I had a lecture in security and it was stated that security properties are non-compositional. I don't quite understand what that means and can't find anything in the internet about that.
Can anyone explain?
Asked
Active
Viewed 147 times
1 Answers
6
Secure+secure != secure
What "non-compositional" means by definition is that if you have two components/thingies/processes/whatever that each on their own are secure (i.e. satisfy some security property) then, in general, you can not assume that the combination of these two will satisfy that security property; having both these together can make them both insecure.
This general principle applies to many domains of security from app development to theoretical cryptography; many practical exploitable vulnerabilities occur from an unexpected interaction of two parts that each, when viewed in isolation, would be perfectly secure.
Peteris
- 8,419
- 1
- 28
- 35