RE: Transitive Trust: 40 million credit cards hack'd

["Brian Loe" <knobdy () stjoelive com>]

trust   n. 
1) Firm reliance on the integrity, ability, or character of a person or
thing. 
2) Custody; care. 
3) Something committed into the care of another; charge. 

trust.wor.thy adj.
1) Warranting trust; reliable. 


This to avoid arguments on semantics. Reading these it seems that "trust" is
an absolute and "trustworthiness" is subjective.

Applying that to some of the systems I have been charged with administering
(and all thought on this subject is new too me - how unfortunate, eh?), they
considered all systems required to talk to it as trustworthy. Various
systems REQUIRED a certain level of access to do the job, so it was given.
This trustworthiness is static. If something changed on the trustworthy
system, the trusting system has no way of knowing about it and therefore it
never re-evaluated the trustworthiness - then again, it couldn't because the
decision wasn't for the system to make, but the administrator, and the
administrator's bosses. The level of trust would not change unless and if
the trustworthy system was found to be compromised, and then it would be too
late for the trusting system as well because each step required human
input/output (with all of the intangibles involved, like ego and laziness).

Aren't there already models out there that fix this? That place a stage of
authentication and verification between each, or every other, transaction?

(I'm thinking authentication is very different from verification.
Authentication = I'm the system I say I am; Verification = my code is the
code it's supposed to be. As sort of discussed in Marcus' reference.)


I'm just trying to understand all of this better.

<snip> 
> Here I get to channel for Peter (since he doesn't follow this 
> list) Do you mean Trust or Trustworthiness?
>
> Trust is transitive. Trustworthiness is altogether a 
> different proposition.
<snip>

> > There has recently been
> > some theoretical work on trust algebras (see 
> > http://security.polito.it/cms2003/Program/Roessler13/1Roessle
> r.pdf or 
> > http://security.dstc.edu.au/staff/ajosang/papers/algcert.pdf for 
> > example) but little of it has filtered into actual practice.
>
> Cool.. Reading now...  Looks like their perspective is that 
> Trust and Trustworthiness are a matter of degree. I think 
> that's a terminology issue, but I'm kinda sticking with 
> "Trust" as a platonic ideal - the absolute, uber-Trust 100% 
> Good Stuff. Everything else is "acceptable risk"
>
> Y'know it occurs to me that one metric by which we might be 
> able to tell that "computer science" and computer security 
> have matured somewhat as a field is the eventual acceptance 
> of a body of classical knowledge that a practitioner must be 
> familiar with, in order to avoid being laughed at. Other than 
> Denning and Cheswick/Bellovin/Rubin and maybe Schneier I'm 
> coming up dry. Hmmm...
<snip>


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards