Slashdot Mirror
Software Fortresses
Oink.NET writes: "An interview with Roger Sessions discusses, among other things, his software fortress model for designing enterprise software systems, complete with guards, grunts, allies, and drawbridges. Enterprise systems are treated as mutually suspicious, marginally cooperating software fortresses, which he claims is perfect for the coexistence of J2EE and .NET systems."
I'll say it once again... UML is NOT a methodology. UML stands for Unified Modelling Language. Please tell me where the methodology is in that?
Reading the article I was struck that I'd seen Bruce Schneier denigrating the 'passive defence' fortress security model in the past, and a quick search found the article - What Military History can Teach Network Security.
I'm not going to completely denigrate Roger Sessions here. At some point in a system components have to trust each other. However that point is not actually the firewall, which was Schneiers point - you need application level security. And Roger explicitly mentions firewalls as a fortress implementation technology (yes they may well be the walls but I wouldnt want them implementing the door as well).
A second problem with his model is the fact that he lets anyone at all through the door, after the guard ok's them. This is the kind of thing that led to problems in the early days of the web. Perl's taint model is better, and in Roger's world represents every messenger from the outside being followed round the fortress by a guard, or better still, sending someone out on a horse to parley instead of letting the messenger in in the first place.
To sum up, anyone implementing the security model as described in that article would actually be repeating an old set of mistakes (which curiously went by the same name, and Roger hasn't noticed). It does not describe an 'improved' level of security, rather it describes pretty much what is on the ground in most places. That may well have been his intent, though, time will tell.
-Baz