ces croyances furent altérées et mélangées de grossières erreurs en
Égypte, en Chaldée, chez les Assyriens et les autres nations infidèles; mais
les juifs, instruits par les prophètes, ne s’écartèrent pas sur ce point des
traditions de leurs ancêtres; au témoignage de Daniel, ils admirent
l’existence d’un ange, dont le nom signifiait dans leur langue la majesté
incomparable de Dieu, et désignait une mission spéciale: Michel, c’est-à-
dire, qui est semblable à Dieu. Ils le reconnurent pour leur génie tutélaire,
leur chef dans les combats, leur guide et leur conseiller; ils lui donnèrent le
titre de «prince,» de «grand prince;» et, si l’on s’en tient aux règles de
l’exégèse usitée chez les Hébreux, il est permis de croire que la Synagogue
lui attribua la plupart des faits merveilleux consignés dans les livres saints, et
accomplis par le ministère des anges. D’après ces interprétations, saint
Michel fut regardé comme l’intermédiaire des révélations du Sinaï; c’est lui
qui mit à mort les nouveau-nés des Égyptiens, pour hâter la fin de la
première captivité et l’acheminement vers la terre promise; c’est lui qui
sauva le trésor du temple de la cupidité des Séleucides et infligea un terrible
châtiment à l’impie Héliodore (fig. 13). Il faisait sans doute partie de
l’ambassade qu’Abraham reçut sous le chêne de Mambré; Moïse l’entendit
lui adresser la parole dans le buisson ardent; Ézéchiel le vit peut-être sous le
voile énigmatique du tétraphorme. Il fut, en un mot, le principal messager du
Seigneur dans ses rapports avec le peuple élu; il prit part à tous les actes
destinés à exalter ou à humilier, à défendre ou à punir la famille d’adoption,
«la nation domestique de Dieu,» selon l’expression de Tertullien.
Les juifs ne pouvaient ignorer le combat dont le récit a été gravé sur les
monuments chaldéens, et que saint Jean nous a dépeint avec des couleurs si
vives dans son Apocalypse; ils savaient que saint Michel avait reçu la
mission de combattre Satan, de s’opposer à ses projets et de défendre les
âmes contre ses séductions. Une tradition, célèbre autrefois en Israël, vient
jeter sur ce point une lumière éclatante. On racontait qu’une altercation
s’était engagée entre les deux antagonistes, à la mort de Moïse; saint Michel
fit enlever par un ange le corps du grand législateur et alla l’ensevelir dans
une vallée du pays de Moab, afin de le soustraire au culte des Hébreux qui
n’auraient pas manqué de lui rendre les honneurs divins. Le démon,
souhaitant avoir les restes de Moïse en sa puissance pour faire tomber le
peuple de Dieu dans l’idolâtrie, voulut mettre obstacle au dessein de
l’Archange; mais
Fig. 13.—Le châtiment d’Héliodore. Fragment de la peinture à fresque de Raphaël dans une des salles
du Vatican. Seizième siècle.
III