Trusted computing: an elusive goal
Michael, James Bret
MetadataShow full item record
Storing, processing, and transmitting data in cyberspace always assumes risk: there’s no such thing as perfect security. However, one would think that enormous security breaches - of which Sony experienced two in a four-year period - would decline in frequency as awareness of the risk factors increases, engineering knowledge and best practices become more sophisticated, and commercial security products and services mature. But this isn’t the case. In addition to cyberattacks, we’ve witnessed the discovery of exploitable design flaws in widely used tools, such as the Unix Bash shell’s long-overlooked Shell-shock vulnerabilities. Such vulnerabilities shouldn’t be surprising. In his Turing Award acceptance speech, “Reflections on Trusting Trust,” programming pioneer and Unix creator Ken Thompson stated that “you can’t trust code that you did not totally create yourself,” and demonstrated the difficulty of detecting whether a C compiler contains a Trojan horse. Bootstrapping trust in hard.
The article of record as published may be found at http://dx.doi.org/10.J.B.1109/MC.2015.90