【翻译】为什么安全模型不起作用:战斗中的OODA循环
版权声明:
以下内容来自微信公共帐号“EOS技术爱好者”,搜索“EOSTechLover”即可订阅,翻译Lochaiching。转载必须保留以上声明。仅授权原文转载。
本文原文链接为https://financialcryptography.com/mt/archives/000991.html ,由本号“EOS技术爱好者”翻译。
近日,Ian重新提到关于安全模型的话题,发布内容如下:
封面图片
中文内容即是:
“在两年内,针对公众利益的主要攻击,反工程师漏洞的次数从600万次降至不到一周。”
OODA观察导向决策是一种攻击模型,也就是,如果你反应快,你就赢了。
我们来看看11年前Ian写的关于安全模型的思考。
Why Security Modelling doesn't work -- the OODA loop of today's battle
为什么安全模型不起作用 - 今天战斗中的OODA循环
作者:iang
发布时间:2007-12-30
I've been watching a security modelling project for a while now, and aside from the internal trials & tribulations that any such project goes through, it occurs to me that there are explanations of why there should be doubts. Frequent readers of FC will know that we frequently challenge the old wisdom. E.g., a year ago I penned an explanation of why, for simple money reasons, you cannot build security into the business from the early days.
我观察一个安全模型项目已经有一段时间了,除了任何这样的项目所经历的内部考验和磨难之外,我突然想到为什么会有疑问的解释了。FC的长期读者会知道我们经常挑战传统旧有的智慧。例如,一年前我写了一个解释,关于为什么在早期开始你不能因为简单的金钱原因,而为业务建立安全性。
Another way of expressing this doubt surrounding Security Modelling is by reference to Col. Boyd's OODA loop. That stands for Observe, Orient, Decide, Act and it expresses Boyd's view of fighter combat. His thesis was that this was a loop of continuous cycles that characterised the fighter pilot's essential tactics.
另一种表达对安全模型怀疑的方式是参照Boyd上校的OODA循环。它代表观察、定位、决定、行动,表达了Boyd对战斗的看法。他的观点是,连续循环的循环,是战斗机飞行员的基本战术特征。
Two things made it more sexy: firstly, as a loop, he was able to suggest that the pilot with the tighter OODA loop would turn inside the other. This was a powerful metaphor because turning inside the enemy in fighter combat is as basic as it gets; every schoolboy knew how Spitfires could turn inside Messerschmitt 109s, and thus was won the Battle of Britain.
有两件事让它显得更加迷人:首先,作为一个循环,他能够提出,采用更紧密的OODA循环的飞行员会在另一个内部转向。这是一个有力的比喻,因为在战斗机大战中,让敌人在战斗中翻转是基本功;每一个学生都知道,在Messerschmitt的109s里,喷火式战斗机是怎样赢得了英国的战役的。
Obviously things aren't quite so simple, but this made it easy to understand what Boyd was getting at. The second thing that made the concept sexy was that he then went on to show it applied to just about every form of combat. And, that's true: I recall from early soldiering lessons on soviet army doctrine, that the russkies could turn their defence into a counter-attack faster than our own army could turn our attack into a defence. At all unit sizes, the instructors pointed out.
很明显,事情并不是那么简单,但这让我们很容易理解 Boyd在做什么。第二个让这个概念变得迷人的是,他接着展示了它适用于任何形式的战斗。这是真的:我记得,从早期的士兵训练中,苏联人可以把他们的防御转变成反攻,比我们自己的军队更快地把我们的进攻转变成防御。教官指出,在所有的单位尺寸上(都可能实现)。
Taking a leaf from Sun Tzu's Art of War, the OODA loop concept may also be applied to other quasi-combat scenarios such as security and business. If we were to translate it to security modelling, we can break the process simply into four phases:
-
threat modelling
-
security modelling
-
architecture
-
implementation & deployment
从《孙子兵法》的角度看,OODA循环的概念也可以应用于相似的竞争场景,如安全与商业。如果我们将其转化为安全模型,我们可以将过程简单地分为四个阶段:
-
威胁模型
-
安全模型
-
架构
-
实现和部署
To do it properly, each of these phases is important. You can't skip them, says the classical wisdom. We can agree with that, at a simple level. Which leaves us a problem: each of those phases costs time and effort.
要正确地做到这一点,每个阶段都是重要的。普世智慧告诉我们,你不能跳过它们到下一步。我们暂且先同意这一点。这给我们带来了一个问题:每一个阶段都需要花费时间和精力。
A proper threat model for a medium sized project should take a month or so. A proper security model, I'd suggest 3 months and up. The other two phases are also 3 months and climbing, with overruns. So, for anything serious, we are talking a year, in total, for the project.
一个不错的中等规模的威胁模型需要一个月左右的时间。一个合适的安全模型,我建议花费3个月以上。另外两个阶段也需要用到3个月和超支地持续付出。因此,对于任何严肃重要的问题,整个项目我们需要讨论的是一年。
Now consider the attacker. Today's aggressor appears very fast. So-called 0-day viruses, month-long migration cycles, etc. A couple of days ago, there was this reportthat talked about the ability of Storm and Son-of-Storm's ability to migrate dynamically: "what emerges is a picture of a group of skilled, professional software developers learning from their mistakes, improving their code on a weekly basis and making a lot of money in the process.”
现在轮到考虑攻击者这个角色了。目前看来,侵略者袭击出现得让人措手不及且速度很快。比如零日病毒,长达一个月的迁移周期等等。几天前,出现了一份报告讨论了风暴能力和Son-of-Storm动态迁移的能力:“出现的是一组资深的专业软件开发人员,从他们的错误中吸取教训,每周改进他们的代码,并在这个过程中赚很多钱。”
Which means that the enemy is turning in his OODA loop in less than a month, sometimes as quickly as a day. Either way, the enemy today is turning faster than any security model-driven project is capable of doing.
也就是说,敌人在不到一个月的时间里,就开始了他的OODA循环,快的时候甚至一天。不管怎样,今天的敌人比任何安全模型驱动的项目都要快。
What to do? Adolf Galland apocryphally told Reichsmarschall Göring that he could win the Battle of Britain with a squadron of Spitfires, but he was only behind by a few percentage points. In security terms we are looking at an order of magnitude, at least, which seems to lead to two possible conclusions: either your security model results in perfect security, there are no weaknesses, and it matters not how fast the enemy spins on his own dime. Or, classical security modelling is simply and utterly too slow to help in today's battle.
我们可以做些什么呢?Adolf Galland在一次听证会上告诉Reichsmarschall Goring,他原本可以用一个中队的喷火战斗机来打赢不列颠之战,但最后落后了几个百分点。在安全方面,我们至少观察在同一个量级上,这似乎可以得出两个可能的结论:要么你的安全模型带来完美的安全,不管敌人在自己身上转得多快,都无懈可击。或者,传统的安全模型只是因为太慢了而解决不了现在战斗的问题。
We need a new model. Now, this isn't to say "stop all security modelling." Even in the worst case, if the technique is completely outdated, it will remain a tremendously useful pedagogical discipline.
我们需要一种新的模型。而对于目前来说,这并不是说“停止所有安全模型”。即使在最坏的情况下,技术完全过时,也仍然可以称为一门非常有用的教学教材。
Instead, what I am suggesting is that the conventional wisdom doesn't hold scrutiny; something has to break. Whatever it is, security modelling is likely to have to change its practices and wisdoms, if it is to survive as the wisdom of the future.
相反,我想说的是,流传至今的智慧并没有通过审查;有些东西到目前来说不得不冲破往日枷锁了。暂且不管它是什么,如果安全模型想作为未来的智慧而存在的话,很可能必须改变之前的实践和智慧了。
Quite dramatically, indeed, as it possibly needs to achieve a 10-100 fold increase in its OODA loop performance in order to match the current enemy. In other words, a [revolution] (https://en.wikipedia.org/wiki/Messerschmitt_Me_262)in security thinking.
戏剧性的一点是,它可能需要将其OODA循环性能提高10-100倍,以匹配当前的敌人。换句话说,这是一场安全思考的革命。
本文图片来自Twitter截图
相关文章:
关于我们更多联系:
Website:https://eoshenzhen.io
Steem:https://steemit.com/@eoshenzhen
Busy:https://busy.org/@eoshenzhen
Telegram:https://t.me/eoshenzhen
Twitter:https://twitter.com/eostechlover
简书:EOS技术爱好者
新浪微博:EOSTechLover
EOShenzhen的投票账号:eoshenzhenio