Details

<p>Introduction xv</p> <p><b>Chapter 1 Why Trust? 1</b></p> <p>Analysing Our Trust Statements 4</p> <p>What Is Trust? 5</p> <p>What Is Agency? 8</p> <p>Trust and Security 10</p> <p>Trust as a Way for Humans to Manage Risk 13</p> <p>Risk, Trust, and Computing 15</p> <p>Defining Trust in Systems 15</p> <p>Defining Correctness in System Behaviour 17</p> <p><b>Chapter 2 Humans and Trust 19</b></p> <p>The Role of Monitoring and Reporting in Creating Trust 21</p> <p>Game Theory 24</p> <p>The Prisoner’s Dilemma 24</p> <p>Reputation and Generalised Trust 27</p> <p>Institutional Trust 28</p> <p>Theories of Institutional Trust 29</p> <p>Who Is Actually Being Trusted? 31</p> <p>Trust Based on Authority 33</p> <p>Trusting Individuals 37</p> <p>Trusting Ourselves 37</p> <p>Trusting Others 41</p> <p>Trust, But Verify 43</p> <p>Attacks from Within 43</p> <p>The Dangers of Anthropomorphism 45</p> <p>Identifying the Real Trustee 47</p> <p><b>Chapter 3 Trust Operations and Alternatives 53</b></p> <p>Trust Actors, Operations, and Components 53</p> <p>Reputation, Transitive Trust, and Distributed Trust 59</p> <p>Agency and Intentionality 62</p> <p>Alternatives to Trust 65</p> <p>Legal Contracts 65</p> <p>Enforcement 66</p> <p>Verification 67</p> <p>Assurance and Accountability 67</p> <p>Trust of Non-Human or Non-Adult Actors 68</p> <p>Expressions of Trust 69</p> <p>Relating Trust and Security 75</p> <p>Misplaced Trust 75</p> <p><b>Chapter 4 Defining Trust in Computing 79</b></p> <p>A Survey of Trust Definitions in Computer Systems 79</p> <p>Other Definitions of Trust within Computing 84</p> <p>Applying Socio-Philosophical Definitions of Trust to Systems 86</p> <p>Mathematics and Trust 87</p> <p>Mathematics and Cryptography 87</p> <p>Mathematics and Formal Verification 89</p> <p><b>Chapter 5 The Importance of Systems 93</b></p> <p>System Design 93</p> <p>The Network Stack 94</p> <p>Linux Layers 96</p> <p>Virtualisation and Containers: Cloud Stacks 97</p> <p>Other Axes of System Design 99</p> <p>“Trusted” Systems 99</p> <p>Trust Within the Network Stack 101</p> <p>Trust in Linux Layers 102</p> <p>Trust in Cloud Stacks 103</p> <p>Hardware Root of Trust 106</p> <p>Cryptographic Hash Functions 110</p> <p>Measured Boot and Trusted Boot 112</p> <p>Certificate Authorities 114</p> <p>Internet Certificate Authorities 115</p> <p>Local Certificate Authorities 116</p> <p>Root Certificates as Trust Pivots 119</p> <p>The Temptations of “Zero Trust” 122</p> <p>The Importance of Systems 125</p> <p>Isolation 125</p> <p>Contexts 127</p> <p>Worked Example: Purchasing Whisky 128</p> <p>Actors, Organisations, and Systems 129</p> <p>Stepping Through the Transaction 130</p> <p>Attacks and Vulnerabilities 134</p> <p>Trust Relationships and Agency 136</p> <p>Agency 136</p> <p>Trust Relationships 137</p> <p>The Importance of Being Explicit 145</p> <p>Explicit Actions 145</p> <p>Explicit Actors 149</p> <p><b>Chapter 6 Blockchain and Trust 151</b></p> <p>Bitcoin and Other Blockchains 151</p> <p>Permissioned Blockchains 152</p> <p>Trust without Blockchains 153</p> <p>Blockchain Promoting Trust 154</p> <p>Permissionless Blockchains and Cryptocurrencies 156</p> <p><b>Chapter 7 The Importance of Time 161</b></p> <p>Decay of Trust 161</p> <p>Decay of Trust and Lifecycle 163</p> <p>Software Lifecycle 168</p> <p>Trust Anchors, Trust Pivots, and the Supply Chain 169</p> <p>Types of Trust Anchors 170</p> <p>Monitoring and Time 171</p> <p>Attestation 173</p> <p>The Problem of Measurement 174</p> <p>The Problem of Run Time 176</p> <p>Trusted Computing Base 177</p> <p>Component Choice and Trust 178</p> <p>Reputation Systems and Trust 181</p> <p><b>Chapter 8 Systems and Trust 185</b></p> <p>System Components 185</p> <p>Explicit Behaviour 188</p> <p>Defining Explicit Trust 189</p> <p>Dangers of Automated Trust Relationships 192</p> <p>Time and Systems 194</p> <p>Defining System Boundaries 198</p> <p>Trust and a Complex System 199</p> <p>Isolation and Virtualisation 202</p> <p>The Stack and Time 205</p> <p>Beyond Virtual Machines 205</p> <p>Hardware-Based</p> <p>Type 3 Isolation 207</p> <p><b>Chapter 9 Open Source and Trust 211</b></p> <p>Distributed Trust 211</p> <p>How Open Source Relates to Trust 214</p> <p>Community and Projects 215</p> <p>Projects and the Personal 217</p> <p>Open Source Process 219</p> <p>Trusting the Project 220</p> <p>Trusting the Software 222</p> <p><b>Contents xiii</b></p> <p><b>xiv Contents</b></p> <p>Supply Chain and Products 226</p> <p>Open Source and Security 229</p> <p><b>Chapter 10 Trust, the Cloud, and the Edge 233</b></p> <p>Deployment Model Differences 235</p> <p>What Host Systems Offer 237</p> <p>What Tenants Need 237</p> <p>Mutually Adversarial Computing 240</p> <p>Mitigations and Their Efficacy 243</p> <p>Commercial Mitigations 243</p> <p>Architectural Mitigations 244</p> <p>Technical Mitigations 246</p> <p><b>Chapter 11 Hardware, Trust, and Confidential Computing 247</b></p> <p>Properties of Hardware and Trust 248</p> <p>Isolation 248</p> <p>Roots of Trust 249</p> <p>Physical Compromise 253</p> <p>Confidential Computing 256</p> <p>TEE TCBs in detail 261</p> <p>Trust Relationships and TEEs 266</p> <p>How Execution Can Go Wrong—and Mitigations 269</p> <p>Minimum Numbers of Trustees 276</p> <p>Explicit Trust Models for TEE Deployments 278</p> <p><b>Chapter 12 Trust Domains 281</b></p> <p>The Composition of Trust Domains 284</p> <p>Trust Domains in a Bank 284</p> <p>Trust Domains in a Distributed Architecture 288</p> <p>Trust Domain Primitives and Boundaries 292</p> <p>Trust Domain Primitives 292</p> <p>Trust Domains and Policy 293</p> <p>Other Trust Domain Primitives 296</p> <p>Boundaries 297</p> <p>Centralisation of Control and Policies 298</p> <p><b>Chapter 13 A World of Explicit Trust 301</b></p> <p>Tools for Trust 301</p> <p>The Role of the Architect 303</p> <p>Architecting the System 304</p> <p>The Architect and the Trustee 305</p> <p>Coda 307</p> <p>References 309</p> <p>Index 321</p>

<p><b>MIKE BURSELL</b> is CEO and co-founder of Profian, a Confidential Computing company. He holds multiple security patents, is a sought-after speaker at global technology conferences, and has contributed to major reports and security specifications for the European Telecommunications Standards Institute.</p>

<p>“A must-read book to understand how one of the bases of human civilization can and must be applied in the digital world.”</p> <p><b>— Dr. Diego R. Lopez, Head of Technology Exploration, Telefonica and Chair of ETSI blockchain initiative</b> <p>“As we have moved to the digital society, appreciating what and what not to trust is paramount if you use computer systems and/or the Cloud. You will be well prepared when you have read this book.” <p><B>— Professor Peter Landrock, D.Sc. (hon), Founder of Cryptomathic</b> <p><b>A groundbreaking exploration of trust, risk, and security</b> <p>Trust is a central concept in computer software and hardware, but it remains poorly defined and even less understood. Many information technology professionals operate without an overarching, theory-based understanding of what trust is, how it is built, or how it is shared between computer systems and users. <p>In <i>Trust in Computer Systems and the Cloud, </i>renowned security expert Mike Bursell delivers an insightful and compelling treatment of how trust can be discussed, defined, and managed in many areas of computing. By anchoring his sophisticated, but approachable, exploration of the topic in the concept of understanding and quantifying risk, the author walks readers through the basic ideas of trust and the applications of trust to complex systems, open-source communities, and trust domains. <p>The book draws on recent scholarship in the social and computer sciences to explain contemporary trends in hardware and software security while maintaining a tight focus on pragmatic applications in computing. It serves as a practical starting point for decisions and discussions about trust, security, and risk. This approach establishes the core trust principles underlying Confidential Computing and introduces cross-disciplinary frameworks on which readers can build powerful new computing and cloud applications.

<p><i>"The problem is that when you use the word trust, people think they know what you mean. It turns out that they almost never do. </i>With this singular statement, Bursell has defined both the premise and the value he expounds in this insightful treatise spanning the fundamentals and complexities of digital trust. Operationalizing trust is foundational to effective human and machine digital relationships, with Bursell leading the reader on a purposeful journey expressing and consuming elements of digital trust across current and future-relevant data lifecycles."<br /><b><b>—</b>Kurt Roemer, Chief Security Strategist and Office of the CTO, Citrix</b></p> <p>"Trust is a matter of context. Specifically, "context" is one of the words most repeated in this book, and I must say that its use is justified in all cases. Not only is the meaning of trust is analysed in all possible contexts, including some essential philosophical and psychological foundations, but the concept is also applied to all possible ICT contexts, from basic processor instructions to cloud and edge infrastructures, and different trust frameworks are explored, from hierarchical (CAs) to distributed (DLTs) approaches. A must-read book to understand how one of the bases of human civilization can and must be applied in the digital world."<br /><b><b>—</b>Dr. Diego R. Lopez, Head of Technology Exploration, Telefonica and Chair of ETSI blockchain initiative</b></p> <p>“Trust is a complex and important concept in network security. Bursell neatly unpacks it in this detailed and readable book.”<br /><b><b>—</b>Bruce Schneier, author of <i>Liars and Outliers: Enabling the Trust Society Needs to Thrive</i></b></p> <p>"As we have moved to the digital society, appreciating what and what not to trust is paramount if you use computer systems and/or the Cloud. You will be well prepared when you have read this book."<br /><b><b>—</b>Professor Peter Landrock, D.Sc. (hon), Founder of Cryptomathic<br /><br /></b>"This book needs to be on every technologist's and engineer's bookshelf. Combining storytelling and technology, Bursell has shared with all of us the knowledge we need to build trust and security in a cloud computing environment."<br /><b><b>—</b>Steve Kolombaris, CISO & Cyber Security Leader with 20+ years' experience, formerly Apple, JPMorgan Chase, Bank of America</b></p>

US