# HG changeset patch # User Christian Urban # Date 1420326887 0 # Node ID 6c7996b6b4716992a5f0756900e1c94e2a45f89f # Parent b46f86d95967143dcb5422eb231a5d6296a816c8 update diff -r b46f86d95967 -r 6c7996b6b471 handouts/ho02.tex --- a/handouts/ho02.tex Thu Jan 01 11:41:48 2015 +0000 +++ b/handouts/ho02.tex Sat Jan 03 23:14:47 2015 +0000 @@ -507,6 +507,40 @@ \end{document} +%unikernels for e-voting +Trust, trustworthiness, and the TCB + +The notion of trust is important in security. It is also a source of +confusion, especially if people are sloppy in their terminology, and +do not distinguish between trust and trustworthiness. + +Depending on your point of view, trust can be something good and +desirable, or something bad and undesirable. Trust between parties is +good in that it enables easy interaction and good collaboration +between them. However, trust is bad in that trust in another party +means that party can do damage to you, if it turns out not to be +trustworthy. For example, if you give someone your bankcard and tell +them your PIN code, you trust them; this can be useful, for instance +if you want them to do some shopping for you, but is clearly also +potentially dangerous. + +Note that if a party is not trustworthy, then it may be so +unintentionally (because it is careless or, in the case of software, +riddled with security vulnerabilities) or intentionally (because it is +downright malicious). When considering a system that is meant to meet +some security objectives, it is important to consider which parts of +that system are trusted in order to meet that objective. This called +the Trusted Computing Base or TCB. Ideally, the TCB should be as +small as possible. The smaller the TCB, the less likely that it +contains security vulnerabilities. (Still, you should never under- +estimates people’s stupidity – or an attacker’s creativity – to +introduce security vulnerabilities in even the smallest piece of +software.) Also, the smaller the TCB, the less effort it takes to get +some confidence that it is trustworthy, for example, in the case of +software, by doing a code review or by performing some (penetration) +testing. + + %%% Local Variables: %%% mode: latex %%% TeX-master: t diff -r b46f86d95967 -r 6c7996b6b471 handouts/ho09.pdf Binary file handouts/ho09.pdf has changed diff -r b46f86d95967 -r 6c7996b6b471 handouts/ho09.tex --- a/handouts/ho09.tex Thu Jan 01 11:41:48 2015 +0000 +++ b/handouts/ho09.tex Sat Jan 03 23:14:47 2015 +0000 @@ -555,7 +555,7 @@ implementations of interpreters. A good choice for a functional programming language is Scala, a programming language that combines functional and object-oriented -programming-styles. It has received in the last five years or +pro\-gramming-styles. It has received in the last five years or so quite a bit of attention. One reason for this attention is that, like the Java programming language, Scala compiles to the Java Virtual Machine (JVM) and therefore Scala programs @@ -573,11 +573,14 @@ \url{http://www.scala-lang.org} \end{quote} +Let us have a look at the Scala code shown in Figure~\ref{code}. +It shows the entire code \begin{figure}[t] \small \lstinputlisting[language=Scala]{../progs/inter.scala} -\caption{Bla} +\caption{The entire code of the interpreter for our +idealised programming language.\label{code}} \end{figure}