Home > Articles > Security > Network Security

  • Print
  • + Share This
Like this article? We recommend

Trust: A Complex Notion

Pinning down the meanings of many words is difficult. Trust is particularly tricky because it's not a simple notion. Typically, we think in terms of entity A trusting entity B for something, which is complex for the following reasons, among others:

  • Not always transitive. If A trusts B and B vouches for C, does A trust C in this case? In other words, is trust a transitive notion? The answer is not always, although it can be transitive under specific circumstances.

  • Dynamic. Trust is dynamic rather than static; there can be differing phases in a relationship, such as building trust, ongoing trust (a stable relationship), and declining trust. Trust can be lost quickly.

  • Varying degree and scope. Trust levels differ both in the sense of varying degree and scope of trust: Entities typically trust—or don't trust—each other to fulfill selected obligations or for a particular purpose, rather than for everything. On the other hand, trust in certain areas can transfer to more general trust, as shown by major brands having an advantage when moving into new areas of business.

It's useful to have a succinct definition of trust if at all possible, however, particularly if you're claiming to provide an increased level of trust in something.

When "trust" is applied in an online business context, these facets include the following:

  • A technological basis—that's the main concern of this article.

  • A contractual side—including both laws and underwriting or contracts.

  • Customers' image—built up via previous interactions with a company, brand image, publicity, and so on.

Trust in Technology: Delegation of Trust

It's very probable that some dictionary definitions of trust will mention law, and this is no accident. Indeed, one reason why trust is necessary is because we don't have the resources on a personal level to analyze all the information that we need during our working life. Therefore, as societies become more advanced, such delegation increasingly requires trust in functional authorities and institutions, particularly in the area of knowledge (and technology).

As far as the technological basis of trust is concerned, people can't always be expected to work things out for themselves, particularly when technology is involved. They'll look somewhere else for an example—for example, a consumers' association or role models. Because of a lack of information and time, together with the huge complexity of IT security, it's impossible for users of IT products to identify the level of security offered by individual products. They need to rely upon a product being assessed accurately by experts through evaluation and certification procedures, such as using criteria catalogues. Such criteria catalogues are widely used; for example, the "orange book," ITSEC, Common Criteria in ISO/IEC. I'll explain later how delegation of trust can be used in order to enable you to trust your computer.

Trusted Platforms

A Trusted Platform in the latest jargon is a computing device that has a trusted component, probably in the form of built-in hardware, and uses this to create a foundation of trust for software processes. The computing platforms specified in the Trusted Computing Platform Alliance (TCPA) specification are one such type of Trusted Platform. (For further information about the TCPA specification and its use, see http://www.trustedcomputing.org/.)

TCPA Trusted Platforms are designed to provide enhanced identification and data storage and to maintain user privacy. Another central feature is that they have mechanisms that provide information about their software state with a high level of assurance, so that you can decide whether to trust a platform's behavior for your intended purpose. In particular, you can judge whether it's safe to use the platform for sensitive processing. The information can be made available over the Internet to anyone who wants to interact with the platform. These trust mechanisms are a new feature of TCPA Trusted Platforms, and I'll describe below how they work.

  • + Share This
  • 🔖 Save To Your Account