History of Constructing Precision Instruments Provides a Lesson for Building Secure Computing

How to measure goes to the root of the experimental process. What to use as the measuring device? How do you know to trust it? Ultimately, measurements are the comparison of one unknown quantity againsts a known quantity, where the known quantity is used to determine the unknown quantity.

The history of the lathe lead screw serves as a great illustration about how to go about solving this issue of understanding and trust in measurement. In this case a machine lathe is to be used to cut screw threads. This is done by engaging the “lead screw” of the lathe which the tool then follows when cutting the screw thread. In doing so, a reproduction of the thread pitch of the lead screw is created in the cut screw thread. But, where did the lead screw come from in the first place? More specifically, how was the first lead screw constructed? There was, of course, no lead screw lathe to use to make it.

The sequence of logical arguments and constructs that is used to create a lead screw is instructive for understanding measurement and the construction of any comprehensive, precision device. And, I believe, in understanding how to build secure systems. I’ll cover this in an upcoming blog posting.

The process described here is from one hundred years ago. [1] A precision wire of fixed diameter is wound closely around a precision mandrel of fixed diameter that is mounted on a special lathe, so no gaps appear between the windings. The diameter of the mandrel and the wire thus determine the pitch of the resulting screw. This is the first logical argument, that a wound wire approximates a screw thread and can determine the pitch.

Uncertainties exist in many places in the above setup, but principally in the wire and mandrel. Following the wire at one point around the mandrel while cutting the screw would reproduce the errors in the wire and mandrel identically. Here is where the second logical argument comes in. Recognizing this problem, the screw maker constructs a multi-thread cutting tool that will contact the work in multiple places and a nut is fashioned for following the wire that also contacts the wire over multiple turns of the wire. Thus, the errors of the wire and mandrel are averaged out over the multiple turns of the wire and a more precise thread is cut in the screw.

How does this apply to cybersecurity you ask? It is the process of a sequence of logical arguments and constructs that is the template to follow in creating a secure system. First, limit to a simple system that may be fully described and understood, then reason about the elements of security that are needed at each point or stage of the system to ensure cybersecurity. Finally, implement and test those logical constructs in a rigorous manner to ensure that they are followed. This is the only way to build a system that inspires confidence that it is actually secure.

[1] “Making Precision Screws For Scientific Instruments”, Machinery Magazine, August 9, 1917

David Viel Founder and CEO

David is the founder of Cognoscenti Systems.

Website: http://www.cognoscentisystems.com