Trusting Untrusted Computers (Part 1)

By Dr. Taher Elgamal, Guest Author

[SM: Readers have read my interview series with Taher earlier. It is my pleasure to welcome this Security industry thought leader to shed some light on the past, present and future of Security.]

It is one of our biggest dilemmas in modern computing: can we trust running our lives on the current suite of computing hardware and software even though it is essentially untrustworthy?

This series of articles will shed some light on this question and provide guidance for short-, medium- and long-term ideas and strategies to handle the current situation. It is ironic that the technical community always talks about how vulnerable computers are but remains focused on after-the-fact mitigation strategies. In this article, I draw parallels between the trustworthiness of today’s computing environment and our long experience in establishing trust in the physical world.

Picture yourself as the leader of a group of people, some of whom you trust (to some degree) and some of whom you don’t. Your objective is to provide a high level of overall trust in the group as a whole. Here are a few steps (mental as well as operational) you might go through to achieve your goal:

1. Convince yourself that total and ultimate trust is not attainable.
2. Understand, to some extent, the level of trust you have in each individual — and perhaps also in some groups of individuals.
3. Set limits to how much you would depend on one source of information vs. multiple sources.
4. Establish a mechanism to verify the information given by one source through others.
5. Understand that it is not typically the case that individuals know how their information is being verified.

Now, consider the situation we face in trusting computing devices and applications. A single device or application would never be trusted unconditionally since, at minimum, it is susceptible to human error. In today’s language, getting around this problem means deploying monitoring devices that independently make sure that the primary devices, networks, and applications are performing according to their requirements. It is interesting to note that no new technologies, products or services are really needed here; it is only the intent to deploy these existing products correctly that can greatly increase the trust one has in their overall implementation. This is the short-term strategy I referred to at the beginning of the piece. Medium- and long-term strategies will be discussed in subsequent articles.

This segment is part 1 in the series : Trusting Untrusted Computers
1 2 3 4