--- a/handouts/ho02.tex	Thu Jan 01 11:41:48 2015 +0000
+++ b/handouts/ho02.tex	Sat Jan 03 23:14:47 2015 +0000
@@ -507,6 +507,40 @@
 
 \end{document}
 
+%unikernels for e-voting
+Trust, trustworthiness, and the TCB
+
+The notion of trust is important in security. It is also a source of
+confusion, especially if people are sloppy in their terminology, and
+do not distinguish between trust and trustworthiness.
+
+Depending on your point of view, trust can be something good and
+desirable, or something bad and undesirable. Trust between parties is
+good in that it enables easy interaction and good collaboration
+between them. However, trust is bad in that trust in another party
+means that party can do damage to you, if it turns out not to be
+trustworthy. For example, if you give someone your bankcard and tell
+them your PIN code, you trust them; this can be useful, for instance
+if you want them to do some shopping for you, but is clearly also
+potentially dangerous.
+
+Note that if a party is not trustworthy, then it may be so
+unintentionally (because it is careless or, in the case of software,
+riddled with security vulnerabilities) or intentionally (because it is
+downright malicious).  When considering a system that is meant to meet
+some security objectives, it is important to consider which parts of
+that system are trusted in order to meet that objective. This called
+the Trusted Computing Base or TCB.  Ideally, the TCB should be as
+small as possible. The smaller the TCB, the less likely that it
+contains security vulnerabilities. (Still, you should never under-
+estimates people’s stupidity – or an attacker’s creativity – to
+introduce security vulnerabilities in even the smallest piece of
+software.) Also, the smaller the TCB, the less effort it takes to get
+some confidence that it is trustworthy, for example, in the case of
+software, by doing a code review or by performing some (penetration)
+testing.
+
+
 %%% Local Variables: 
 %%% mode: latex
 %%% TeX-master: t