Presumed security is a principle in security engineering that a system is safe from attack due to an attacker assuming, on the basis of probability, that it is secure. Presumed security is the opposite of security through obscurity. A system relying on security through obscurity may have actual security vulnerabilities, but its owners or designers deliberately make the system more complex in the hope that attackers are unable to find a flaw. Conversely a system relying on presumed security makes no attempt to address its security flaws, which may be publicly known, but instead relies upon potential attackers simply assuming that the target is not worth attacking. The reasons for an attacker to make this assumption may range from personal risk (the attacker believes the system owners can easily identify, capture and prosecute them) to technological knowledge (the attacker believes the system owners have sufficient knowledge of security techniques to ensure no flaws exist, rendering an attack moot).
|