The security stack

For those of you doing a double take at the title, why stop at 2?!

Friday 21 May 2010 0900, I was oblivious to the concept of a security stack and yet, less than an hour later, I had experienced a conversion of Damascene proportions that I felt a sudden surge of empathy for Archimedes – given the fact that I was in a government building at the time, I thought it prudent not to disrobe.

Security is currently a layer specific implementation. If we take the OSI model for example, countermeasures implemented at the network layer have no bearing on the transport layer above or the data layer below. The layers are independent of one another which is why an attacker will simply target the most porous layer, currently the application layer.

However, imagine if the layers were interdependent on one another and communicated with one another in the event of a breach – this is the concept of a security stack. Now, taking this theme to its logical conclusion, imagine the security stack can respond to threats in real-time, we would have an adaptive security stack which would mean security nivrana.

What I’m proposing isn’t new, it’s simply the reversal of sliced bread. Before someone decided to slice the bread, we tore it off in chunks. The idea of sliced bread is ingeniously simple and yet can you think of eating bread any other way?! We are currently serving up security in slices which attackers can circumvent/penetrate. However, if we stack the slices, then we make the attackers life that little bit harder and if we have an intelligent stack, we can make the attacker change profession

A medieval security stack is how a relatively small group of defenders,  of a fort/castle atop a hill with one accessible route, were able to hold off a much larger army until they ran out of supplies or reinforcements arrived. If we care to learn from history, the answer to the security problem is staring us right in the face.