Description
Book SynopsisLearn to analyze and measure risk by exploring the nature of trust and its application to cybersecurityTrust in Computer Systemsand the Clouddelivers an insightful and practical new take on what it means to trust in the context of computer and network security and the impact on the emerging field of Confidential Computing. Author MikeBursell'sexperience, ranging from Chief Security Architect at Red Hat to CEO at a Confidential Computing start-up grounds the reader in fundamental concepts of trust and related ideas before discussing the more sophisticated applications of these concepts to various areas in computing. The bookdemonstratesin the importance of understanding and quantifying risk and draws on the social and computer sciences to explain hardware and software security, complex systems, and open source communities. It takes a detailed look at the impact of Confidential Computing on security, trust and risk and also describes the emerging concept of trust domains, which provide an alternative to standard layered security. Foundational definitions of trust from sociology and other social sciences, how they evolved, and what modern concepts of trust mean to computer professionalsA comprehensive examination of the importance of systems, from open-source communities to HSMs, TPMs, and Confidential Computing with TEEs.A thorough exploration of trust domains, includingexplorationsof communities of practice, the centralization of control and policies, and monitoring Perfect for security architects at the CISSP level or higher,Trust in Computer Systemsand the Cloudis also an indispensable addition to the libraries of system architects, security system engineers, and master's students in software architecture and security.
Table of ContentsIntroduction xv
Chapter 1 Why Trust? 1
Analysing Our Trust Statements 4
What Is Trust? 5
What Is Agency? 8
Trust and Security 10
Trust as a Way for Humans to Manage Risk 13
Risk, Trust, and Computing 15
Defining Trust in Systems 15
Defining Correctness in System Behaviour 17
Chapter 2 Humans and Trust 19
The Role of Monitoring and Reporting in Creating Trust 21
Game Theory 24
The Prisoner’s Dilemma 24
Reputation and Generalised Trust 27
Institutional Trust 28
Theories of Institutional Trust 29
Who Is Actually Being Trusted? 31
Trust Based on Authority 33
Trusting Individuals 37
Trusting Ourselves 37
Trusting Others 41
Trust, But Verify 43
Attacks from Within 43
The Dangers of Anthropomorphism 45
Identifying the Real Trustee 47
Chapter 3 Trust Operations and Alternatives 53
Trust Actors, Operations, and Components 53
Reputation, Transitive Trust, and Distributed Trust 59
Agency and Intentionality 62
Alternatives to Trust 65
Legal Contracts 65
Enforcement 66
Verification 67
Assurance and Accountability 67
Trust of Non-Human or Non-Adult Actors 68
Expressions of Trust 69
Relating Trust and Security 75
Misplaced Trust 75
Chapter 4 Defining Trust in Computing 79
A Survey of Trust Definitions in Computer Systems 79
Other Definitions of Trust within Computing 84
Applying Socio-Philosophical Definitions of Trust to Systems 86
Mathematics and Trust 87
Mathematics and Cryptography 87
Mathematics and Formal Verification 89
Chapter 5 The Importance of Systems 93
System Design 93
The Network Stack 94
Linux Layers 96
Virtualisation and Containers: Cloud Stacks 97
Other Axes of System Design 99
“Trusted” Systems 99
Trust Within the Network Stack 101
Trust in Linux Layers 102
Trust in Cloud Stacks 103
Hardware Root of Trust 106
Cryptographic Hash Functions 110
Measured Boot and Trusted Boot 112
Certificate Authorities 114
Internet Certificate Authorities 115
Local Certificate Authorities 116
Root Certificates as Trust Pivots 119
The Temptations of “Zero Trust” 122
The Importance of Systems 125
Isolation 125
Contexts 127
Worked Example: Purchasing Whisky 128
Actors, Organisations, and Systems 129
Stepping Through the Transaction 130
Attacks and Vulnerabilities 134
Trust Relationships and Agency 136
Agency 136
Trust Relationships 137
The Importance of Being Explicit 145
Explicit Actions 145
Explicit Actors 149
Chapter 6 Blockchain and Trust 151
Bitcoin and Other Blockchains 151
Permissioned Blockchains 152
Trust without Blockchains 153
Blockchain Promoting Trust 154
Permissionless Blockchains and Cryptocurrencies 156
Chapter 7 The Importance of Time 161
Decay of Trust 161
Decay of Trust and Lifecycle 163
Software Lifecycle 168
Trust Anchors, Trust Pivots, and the Supply Chain 169
Types of Trust Anchors 170
Monitoring and Time 171
Attestation 173
The Problem of Measurement 174
The Problem of Run Time 176
Trusted Computing Base 177
Component Choice and Trust 178
Reputation Systems and Trust 181
Chapter 8 Systems and Trust 185
System Components 185
Explicit Behaviour 188
Defining Explicit Trust 189
Dangers of Automated Trust Relationships 192
Time and Systems 194
Defining System Boundaries 198
Trust and a Complex System 199
Isolation and Virtualisation 202
The Stack and Time 205
Beyond Virtual Machines 205
Hardware-Based
Type 3 Isolation 207
Chapter 9 Open Source and Trust 211
Distributed Trust 211
How Open Source Relates to Trust 214
Community and Projects 215
Projects and the Personal 217
Open Source Process 219
Trusting the Project 220
Trusting the Software 222
Contents xiii
xiv Contents
Supply Chain and Products 226
Open Source and Security 229
Chapter 10 Trust, the Cloud, and the Edge 233
Deployment Model Differences 235
What Host Systems Offer 237
What Tenants Need 237
Mutually Adversarial Computing 240
Mitigations and Their Efficacy 243
Commercial Mitigations 243
Architectural Mitigations 244
Technical Mitigations 246
Chapter 11 Hardware, Trust, and Confidential Computing 247
Properties of Hardware and Trust 248
Isolation 248
Roots of Trust 249
Physical Compromise 253
Confidential Computing 256
TEE TCBs in detail 261
Trust Relationships and TEEs 266
How Execution Can Go Wrong—and Mitigations 269
Minimum Numbers of Trustees 276
Explicit Trust Models for TEE Deployments 278
Chapter 12 Trust Domains 281
The Composition of Trust Domains 284
Trust Domains in a Bank 284
Trust Domains in a Distributed Architecture 288
Trust Domain Primitives and Boundaries 292
Trust Domain Primitives 292
Trust Domains and Policy 293
Other Trust Domain Primitives 296
Boundaries 297
Centralisation of Control and Policies 298
Chapter 13 A World of Explicit Trust 301
Tools for Trust 301
The Role of the Architect 303
Architecting the System 304
The Architect and the Trustee 305
Coda 307
References 309
Index 321
