Security Review: The Human Heart

By chrislim at 10:59 pm on March 16, 2008 | 6 Comments

As our professor has continually emphasized throughout the quarter, one of the primary aims of our course has been to go beyond technical details of current computer security in order to learn the security mindset. This new way of thinking enables us to analyze security issues in the future regardless of particular directions that technology may take. It also enables us to examine the security of less technical entities like physical locks, parking meters, etc. As I was considering some of these less technical systems, I began to realize the pervasive implications of applying the security mindset to broader aspects of life and so began my examination of the human heart.

Recently, Governor Eliot Spitzer of New York was revealed to have been involved with a prostitution ring despite his façade of crusading against white collar crime. As a result, his reputation was tarnished, his career ended and his family has been deeply hurt. Although this is just another note in the continual drumbeat of tragedies we hear about in the news, the frequency of these incidents, clearly demonstrate that each of us is vulnerable to fall in similar ways. How can we defend our lives (and hearts) against being deceived into compromising our integrity and falling into these common pitfalls?

A second observation motivating this study comes from the fact that insiders are often the adversaries who cause the most damage and harm because they are trusted and by nature must have access to the assets we desire to protect. Human beings are often the weakest component of any security system. This review of the human heart will hopefully provide insight into ways to protect the integrity of trusted insiders as well as our own hearts in relation to the people who trust us.

Finally, defending the human heart has significant ramifications in every aspect of physical/computer security. Much of the violence that takes place on campuses (e.g. shootings, assault, etc.) have at their root a compromised heart (e.g. someone who has been continually hurt and lashes out in despair to cause pain to others after he/she has received so much). Many of the adversaries in computer security scenarios are motivated by financial gain, prestige, and other related incentives, which are deceptive and violate the worth and personhood of the people they attack. If people’s hearts were able to be defended, many of the human adversaries that we encounter in typical security reviews might in fact become allies; the ideas in this post are tools that can provide another layer of defense in depth.

Summary

Because this is almost a security review on life, it is very difficult to precisely define the system to analyze, but let us begin with some definitions of the word “heart” (paraphrased from the Oxford English Dictionary & Dictionary.com):

  • Considered the center of vital functions: the seat of life, your total personality including intuition, feeling and emotion
  • The seat of feeling, understanding, and thought, encompassing feeling, volition, and intellect
  • The seat of one’s inmost thoughts and secret feelings, depths of the soul.
  • Intent, will, purpose, inclination, desire, motivation, spirit, courage, enthusiasm

From these definitions, we see that the human heart touches on every aspect of life. It experiences the full range of emotions from the fiercest courage in the face of massive opposition, to the weakness of falling in love, to the darkness of despair and despondency (or even the deadness of total boredom). We often speak of warm affection and kindness as coming from the heart along with its converse of hatred and cold violence (though we might refer to this as heartless). The word “heartfelt”, often indicates genuineness; the true thoughts and feelings of a person, apart from the obligations of social convention or hypocritical masquerading. Something from the heart is a true expression of the person rather than a merely outward appearance for show; it is the core of who they really are.

Unfortunately, due to its extensive and intricate nature, our hearts have a wide attack surface. It is affected by physical health (e.g. we’re typically kinder when well-rested vs after pulling all-nighters throughout finals week), life circumstances (e.g. doing well on a final vs getting a bad grade), the state of our relationships (e.g. being on good terms with your family), our history and past experiences (e.g. being betrayed prevents us from trusting people), interactions with people (e.g. receiving a smile vs being put down), daily habits (e.g. beginning the day with prayer vs rushing headlong into the hustle & bustle), our worldview, and an unknown source of seeming randomness that often hits us at the worst times; and this is not even close to an exhaustive list!

Our hearts can be quite fickle; we may be passionate about something one day and wallowing in disinterested melancholy or self-pity the next. (For example, I might be extremely excited about some business idea one day and then despondent the next after discovering that some other people already thought of the same thing). Past failures and hurts haunt us with insecurities, while our “compensating” vanities end up hurting others. One moment, we might feel secure and optimistic about the future when a moment later, the uncertainties of life come crashing down causing deep anxieties to rise in our hearts. Who would of thought that DEC, Enron, or Bear Stearns could fall? We need to put our hope in the right place.

Furthermore, we can consider the moral struggle of life and the battle for integrity. The heart is the center of our motivations, desires, ethics, etc. and directs us to choose one thing over another. Sometimes our hearts are deceived and allured into pursuing temporary pleasures which destroy us in the long run. How do you protect your life? How do you protect your integrity? Though it will be very difficult to address all of these issues in a succinct blog post, I hope this introduction presents a compelling case for deeply considering the defense of the heart. Since it encompasses every aspect of life, I will only consider a few key assets in this security review and their related threats, vulnerabilities, and controls.

Author’s Note: I have attempted to make the contents of this review as widely applicable as possible, but I approach the subject through the lens of a Christian worldview.

Assets & Security Goals

Ultimately, the asset we want to defend is the heart (life) in its full sense, but for specificity, let us consider the following:

  • Passion & Motivation are important assets which sustain us through difficulties and hardship to see a worthwhile pursuit through to the finish. Without it, we despair and may lose even the will to live. We need to believe that what we are doing is worthwhile (and hopefully it truly is).
  • Personal security is a critical asset, which also sustains us through life and sets us free to live fully (and perhaps pursue the worthwhile endeavors mentioned above). Insecurities and crippling fears often hinder healthy relationships, prevent us from living fully and even cause us to hurt others.
  • I should not compromise my character and morality; I should be who I claim to be, internally consistent with my code of ethics. This is in essence the security goal of protecting the integrity of the heart; going against conscience is dangerous and results in both internal turmoil and external damage. Related to this is the issue of confidentiality: if the integrity of my heart is protected, I should not have any “dirty little secrets” that need privatizing, but can be transparent without shame.
  • Freedom: I should be free so that I can do what I want to do and what I want to do is what I ought to do. Sometimes, though we hold to a code of ethics, we find ourselves compromising it even though we deeply want to do what is right, so this security goal is an extension of integrity in that it goes beyond simply the outward actions, which may not compromise character, to point to the inward disposition: the outward actions and inward dispositions of our hearts should be right.
  • Courage and love must be available and not depleted, the resources of the heart need to be readily available so that when difficulties come our way or we are hurt in relationship, or we fail, we are able to forgive and overcome and grow.
  • There are numerous other assets that are interwoven and valuable such as love, joy, peace, faith, gratitude, identity, etc.

Adversaries & Threats

  • Rivals & Competitors who want to harm you in some way, causing you to stumble in your course of action and get you out of the “race”. They will try to attack your passion/motivation and cause you to despair, perhaps paralyzing you with fear, or they will try to distract you to pursue other things or they might cause you to compromise your integrity and so drop out in shame.
  • Friends or family who have been hurt and desire to hurt you in retaliation or who cannot help but hurt you due to the pain they bear. They may even hurt you in an attempt to re-affirm their own self-worth and power/control. This can happen directly through shunning or indirectly through means such as gossip.
  • An adversary who desires to obtain funds by causing you to compromise your integrity and then proceeding to blackmail you.
  • Entities that attempt to take over lives while drawing great gain by enslaving people in addictions. I do not write this as a specific indictment, but I think we can agree that people addicted to drugs, games, pornography, alcohol, etc have their hearts under attack by an adversary that is trying to gain from their enslavement.
  • The threat of life tragedies, we all inevitably encounter some very difficult seasons of life, which threaten to take out our hearts. We need to be prepared to face such times.
  • A very grave threat: Satan/Devil (Meaning: Accuser, Slanderer, Adversary) whose very aim is to steal joy, kill life, and destroy people.

Weaknesses & Vulnerabilities

One personally remarkable observation is that the attack techniques in computer security also appear in the relational realm. For example, gossip is a relational man in the middle attack. An adversary can “impersonate” a friend and claim that the friend violated you in some way in order to damage the relationship and cause you pain. By compromising the communications between you and your friend, both parties might be hurt and the adversary accomplishes his goal. A second example of this computer-relational analogy are trojans, which often exploit a vulnerability to perpetrate an attack and leave a backdoor for further exploitation. Many times, an attack against the heart leaves wounds (e.g. bitterness, anxiety, shame, brokenness, pain), which are further vulnerabilities that can be exploited for even more attacks. In fact, most of these weaknesses result in an unaddressed emotional pain, which leaves people vulnerable to attacks against their hearts. Here are some examples:

  • Physical Exhaustion: when we are tired, we are particularly vulnerable to deception and may be easily irritated/hurt. Physical depletion often times corresponds to a depletion of love/courage, so that an enemy might attack physical strength, or take advantage of physical weakness to perpetrate worse attacks against the heart.
  • Keeping Bad Company: when we are in unhealthy relationships or face peer pressure to compromise our integrity, we are very vulnerable to do so because of the nature of social pressure and our desire for acceptance. Keeping such company (and the related situations it places us in) only increases the probability that our integrity will fail.
  • Broken Relationships: when we do not have healthy relationships, the pain of alienation (being disconnected from people) often may drive us to hurt others and/or attempt to drown out the pain with temporary pleasures (that often compromise our integrity). Broken relationships leave us vulnerable to deception and attacks against our personal security and integrity and passion: since relationships undergird life, when we are without them, nothing seems worth pursuing, our own worth is called into question and we will do anything to satiate our desire for affection and acceptance. Broken relationships may also result in bitterness, which attacks the availability of courage and love, saps our joy and results in further pain.
  • Misplaced Hope: when we place our hope in something that is likely to fail, we only set ourselves up for disappointment. For example, those who claimed the Titanic could not sink misplaced their hope in the strength of the ship, or an investor who banks on a large company, which ends up going bankrupt has misplaced his hope, or an individual who hopes in a relationship to bring ultimate fulfillment, only to discover after the period of infatuation that their significant other is not perfect (or perhaps is even rejected), has improperly placed their hope in this person to satisfy them. In every example, disappointment will follow, and the pain of unmet expectations and its related losses leaves one vulnerable to further attacks against personal security or motivation. For example, a person who hopes in their abilities and successes, but experiences failure, is vulnerable to attack against their personal security/self-worth because their worth was defined by their ability to perform. Any adversary can then easily devalue the person and the person will believe that they are worthless and lose heart.

Defenses & Controls

  • To control the vulnerability of physical exhaustion, we can work hard to maintain good health: exercising, eating well, and being well-rested. We need to be disciplined in order to reduce our level of physical exhaustion and promote general physical (and emotional) well-being.
  • To control the vulnerabilities of bad company and broken relationships, we essentially need to avoid unhealthy relationships and pursue good ones. Avoid the company of those who will pressure you to compromise your integrity in order to be accepted. Seek trustworthy and reliable friends and open up your heart to them. Be quick to forgive and eager to make peace with your friends (& family) doing everything possible to make amends. Ultimately, broken relationships need to be prevented and when they occur, they need to be healed. This could be a totally separate security review in and of itself! Note that healthy relationships and communication are not only preventive measures against attacks, but are also a response to detected attacks: pouring out your heart to a friend helps combat adversaries.
  • To control the vulnerabilities of misplaced hope, we need to carefully examine our lives and what we are putting our hope in. Is it something dependable? Is it the right thing to bank on? What are we hoping in it for? Where else might I place my hope for this and how trustworthy are these other options? After examining the options, we need to rightly place our hope and so defend against disappointment and all the related attack vectors it opens.

For these latter two controls, my Christian worldview brings several things to bear.

First, forgiveness is one of the most difficult things to do in life and in many ways I believe it to be naturally impossible. If we have been direly hurt and devalued by others, it is only natural for us to do likewise to others for if we did not, it would be as if we agreed with the devaluation and deserved the hurt or pain we received from others. This being the case, is it ever possible to bring about reconciliation? How can we genuinely love people if we are hurt again and again?

I believe it is possible if we have first tasted the joys of being forgiven. This is precisely the message of the Christian Gospel: There exists a broken relationship between humans and God, which has left us vulnerable to attack and resulted in our hearts being hardened by sin (constant devaluations and improper overvaluations of temporary, unsatisfying things in which we misplace hope) (ergo: the heart assets have been compromised). Our hardened hearts further result in broken relationships with other people. Even though every person has devalued God, ignoring or rejecting him and preferring other things (e.g. money, prestige) to him, he does not devalue them in return. Rather, in the person of Jesus Christ, God vindicates his worth by dying on a cross and bearing the penalty we deserved for violating him. Furthermore, he rises from death (how timely, it’s almost Easter!) and promises real, full, satisfying, eternal life for everyone who hopes in him (as opposed to money, for example, to bring happiness). Because he has vindicated his worth, God now graciously accepts and forgives everyone who comes to him for mercy and brings them into the immeasurable joys of a relationship with him. Hardened hearts are replaced with new ones that are freed to forgive and love other people. The reason why this is possible is closely related to the second defense measure of a correctly placed hope: if our self-worth is defined by what other people think about us or our achievements, then when we are devalued or when our achievements are surpassed, our worth is nullified and our hope in our accomplishments or the opinions of other people has failed us. On the other hand, if our hope is in a God who we cannot and need not impress with achievements, but who has already demonstrated such great a love and valuation of us that he would die to rescue us, this is a hope that never fails and even when we experience rejection and hurt from other people, we are able to absorb the pain and forgive and fight for the freedom of the other person’s heart.

A second pertinent example of misplaced hope is hoping in money for security and comfort in life. The US economy after years of incredible growth now faces a great crisis and many people are feeling the pain in the pocket. Is it not better to hope in an all-powerful, faithful God who is on your side to take care of you than a fickle dollar whose value can plummet on a moment’s notice? The latter will likely result in disappointment and its corresponding vulnerabilities will arise as well as the actualization of threats against the heart. We can work hard to obtain financial security, but ultimately our hope for peace and happiness must rest on something more solid.

I realize not everyone shares this worldview, but if you do not, I humbly urge you to consider its validity and effectiveness in protecting our hearts against the numerous attacks we encounter in life.

Risk Analysis & Conclusion

The assets of the heart are of utmost importance and value since the heart touches on the very core of life, the essence of our souls. We observe in the real world that a person can handle the loss of material things such as wealth, reputation, and power, so long as they keep heart, but the loss of motivation and joy and love even in the presence of material advantage, has utterly negative ramifications. This is an extremely high value asset with an enormous risk impact. The risk probability of anyone of the various vulnerabilities being exploited is also quite high. Individually we are all in different seasons and stages of life, so at any particular time, we may be vulnerable to an attack along only a few of the vectors, but as common experience reveals, attacks often unexpectedly appear and at any particular time, it has been my observation that I am under some sort of attack against the assets of my heart. Indeed, sometimes multiple simultaneous attacks occur (e.g. I may do badly on a test and also be hurt by someone at the same time resulting in despondency/depression mingled with regret and anger). Thus, the overall risk probability for any one of the vulnerabilities being exploited is extremely high. Our final risk exposure is therefore astronomically high and defenses against this crucial asset must be considered of paramount importance. The loss of one’s heart means the loss of everything else in life, and the need to fight to defend our hearts cannot be overstated.

Acknowledgments: Thanks to my youth group and family who helped sharpen my thoughts. SDG. http://www.desiringgod.org/

Filed under: Ethics,Integrity,Miscellaneous,Security Reviews6 Comments »

6 Comments

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Josh

    March 21, 2008 @ 5:01 am

    Excellent analysis! I appreciated the note up-front about the world-view perspective that this comes from. A lot of authors might not be as intellectually honest about their own perspective. You did a very good job of logically demonstrating the validity and effectiveness (and importance) of protecting our hearts this way.
    Thanks!

  • 2
    Get your own gravatar for comments by visiting gravatar.com

    Comment by planetheidi

    March 21, 2008 @ 8:15 am

    Interesting analysis. This is definitely an area examined and exploited in the security field. To the techies, it’s called social engineering and pretty low-key. In Intelligence and information war , this is their bread and butter. And this is where I suggest you take your research next. I’d suggest googling up Project Slammer. And yes, you will learn a lot to apply to your computer defense lessons.

  • 3
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Don

    March 21, 2008 @ 9:19 am

    Congratulation on managing the seemingly impossible task of submitting your views on life to a CS class!

    Misplaced hope is indeed at the root of many evils of modernity: starting with blind belief in progress, consumerism, to the security issues of this course – social engineering, man in the middle, etc. Now, just to play the devil’s advocate (oops), placing all hope in one entity is just as risky as any of the others – see Sartre. It makes just as little sense for the soul as it does for the machine. You cannot just rely on the one BIG firewall to guard your computer, as the evil’s ways are intricate. Also, to save my soul from eternal burning, a firewall, no matter how big, won’t be enough.

  • 4
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Karl

    March 21, 2008 @ 10:43 am

    This review really goes beyond learning computer security and shows the ‘twisted’ paths of the security mindset. Looking at family life as though it were a system and breakdowns in family life as an exploited vulnerability is truly genius. I hope that you pan to work in a field where your talent can be of service!

  • 5
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Kris Plunkett

    March 21, 2008 @ 12:57 pm

    This article conveys very well the idea that at the heart of computer security, in fact security of any kind, is the fragile, imperfect human being. In order to understand the risks of security, we need to understand the assets that we are trying to protect. However, to understand those assets fully, we must understand the people who value those assets. Perhaps there should be more cooperation between computer security specialists and those who have insight into the human being, namely the psychologists, doctors, and philosophers of society.

    I would also like to commend the author for the manner in which their views were conveyed. I personally do not follow the Christian views but definitely take to heart many of the lessons that this faith teaches, such as friendship, kindness, and forgiveness.

    Finally, I would like to add my own view on the matter of the heart. I feel that a critical component to individual well-being is the attainment of balance. For example, I agree that the sole pursuit of financial security is indeed “misplaced hope”, but it is an unfortunate fact of life that we have physical requirements for survival. Following this example, I would advise understanding the importance of financial security while at the same time realizing that it alone cannot guarantee happiness. Other areas require balance as well, such as retaining the motivation for self-improvement while not condemning oneself for not “being good enough”.

    A vastly complex yet critically important idea has been touched upon here; one that I think security folks should think about more often since we have the tendency to get wrapped up in the technical and technological details of our work.

  • 6
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Munin

    March 26, 2008 @ 7:44 am

    Generalised:

    – Identify the Assets you want to protect (be they tangible, intangible or otherwise).

    – Estimate the value to you of each of these assets.

    – Estimate the consequences should one or more of these assets be compromised and what remedies you might have should that happen.

    – What events or conditions could cause the loss of these assets? What path leads from the current situation to the failure state.

    – At what point can you influence the flow of events if they are following a failure path and how much effort/cost would be required in each case?

    – Act according to your assessment.

    That’s what I tend to try and do anyway. One thing to watch out though, when thinking that way, is that it is a very defensive approach to things. If you are too focused on protecting what you have then you might overlook opportunities to experience new things, make new friends and generally find more things in life that you value and enjoy.

RSS feed for comments on this post