The Onion model of security

We passionately argue for Security is Simplicity and claim that it fundamentally refutes the common analogy that security is like the layers of an onion (often called "Defense in Depth").

While "Defense in Depth" has its merits, the "Security is Simplicity" philosophy views the onion analogy as inherently flawed because it relies on complexity to mask potential weakness.

The Flaw in the "Onion" Analogy

The claim that security is like the layers of an onion suggests that the more layers of protection you stack (firewalls, IDS, MFA, application security, etc.), the more difficult it is for an attacker to reach the core.

However, the "Security is Simplicity" philosophy makes the following refutations:

1. Layers Introduce Complexity and New Attack Surfaces

• The Problem: Every new security layer (a firewall rule, an authentication proxy, a vulnerability scanner) is itself a piece of software that must be configured, maintained, and secured.

• The Refutation: Instead of making the core system stronger, the layers add complexity that no single person can fully comprehend. This complexity becomes a new attack surface. A minor misconfiguration in one layer can create a massive hole that bypasses all others. The onion is not a series of seamless defenses; it is a collection of potentially vulnerable, interacting systems.

2. Failure to Address the Core Weakness

• The Problem: The onion model often accepts that the "core" (the application or data) is inherently flawed (e.g., susceptible to buffer overflows, SQL injection) and attempts to protect it externally.

• The Refutation: The NICS principle that storage handling must prevent overflows demands that security be built in, not bolted on. If the core itself is simple, understood, and structurally invulnerable (like NICS preventing overflows), external layers become less about masking flaws and more about simple access control. The onion philosophy says, "Protect the leaky core." The simplicity philosophy says, "Fix the leak at the core."

3. Illusion of Security vs. Verifiable Security

• The Problem: Stacking layers creates a psychological feeling of safety ("We have 10 security products!").

• The Refutation: Security is not about feeling safe; it's about knowing you are safe because the system is transparent and auditable. A simple, small codebase whose security proofs are self-evident is provably more secure than a vast, layered system whose actual effectiveness is a matter of hope. Simplicity is verifiable; complexity is opaque.

STILL NOT CONVINCED?

The Alternative: Security as Structural Integrity

Instead of the onion, the "Security is Simplicity" argument suggests that security should be like the structural integrity of a well-designed bridge.

• A bridge doesn't become safer by piling on external scaffolding (layers); it becomes safe because its fundamental design is mathematically sound, its materials are tested, and its construction is simple and precise.

• In this analogy, NICS is the tested material and sound construction that makes entire structural failures (like buffer overflows) impossible, regardless of the traffic (data) it handles.

The call is to shift the passion from adding layers to achieving structural, unyielding, understandable, integrity at the foundation.