Introduction xv
Chapter 1 Why Trust? 1Analysing Our Trust Statements 4
What Is Trust? 5
What Is Agency? 8
Trust and Security 10
Trust as a Way for Humans to Manage Risk 13
Risk, Trust, and Computing 15
Defining Trust in Systems 15
Defining Correctness in System Behaviour 17
Chapter 2 Humans and Trust 19The Role of Monitoring and Reporting in Creating Trust 21
Game Theory 24
The Prisoner's Dilemma 24
Reputation and Generalised Trust 27
Institutional Trust 28
Theories of Institutional Trust 29
Who Is Actually Being Trusted? 31
Trust Based on Authority 33
Trusting Individuals 37
Trusting Ourselves 37
Trusting Others 41
Trust, But Verify 43
Attacks from Within 43
The Dangers of Anthropomorphism 45
Identifying the Real Trustee 47
Chapter 3 Trust Operations and Alternatives 53Trust Actors, Operations, and Components 53
Reputation, Transitive Trust, and Distributed Trust 59
Agency and Intentionality 62
Alternatives to Trust 65
Legal Contracts 65
Enforcement 66
Verification 67
Assurance and Accountability 67
Trust of Non-Human or Non-Adult Actors 68
Expressions of Trust 69
Relating Trust and Security 75
Misplaced Trust 75
Chapter 4 Defining Trust in Computing 79A Survey of Trust Definitions in Computer Systems 79
Other Definitions of Trust within Computing 84
Applying Socio-Philosophical Definitions of Trust to Systems 86
Mathematics and Trust 87
Mathematics and Cryptography 87
Mathematics and Formal Verification 89
Chapter 5 The Importance of Systems 93System Design 93
The Network Stack 94
Linux Layers 96
Virtualisation and Containers: Cloud Stacks 97
Other Axes of System Design 99
"Trusted" Systems 99
Trust Within the Network Stack 101
Trust in Linux Layers 102
Trust in Cloud Stacks 103
Hardware Root of Trust 106
Cryptographic Hash Functions 110
Measured Boot and Trusted Boot 112
Certificate Authorities 114
Internet Certificate Authorities 115
Local Certificate Authorities 116
Root Certificates as Trust Pivots 119
The Temptations of "Zero Trust" 122
The Importance of Systems 125
Isolation 125
Contexts 127
Worked Example: Purchasing Whisky 128
Actors, Organisations, and Systems 129
Stepping Through the Transaction 130
Attacks and Vulnerabilities 134
Trust Relationships and Agency 136
Agency 136
Trust Relationships 137
The Importance of Being Explicit 145
Explicit Actions 145
Explicit Actors 149
Chapter 6 Blockchain and Trust 151Bitcoin and Other Blockchains 151
Permissioned Blockchains 152
Trust without Blockchains 153
Blockchain Promoting Trust 154
Permissionless Blockchains and Cryptocurrencies 156
Chapter 7 The Importance of Time 161Decay of Trust 161
Decay of Trust and Lifecycle 163
Software Lifecycle 168
Trust Anchors, Trust Pivots, and the Supply Chain 169
Types of Trust Anchors 170
Monitoring and Time 171
Attestation 173
The Problem of Measurement 174
The Problem of Run Time 176
Trusted Computing Base 177
Component Choice and Trust 178
Reputation Systems and Trust 181
Chapter 8 Systems and Trust 185System Components 185
Explicit Behaviour 188
Defining Explicit Trust 189
Dangers of Automated Trust Relationships 192
Time and Systems 194
Defining System Boundaries 198
Trust and a Complex System 199
Isolation and Virtualisation 202
The Stack and Time 205
Beyond Virtual Machines 205
Hardware-Based
Type 3 Isolation 207
Chapter 9 Open Source and Trust 211Distributed Trust 211
How Open Source Relates to Trust 214
Community and Projects 215
Projects and the Personal 217
Open Source Process 219
Trusting the Project 220
Trusting the Software 222
Contents xiii xiv ContentsSupply Chain and Products 226
Open Source and Security 229
Chapter 10 Trust, the Cloud, and the Edge 233Deployment Model Differences 235
What Host Systems Offer 237
What Tenants Need 237
Mutually Adversarial Computing 240
Mitigations and Their Efficacy 243
Commercial Mitigations 243
Architectural Mitigations 244
Technical Mitigations 246
Chapter 11 Hardware, Trust, and Confidential Computing 247Properties of Hardware and Trust 248
Isolation 248
Roots of Trust 249
Physical Compromise 253
Confidential Computing 256
TEE TCBs in detail 261
Trust Relationships and TEEs 266
How Execution Can Go Wrong-and Mitigations 269
Minimum Numbers of Trustees 276
Explicit Trust Models for TEE Deployments 278
Chapter 12 Trust Domains 281The Composition of Trust Domains 284
Trust Domains in a Bank 284
Trust Domains in a Distributed Architecture 288
Trust Domain Primitives and Boundaries 292
Trust Domain Primitives 292
Trust Domains and Policy 293
Other Trust Domain Primitives 296
Boundaries 297
Centralisation of Control and Policies 298
Chapter 13 A World of Explicit Trust 301Tools for Trust 301
The Role of the Architect 303
Architecting the System 304
The Architect and the Trustee 305
Coda 307
References 309
Index 321
MIKE BURSELL is CEO and co-founder of Profian, a Confidential Computing company. He holds multiple security patents, is a sought-after speaker at global technology conferences, and has contributed to major reports and security specifications for the European Telecommunications Standards Institute.
![]() |
Ask a Question About this Product More... |
![]() |