update
authorChristian Urban <christian dot urban at kcl dot ac dot uk>
Sat, 03 Jan 2015 23:14:47 +0000
changeset 369 6c7996b6b471
parent 368 b46f86d95967
child 370 ddac52c0014c
update
handouts/ho02.tex
handouts/ho09.pdf
handouts/ho09.tex
--- a/handouts/ho02.tex	Thu Jan 01 11:41:48 2015 +0000
+++ b/handouts/ho02.tex	Sat Jan 03 23:14:47 2015 +0000
@@ -507,6 +507,40 @@
 
 \end{document}
 
+%unikernels for e-voting
+Trust, trustworthiness, and the TCB
+
+The notion of trust is important in security. It is also a source of
+confusion, especially if people are sloppy in their terminology, and
+do not distinguish between trust and trustworthiness.
+
+Depending on your point of view, trust can be something good and
+desirable, or something bad and undesirable. Trust between parties is
+good in that it enables easy interaction and good collaboration
+between them. However, trust is bad in that trust in another party
+means that party can do damage to you, if it turns out not to be
+trustworthy. For example, if you give someone your bankcard and tell
+them your PIN code, you trust them; this can be useful, for instance
+if you want them to do some shopping for you, but is clearly also
+potentially dangerous.
+
+Note that if a party is not trustworthy, then it may be so
+unintentionally (because it is careless or, in the case of software,
+riddled with security vulnerabilities) or intentionally (because it is
+downright malicious).  When considering a system that is meant to meet
+some security objectives, it is important to consider which parts of
+that system are trusted in order to meet that objective. This called
+the Trusted Computing Base or TCB.  Ideally, the TCB should be as
+small as possible. The smaller the TCB, the less likely that it
+contains security vulnerabilities. (Still, you should never under-
+estimates people’s stupidity – or an attacker’s creativity – to
+introduce security vulnerabilities in even the smallest piece of
+software.) Also, the smaller the TCB, the less effort it takes to get
+some confidence that it is trustworthy, for example, in the case of
+software, by doing a code review or by performing some (penetration)
+testing.
+
+
 %%% Local Variables: 
 %%% mode: latex
 %%% TeX-master: t
Binary file handouts/ho09.pdf has changed
--- a/handouts/ho09.tex	Thu Jan 01 11:41:48 2015 +0000
+++ b/handouts/ho09.tex	Sat Jan 03 23:14:47 2015 +0000
@@ -555,7 +555,7 @@
 implementations of interpreters. A good choice for a
 functional programming language is Scala, a programming
 language that combines functional and object-oriented
-programming-styles. It has received in the last five years or
+pro\-gramming-styles. It has received in the last five years or
 so quite a bit of attention. One reason for this attention is
 that, like the Java programming language, Scala compiles to
 the Java Virtual Machine (JVM) and therefore Scala programs
@@ -573,11 +573,14 @@
 \url{http://www.scala-lang.org}
 \end{quote}
 
+Let us have a look at the Scala code shown in Figure~\ref{code}.
+It shows the entire code 
 
 \begin{figure}[t]
 \small
 \lstinputlisting[language=Scala]{../progs/inter.scala}
-\caption{Bla}
+\caption{The entire code of the interpreter for our
+idealised programming language.\label{code}}
 \end{figure}