Mike Bursell - Trust in Computer Systems and the Cloud

1 Cover

2 Praise for Trust in Computer Systems and the Cloud Praise for Trust in Computer Systems and the Cloud “The problem is that when you use the word trust, people think they know what you mean. It turns out that they almost never do.” With this singular statement, Bursell has defined both the premise and the value he expounds in this insightful treatise spanning the fundamentals and complexities of digital trust. Operationalizing trust is foundational to effective human and machine digital relationships, with Bursell leading the reader on a purposeful journey expressing and consuming elements of digital trust across current and future-relevant data lifecycles. —Kurt Roemer, Chief Security Strategist and Office of the CTO, Citrix Trust is a matter of context. Specifically, “context” is one of the words most repeated in this book, and I must say that its use is justified in all cases. Not only is the meaning of trust analysed in all possible contexts, including some essential philosophical and psychological foundations, but the concept is also applied to all possible ICT contexts, from basic processor instructions to cloud and edge infrastructures; and different trust frameworks are explored, from hierarchical (CAs) to distributed (DLTs) approaches. A must-read book to understand how one of the bases of human civilization can and must be applied in the digital world. —Dr. Diego R. Lopez, Head of Technology Exploration, Telefónica and Chair of ETSI blockchain initiative As we have moved to the digital society, appreciating what and what not to trust is paramount if you use computer systems and/or the cloud. You will be well prepared when you have read this book. —Professor Peter Landrock, D.Sc. (hon), Founder of Cryptomathic Trust is a complex and important concept in network security. Bursell neatly unpacks it in this detailed and readable book. —Bruce Schneier, author of Liars and Outliers: Enabling the Trust that Society Needs to Thrive This book needs to be on every technologist's and engineer's bookshelf. Combining storytelling and technology, Bursell has shared with all of us the knowledge we need to build trust and security in cloud computing environments. —Steve Kolombaris - CISO & Cyber Security Leader with 20+ years experience. Formerly Apple, JP Morgan Chase, Bank of America.

3 Title Page Trust in Computer Systems and the Cloud Mike Bursell

4 Introduction Notes

5 CHAPTER 1: Why Trust? Analysing Our Trust Statements What Is Trust? What Is Agency? Trust and Security Trust as a Way for Humans to Manage Risk Risk, Trust, and Computing Notes

6 CHAPTER 2: Humans and Trust The Role of Monitoring and Reporting in Creating Trust Game Theory Institutional Trust Trust Based on Authority Trusting Individuals The Dangers of Anthropomorphism Identifying the Real Trustee Notes

7 CHAPTER 3: Trust Operations and Alternatives Trust Actors, Operations, and Components Assurance and Accountability Notes

8 CHAPTER 4: Defining Trust in Computing A Survey of Trust Definitions in Computer Systems Applying Socio-Philosophical Definitions of Trust to Systems Notes

9 CHAPTER 5: The Importance of Systems System Design “Trusted” Systems Hardware Root of Trust The Importance of Systems Worked Example: Purchasing Whisky The Importance of Being Explicit Notes

10 CHAPTER 6: Blockchain and Trust Bitcoin and Other Blockchains Permissioned Blockchains Permissionless Blockchains and Cryptocurrencies Notes

11 CHAPTER 7: The Importance of Time Decay of Trust Trusted Computing Base Notes

12 CHAPTER 8: Systems and Trust System Components Explicit Behaviour Time and Systems Defining System Boundaries Notes

13 CHAPTER 9: Open Source and Trust Distributed Trust How Open Source Relates to Trust Notes

14 CHAPTER 10: Trust, the Cloud, and the Edge Deployment Model Differences Mutually Adversarial Computing Mitigations and Their Efficacy Notes

15 CHAPTER 11: Hardware, Trust, and Confidential Computing Properties of Hardware and Trust Physical Compromise Confidential Computing Notes

16 CHAPTER 12: Trust Domains The Composition of Trust Domains Trust Domain Primitives and Boundaries Notes

17 CHAPTER 13: A World of Explicit Trust Tools for Trust The Role of the Architect Coda Note

18 References

19 Index

20 Copyright

21 Dedication

22 About the Author

23 About the Technical Editor

24 Acknowledgements

25 End User License Agreement

1 Chapter 5Table 5.1: Trust from Internet layer to Link layer in the IP suiteTable 5.2: Trust from the bash shell to the login programTable 5.3: Trust from kernel to hypervisorTable 5.4: Trust from hypervisor to kernelTable 5.5: Trust relationship from web browser to laptop systemTable 5.6: Trust relationship from laptop to DNS serverTable 5.7: Trust relationship from web browser to web serverTable 5.8: Trust relationships from web browser to laptop systemTable 5.9: Trust relationship from web browser to web serverTable 5.10: Trust relationship from web browser to web serverTable 5.11: Trust relationship from web browser to web serverTable 5.12: Trust relationship from web server to web browserTable 5.13: Trust relationship from web browser to laptop systemTable 5.14: Trust relationship from web browser to web clientTable 5.15: Trust relationship from web browser to laptop systemTable 5.16: Trust relationship from web browser to web serverTable 5.17: Trust relationship from web server to host systemTable 5.18: Trust relationship from web server to host systemTable 5.19: Trust relationship from web server to acquiring bankTable 5.20: Trust relationship from web server to web browser

2 Chapter 6Table 6.1: Shipping company trust relationship without blockchain systemTable 6.2: Shipping company trust relationship with blockchain system

3 Chapter 8Table 8.1: Trust offer from a service providerTable 8.2: Trust requirements from a service consumerTable 8.3: Trust from server to logging service regarding time stamps

4 Chapter 9Table 9.1: Trust from software consumer to software vendor

5 Chapter 10Table 10.1: A comparison of cloud and Edge computingTable 10.2: Host system criteria for cloud and Edge computing environments

6 Chapter 11Table 11.1: Examples of physical system attacksTable 11.2: Trust and data in transitTable 11.3: Trust and data at restTable 11.4: Trust and data in useTable 11.5: Comparison of data protection techniques

7 Chapter 12Table 12.1: Examples of policies in trust domains

8 Chapter 13Table 13.1: Example of a trust table

1 Chapter 3 Figure 3.1a: Transitive trust (direct). Figure 3.1b: Transitive trust (by referral). Figure 3.2: Chain of trust. Figure 3.3: Distributed trust to multiple entities with weak relationships.... Figure 3.4: Distributed trust with a single, stronger relationship. A set of... Figure 3.5: Trust domains. Figure 3.6: Reputation: collecting information. Figure 3.7: Reputation: gathering information from multiple endorsing author... Figure 3.8: Forming a trust relationship to the trustee, having gathered inf...Figure 3.9: Deploying a workload to a public or private cloud.

2 Chapter 4Figure 4.1a: Trying to establish a new trust context with the same trustee....Figure 4.1b: A circular trust relationship.

3 Chapter 5Figure 5.1: Internet Protocol suite layers.Figure 5.2: OSI layers.Figure 5.3: Linux layering.Figure 5.4: Linux virtualisation stack.Figure 5.5: Linux container stack.Figure 5.6: A Simple Cloud Virtualisation Stack.Figure 5.7: Trust pivot—initial state.Figure 5.8: Trust pivot—processing.Figure 5.9: Trust pivot—complete.

4 Chapter 8Figure 8.1: External time source.Figure 8.2: Time as a new trust context.Figure 8.3: Linux virtualisation stack.Figure 8.4: Virtualisation stack (complex version).Figure 8.5: Host and two workloads.Figure 8.6: Isolation type 1—workload from workload.Figure 8.7: Isolation type 2—host from workload.Figure 8.8: Isolation type 3—workload from host.