I would be very interested in conjectures of the below flavour:
Well constructed assemblages are at least as safe as any of their component primitives
More usefully:
The safety guarantees of a well constructed assemblage is a superset of the union of safety guarantees of each component primitive
(“Well constructed” left implicit for now.
“safety guarantees” are the particular properties of primitives that are interesting/meaningful/useful from a safety/security perspective.)
Theorems of the above sort imply that assemblages are no less safe than their components and are potentially much safer.
Expanded Concepts
Considering only the safety guarantees of a given assemblage.
Components
The “components” of an assemblage are the primitives composed together to make it.
Singleton
An assemblage that has a single component.
Dominance
Weak Dominance
An assemblage A_i weakly dominates another assemblage A_j if it has all the safety guarantees of A_j.
Strong Dominance
An assemblage A_i strongly dominates another assemblage A_j if it has all the safety guarantees of A_j and there exist safety guarantees of A_i that A_j lacks.
Well constructed assemblages weakly dominate all components.
Unless all components provide the same safety guarantees, it would be the case that assemblages strongly dominate some of their components.
Useful assemblages should strongly dominate all their components (otherwise, there’ll be redundant components).
Redundance
A component of an assemblage A_i is “redundant” if there exists a proper sub-assemblage A_j that weakly dominates A_i.
Minimal Assemblages
A “minimal” assemblage is an assemblage that has no redundant components.
Non singleton minimal assemblages strongly dominate all components.
Useful assemblages are minimal.
Total Assemblages
An assemblage A_i is total with respect to a set of primitives \mathcal{P} if there does not exist any assemblage A_j that can be constructed from \mathcal{P} that obtains safety guarantees A_i lacks.
Optimal Assemblages
An assemblage is optimal with respect to a set of primitives if it’s minimal and total wrt to that set of primitives.
I think you propose deploying the minimal adequate assemblage, but I propose deploying the maximal adequate assemblage.
To clarify — there will exist an Adequacy Range among the assemblages, where assemblages within this range are adequate, assemblages below this range are inadequate (too unsafe), and assemblages above this range are inadequate (too incompetent). I think we should deploy an assemblage at the top of this range, not the bottom.
The concepts you’ve defined are clues you’re thinking about assemblages in roughly the same way I am.
Conjectures???
I would be very interested in conjectures of the below flavour:
More usefully:
(“Well constructed” left implicit for now. “safety guarantees” are the particular properties of primitives that are interesting/meaningful/useful from a safety/security perspective.)
Theorems of the above sort imply that assemblages are no less safe than their components and are potentially much safer.
Expanded Concepts
Considering only the safety guarantees of a given assemblage.
Components
The “components” of an assemblage are the primitives composed together to make it.
Singleton
An assemblage that has a single component.
Dominance
Weak Dominance
An assemblage A_i weakly dominates another assemblage A_j if it has all the safety guarantees of A_j.
Strong Dominance
An assemblage A_i strongly dominates another assemblage A_j if it has all the safety guarantees of A_j and there exist safety guarantees of A_i that A_j lacks.
Well constructed assemblages weakly dominate all components.
Unless all components provide the same safety guarantees, it would be the case that assemblages strongly dominate some of their components.
Useful assemblages should strongly dominate all their components (otherwise, there’ll be redundant components).
Redundance
A component of an assemblage A_i is “redundant” if there exists a proper sub-assemblage A_j that weakly dominates A_i.
Minimal Assemblages
A “minimal” assemblage is an assemblage that has no redundant components.
Non singleton minimal assemblages strongly dominate all components.
Useful assemblages are minimal.
Total Assemblages
An assemblage A_i is total with respect to a set of primitives \mathcal{P} if there does not exist any assemblage A_j that can be constructed from \mathcal{P} that obtains safety guarantees A_i lacks.
Optimal Assemblages
An assemblage is optimal with respect to a set of primitives if it’s minimal and total wrt to that set of primitives.
To use your & my terminology:
I think you propose deploying the minimal adequate assemblage, but I propose deploying the maximal adequate assemblage.
To clarify — there will exist an Adequacy Range among the assemblages, where assemblages within this range are adequate, assemblages below this range are inadequate (too unsafe), and assemblages above this range are inadequate (too incompetent). I think we should deploy an assemblage at the top of this range, not the bottom.
The concepts you’ve defined are clues you’re thinking about assemblages in roughly the same way I am.