Trusted computing: an elusive goal

Loading...
Thumbnail Image
Authors
Michael, James Bret
Subjects
Advisors
Date of Issue
2015
Date
Publisher
IEEE
Language
Abstract
Storing, processing, and transmitting data in cyberspace always assumes risk: there’s no such thing as perfect security. However, one would think that enormous security breaches - of which Sony experienced two in a four-year period - would decline in frequency as awareness of the risk factors increases, engineering knowledge and best practices become more sophisticated, and commercial security products and services mature. But this isn’t the case. In addition to cyberattacks, we’ve witnessed the discovery of exploitable design flaws in widely used tools, such as the Unix Bash shell’s long-overlooked Shell-shock vulnerabilities. Such vulnerabilities shouldn’t be surprising. In his Turing Award acceptance speech, “Reflections on Trusting Trust,” programming pioneer and Unix creator Ken Thompson stated that “you can’t trust code that you did not totally create yourself,” and demonstrated the difficulty of detecting whether a C compiler contains a Trojan horse. Bootstrapping trust in hard.
Type
Article
Description
The article of record as published may be found at http://dx.doi.org/10.J.B.1109/MC.2015.90
Series/Report No
Department
Electrical and Computer Engineering
Organization
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
Sponsors
Funder
Format
3 p.
Citation
J.B. Michael, "Trusted computing: an elusive goal," Computer, v.48:no.3 (March 2015), pp. 99-101.
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections