Trust in Computer Systems and the Cloud

Cover
Title Page
Copyright Page
About the Author
About the Technical Editor
Acknowledgements
Contents at a Glance
Contents
Introduction
Chapter 1 Why Trust?
	Analysing Our Trust Statements
	What Is Trust?
	What Is Agency?
	Trust and Security
	Trust as a Way for Humans to Manage Risk
	Risk, Trust, and Computing
		Defining Trust in Systems
		Defining Correctness in System Behaviour
Chapter 2 Humans and Trust
	The Role of Monitoring and Reporting in Creating Trust
	Game Theory
		The Prisoner’s Dilemma
		Reputation and Generalised Trust
	Institutional Trust
		Theories of Institutional Trust
		Who Is Actually Being Trusted?
	Trust Based on Authority
	Trusting Individuals
		Trusting Ourselves
		Trusting Others
			Trust, But Verify
			Attacks from Within
	The Dangers of Anthropomorphism
	Identifying the Real Trustee
Chapter 3 Trust Operations and Alternatives
	Trust Actors, Operations, and Components
		Reputation, Transitive Trust, and Distributed Trust
		Agency and Intentionality
		Alternatives to Trust
			Legal Contracts
			Enforcement
			Verification
	Assurance and Accountability
		Trust of Non-Human or Non-Adult Actors
		Expressions of Trust
		Relating Trust and Security
		Misplaced Trust
Chapter 4 Defining Trust in Computing
	A Survey of Trust Definitions in Computer Systems
		Other Definitions of Trust within Computing
	Applying Socio-Philosophical Definitions of Trust to Systems
		Mathematics and Trust
			Mathematics and Cryptography
		Mathematics and Formal Verification
Chapter 5 The Importance of Systems
	System Design
		The Network Stack
		Linux Layers
		Virtualisation and Containers: Cloud Stacks
		Other Axes of System Design
	“Trusted” Systems
		Trust Within the Network Stack
		Trust in Linux Layers
		Trust in Cloud Stacks
	Hardware Root of Trust
		Cryptographic Hash Functions
		Measured Boot and Trusted Boot
		Certificate Authorities
			Internet Certificate Authorities
			Local Certificate Authorities
			Root Certificates as Trust Pivots
		The Temptations of “Zero Trust”
	The Importance of Systems
		Isolation
		Contexts
	Worked Example: Purchasing Whisky
		Actors, Organisations, and Systems
		Stepping Through the Transaction
			Attacks and Vulnerabilities
		Trust Relationships and Agency
			Agency
			Trust Relationships
	The Importance of Being Explicit
		Explicit Actions
		Explicit Actors
Chapter 6 Blockchain and Trust
	Bitcoin and Other Blockchains
	Permissioned Blockchains
		Trust without Blockchains
		Blockchain Promoting Trust
	Permissionless Blockchains and Cryptocurrencies
Chapter 7 The Importance of Time
	Decay of Trust
		Decay of Trust and Lifecycle
		Software Lifecycle
			Trust Anchors, Trust Pivots, and the Supply Chain
			Types of Trust Anchors
		Monitoring and Time
		Attestation
			The Problem of Measurement
			The Problem of Run Time
	Trusted Computing Base
		Component Choice and Trust
		Reputation Systems and Trust
Chapter 8 Systems and Trust
	System Components
	Explicit Behaviour
		Defining Explicit Trust
		Dangers of Automated Trust Relationships
	Time and Systems
	Defining System Boundaries
		Trust and a Complex System
		Isolation and Virtualisation
		The Stack and Time
		Beyond Virtual Machines
		Hardware-Based Type 3 Isolation
Chapter 9 Open Source and Trust
	Distributed Trust
	How Open Source Relates to Trust
		Community and Projects
			Projects and the Personal
		Open Source Process
			Trusting the Project
			Trusting the Software
		Supply Chain and Products
		Open Source and Security
Chapter 10 Trust, the Cloud, and the Edge
	Deployment Model Differences
		What Host Systems Offer
		What Tenants Need
	Mutually Adversarial Computing
	Mitigations and Their Efficacy
		Commercial Mitigations
		Architectural Mitigations
		Technical Mitigations
Chapter 11 Hardware, Trust, and Confidential Computing
	Properties of Hardware and Trust
		Isolation
		Roots of Trust
	Physical Compromise
	Confidential Computing
		TEE TCBs in detail
			Trust Relationships and TEEs
			How Execution Can Go Wrong—and Mitigations
			Minimum Numbers of Trustees
		Explicit Trust Models for TEE Deployments
Chapter 12 Trust Domains
	The Composition of Trust Domains
		Trust Domains in a Bank
		Trust Domains in a Distributed Architecture
	Trust Domain Primitives and Boundaries
		Trust Domain Primitives
			Trust Domains and Policy
			Other Trust Domain Primitives
		Boundaries
		Centralisation of Control and Policies
Chapter 13 A World of Explicit Trust
	Tools for Trust
	The Role of the Architect
		Architecting the System
		The Architect and the Trustee
	Coda
References
Index
EULA