Three bars of gold

The CIA triangle – confidentiality, integrity, availability - are the three well-known criteria for judging security of information systems. They are the "triangle" of your security. It is fairly easy for someone to judge whether an information system has these qualities of confidentiality, integrity, and availability. I would like to point out that there are three mechanisms that are crucial in maintaining these qualities. Because they all began with "Au", I call them "Three Bars of Gold" — authentication, authorization, and auditing. Whenever you have a security mechanism present, it must have these mechanisms. In fact, even in a system that does not seem to have any security mechanisms, these mechanisms are there nonetheless. UPDATES PENDING! 1) I have found that the notion of these mechanisms, and labeling them "Gold," was described by Microsoft's Butler Lampson in 2004 in his article "Computer Security in the Real World." Also, I have found the missing "fourth bar": auspices. Let's look at authentication. Do you think, when you browse to Google for example, that you are not being authenticated? If so, you're wrong! "But wait!" you're saying, "I'm not giving my name and I'm not giving Google any other information about myself!" Google is identifying you — it's not identifying you personally, and it doesn't much care who you are.  It sees you as a browser cookie, or maybe a network address, perhaps a computer serial number.  You have an authentication here! Consider authorization - the process by which a system judges an access request and answers "yes" or "no."  Not to be flip, but just because TheOnion.com lets everyone see everything doesn't mean it isn't authorizing.  It means its authorization always says "yes."  Someone has decided that 'everyone' is authorized. Auditing is one place where somehow, somewhere, it's possible to imagine an information system without auditing.  But even that - does that really exist?  Even a Unix core dump is an audit.  When your server crashes it is not supposed to crash silently.  Any history, any snapshot, any stack trace or log file is an audit. But this also illustrates your 'three bars' may not be gold…  they might (God willing) be steel—but they could be aluminum, or lead, or play-doh.  It's important that you be able to tell. A 'gold standard' authentication is reliable and discriminating.  It knows you're the specific individual unlocking the kitchen door and not some stranger with a master key. A 'gold standard' authorization is exact and unambiguous.  You don't need to spelunk a maze of twisty little access rules, all alike, in order to determine who can do what. A 'gold standard' audit is precise and meaningful.  It affords a clear and undistorted view of system activity. So as you are considering the mechanisms you put into place to secure your information system, consider these three mechanisms and make sure you have gold and not gook.