Trusted computing: an elusive goal
Loading...
Authors
Michael, James Bret
Subjects
Advisors
Date of Issue
2015
Date
Publisher
IEEE
Language
Abstract
Storing, processing, and transmitting data in cyberspace always assumes risk: there’s no such
thing as perfect security. However, one would think that enormous security breaches - of
which Sony experienced two in a four-year period - would decline in frequency as awareness of the
risk factors increases, engineering knowledge and best practices become more sophisticated, and
commercial security products and services mature. But this isn’t the case.
In addition to cyberattacks, we’ve witnessed the discovery of exploitable design flaws in widely
used tools, such as the Unix Bash shell’s long-overlooked Shell-shock vulnerabilities. Such
vulnerabilities shouldn’t be surprising. In his Turing Award acceptance speech, “Reflections on
Trusting Trust,” programming pioneer and Unix creator Ken Thompson stated that “you can’t trust
code that you did not totally create yourself,” and demonstrated the difficulty of detecting
whether a C compiler contains a Trojan horse. Bootstrapping trust in hard.
Type
Article
Description
The article of record as published may be found at http://dx.doi.org/10.J.B.1109/MC.2015.90
Series/Report No
Department
Electrical and Computer Engineering
Organization
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
Sponsors
Funder
Format
3 p.
Citation
J.B. Michael, "Trusted computing: an elusive goal," Computer, v.48:no.3 (March 2015), pp. 99-101.
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.