diff -r b46f86d95967 -r 6c7996b6b471 handouts/ho02.tex --- a/handouts/ho02.tex Thu Jan 01 11:41:48 2015 +0000 +++ b/handouts/ho02.tex Sat Jan 03 23:14:47 2015 +0000 @@ -507,6 +507,40 @@ \end{document} +%unikernels for e-voting +Trust, trustworthiness, and the TCB + +The notion of trust is important in security. It is also a source of +confusion, especially if people are sloppy in their terminology, and +do not distinguish between trust and trustworthiness. + +Depending on your point of view, trust can be something good and +desirable, or something bad and undesirable. Trust between parties is +good in that it enables easy interaction and good collaboration +between them. However, trust is bad in that trust in another party +means that party can do damage to you, if it turns out not to be +trustworthy. For example, if you give someone your bankcard and tell +them your PIN code, you trust them; this can be useful, for instance +if you want them to do some shopping for you, but is clearly also +potentially dangerous. + +Note that if a party is not trustworthy, then it may be so +unintentionally (because it is careless or, in the case of software, +riddled with security vulnerabilities) or intentionally (because it is +downright malicious). When considering a system that is meant to meet +some security objectives, it is important to consider which parts of +that system are trusted in order to meet that objective. This called +the Trusted Computing Base or TCB. Ideally, the TCB should be as +small as possible. The smaller the TCB, the less likely that it +contains security vulnerabilities. (Still, you should never under- +estimates people’s stupidity – or an attacker’s creativity – to +introduce security vulnerabilities in even the smallest piece of +software.) Also, the smaller the TCB, the less effort it takes to get +some confidence that it is trustworthy, for example, in the case of +software, by doing a code review or by performing some (penetration) +testing. + + %%% Local Variables: %%% mode: latex %%% TeX-master: t