Trust in Computer Systems and the Cloud

Оглавление

Mike Bursell. Trust in Computer Systems and the Cloud

Table of Contents

List of Tables

List of Illustrations

Guide

Pages

Praise for Trust in Computer Systems and the Cloud

Trust in Computer Systems and the Cloud

Introduction

Notes

CHAPTER 1 Why Trust?

Analysing Our Trust Statements

What Is Trust?

What Is Agency?

Trust and Security

Trust as a Way for Humans to Manage Risk

Risk, Trust, and Computing

Defining Trust in Systems

Defining Correctness in System Behaviour

Notes

CHAPTER 2 Humans and Trust

The Role of Monitoring and Reporting in Creating Trust

Game Theory

The Prisoner's Dilemma

Reputation and Generalised Trust

Institutional Trust

Theories of Institutional Trust

Who Is Actually Being Trusted?

Trust Based on Authority

Trusting Individuals

Trusting Ourselves

Trusting Others

Trust, But Verify

Attacks from Within

The Dangers of Anthropomorphism

Identifying the Real Trustee

Notes

CHAPTER 3 Trust Operations and Alternatives

Trust Actors, Operations, and Components

Reputation, Transitive Trust, and Distributed Trust

Agency and Intentionality

Alternatives to Trust

Legal Contracts

Enforcement

Verification

Assurance and Accountability

Trust of Non-Human or Non-Adult Actors

Expressions of Trust

Relating Trust and Security

Misplaced Trust

Notes

CHAPTER 4 Defining Trust in Computing

A Survey of Trust Definitions in Computer Systems

Other Definitions of Trust within Computing

Applying Socio-Philosophical Definitions of Trust to Systems

Mathematics and Trust

Mathematics and Cryptography

Mathematics and Formal Verification

Notes

CHAPTER 5 The Importance of Systems

System Design

The Network Stack

Linux Layers

Virtualisation and Containers: Cloud Stacks

Other Axes of System Design

“Trusted” Systems

Trust Within the Network Stack

Trust in Linux Layers

Trust in Cloud Stacks

Hardware Root of Trust

Cryptographic Hash Functions

Measured Boot and Trusted Boot

Certificate Authorities

Internet Certificate Authorities

Local Certificate Authorities

Root Certificates as Trust Pivots

The Temptations of “Zero Trust”

The Importance of Systems

Isolation

Contexts

Worked Example: Purchasing Whisky

Actors, Organisations, and Systems

Stepping Through the Transaction

Attacks and Vulnerabilities

Trust Relationships and Agency

Agency

Trust Relationships

The Importance of Being Explicit

Explicit Actions

Explicit Actors

Notes

CHAPTER 6 Blockchain and Trust

Bitcoin and Other Blockchains

Permissioned Blockchains

Trust without Blockchains

Blockchain Promoting Trust

Permissionless Blockchains and Cryptocurrencies

Notes

CHAPTER 7 The Importance of Time

Decay of Trust

Decay of Trust and Lifecycle

Software Lifecycle

Trust Anchors, Trust Pivots, and the Supply Chain

Types of Trust Anchors

Monitoring and Time

Attestation

The Problem of Measurement

The Problem of Run Time

Trusted Computing Base

Component Choice and Trust

Reputation Systems and Trust

Notes

CHAPTER 8 Systems and Trust

System Components

Explicit Behaviour

Defining Explicit Trust

Dangers of Automated Trust Relationships

Time and Systems

Defining System Boundaries

Trust and a Complex System

Isolation and Virtualisation

The Stack and Time

Beyond Virtual Machines

Hardware-Based Type 3 Isolation

Notes

CHAPTER 9 Open Source and Trust

Distributed Trust

How Open Source Relates to Trust

Community and Projects

Projects and the Personal

Open Source Process

Trusting the Project

Trusting the Software

Supply Chain and Products

Open Source and Security

Notes

CHAPTER 10 Trust, the Cloud, and the Edge

Deployment Model Differences

What Host Systems Offer

What Tenants Need

Mutually Adversarial Computing

Mitigations and Their Efficacy

Commercial Mitigations

Architectural Mitigations

Technical Mitigations

Notes

CHAPTER 11 Hardware, Trust, and Confidential Computing

Properties of Hardware and Trust

Isolation

Roots of Trust

Physical Compromise

Confidential Computing

TEE TCBs in detail

Trust Relationships and TEEs

How Execution Can Go Wrong—and Mitigations

Minimum Numbers of Trustees

Explicit Trust Models for TEE Deployments

Notes

CHAPTER 12 Trust Domains

The Composition of Trust Domains

Trust Domains in a Bank

Trust Domains in a Distributed Architecture

Trust Domain Primitives and Boundaries

Trust Domain Primitives

Trust Domains and Policy

Other Trust Domain Primitives

Boundaries

Centralisation of Control and Policies

Notes

CHAPTER 13 A World of Explicit Trust

Tools for Trust

The Role of the Architect

Architecting the System

The Architect and the Trustee

Coda

Note

References

Index

About the Author

About the Technical Editor

Acknowledgements

WILEY END USER LICENSE AGREEMENT

Отрывок из книги

“The problem is that when you use the word trust, people think they know what you mean. It turns out that they almost never do.” With this singular statement, Bursell has defined both the premise and the value he expounds in this insightful treatise spanning the fundamentals and complexities of digital trust. Operationalizing trust is foundational to effective human and machine digital relationships, with Bursell leading the reader on a purposeful journey expressing and consuming elements of digital trust across current and future-relevant data lifecycles.

—Kurt Roemer,

.....

Risk is important in the world of IT and computing. Organisations need to know whether their systems will work as expected or if they will fail for any one of many reasons: for example, hardware failure, loss of power, malicious compromise, poor software. Given that trust is a way of mitigating risk, are there opportunities to use trust—to transfer what humans have learned from creating and maintaining trust relationships—and transfer it to this world? We could say that humans need to “trust” their systems. If we think back to the cases presented earlier in the chapter, this fits our third example, where we discussed the bank trusting its IT systems.

The first problem with trusting systems is that the world of trust is not simple when we start talking about computers. We might expect that computers and computer systems, being less complex than humans, would be easier to consider with respect to trust, but we cannot simply apply the concept of trust the same way to interactions with computers as we do to interactions with humans. The second problem is that humans are good at inventing and using metaphors and applying a concept to different contexts to make some sense of them, even when the concept does not map perfectly to the new contexts. Trust is one of these contexts: we think we know what we mean when we talk about trust, but when we apply it to interactions with computer systems, it turns out that the concepts we think we understand do not map perfectly.

.....