The Importance of Trust in Computer Security

The computer security community has traditionally regarded security as a “hard” property that can be modelled and formally proven under certain simplifying assumptions. Traditional security technologies assume that computer users are either malicious, e.g. hackers or spies, or benevolent, competent and well informed about the security policies. Over the past two decades, however, computing has proliferated into all aspects of modern society and the spread of malicious software (malware) like worms, viruses and botnets have become an increasing threat. This development indicates a failure in some of the fundamental assumptions that underpin existing computer security technologies and that a new view of computer security is long overdue.

[1]  B. Lampson,et al.  Protection 1 , 2022 .

[2]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[3]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[4]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[5]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[6]  Charles L. Weber,et al.  A Mathematical Model , 1987 .

[7]  K. Thompson Reflections on trusting trust , 1984, CACM.

[8]  Martín Abadi,et al.  Authentication in the Taos operating system , 1993, SOSP '93.

[9]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[10]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[11]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[12]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[13]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[14]  X Itu,et al.  Information technology-open systems interconnection-the directory: Public-key and attribute certific , 2000 .

[15]  Siani Pearson,et al.  Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[16]  Dieter Gollmann,et al.  Why Trust is Bad for Security , 2006, Electron. Notes Theor. Comput. Sci..

[17]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[18]  Joseph Bonneau,et al.  The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords , 2012, 2012 IEEE Symposium on Security and Privacy.

[19]  Anneli Folkesson,et al.  Secure Computer Systems , 2013 .