The Search for Trust Evidence
Trust Evidence addresses the problem of how devices or systems should mutually assess trustworthiness at the onset and during interaction. Approaches to Trust Evidence can be used to assess risk, for example, facilitating the choice of threat posture as d
- PDF / 383,280 Bytes
- 12 Pages / 439.37 x 666.14 pts Page_size
- 35 Downloads / 180 Views
)
Intel Corporation, Chandler, AZ, USA {david.e.ott,claire.vishik,david.grawrock,anand.rajan}@intel.com
Abstract. Trust Evidence addresses the problem of how devices or systems should mutually assess trustworthiness at the onset and during interaction. Approaches to Trust Evidence can be used to assess risk, for example, facilitating the choice of threat posture as devices interact within the context of a smart city. Trust Evidence may augment authentication schemes by adding information about a device and its operational context. In this paper, we discuss Intel’s 3-year collaboration with university researchers on approaches to Trust Evidence. This collaboration included an exploratory phase that looked at several formulations of Trust Evidence in varied contexts. A follow-up phase looked more specifically at Trust Evidence in software runtime environments, and whether techniques could be developed to generate information on correct execution. We describe various research results associated with two key avenues of investigation, programming language extensions for numerical Trust Evidence and an innova‐ tive protected module architecture. We close with reflections on industry-univer‐ sity researcher collaborations and several suggestions for enabling success.
1
Introduction: The Problem of Trust Evidence
As the number and diversity of computing devices continues to grow at a rapid pace, there is a need to develop more sophisticated frameworks for establishing trust between interacting devices. Consider, for example, a set of Internet of Things (IoT) devices in the context of a smart city. Devices under the control of a user may wish to connect with peer devices offering information or other services. Likewise, service devices are designed to connect with user devices, either peer-to-peer, directly, or through a gateway. In general, user devices are frequently heterogeneous and the context of inter‐ action is dynamic. For example, mobility may enable a large number of devices to interact in passing as users come and go. Authentication is one means by which interacting systems may establish a trust‐ worthy relationship. By exchanging private information using a secure communication protocol, a service device may identify a client device (and/or its user) in order to estab‐ lish trust. Similarly, a client device may use digital certificates or another means to identify the service and establish trust with the service device. Cryptographic or trusted computing methods may be employed to ensure the identification process is robust against man-in-the-middle attacks, spoofing attacks, and other threats to the mutual identification process. Our reliance on authentication, however, is not without its problems. While authen‐ tication approaches may reliably establish the identity of a system and/or its user, they © Springer International Publishing Switzerland 2016 K. Haltinner et al. (Eds.): CSS 2015, CCIS 589, pp. 34–45, 2016. DOI: 10.1007/978-3-319-28313-5_3
The Search for Trust Evidence
35
fail to assess whether the sys
Data Loading...
