Trusting Users to Undo Themselves

Tuesday, October 23, 2012 @ 03:10 PM gHale


By Nicholas Sheble
“We’ll never be able to trust commodity computer systems because there will always be bugs and security vulnerabilities. As well, with the rapid innovation in IT, we’re perpetually out of date,” said Virgil Gligor.

“You’ll never know what’s in your system,” said Gligor, who gave the keynote address at last week’s 2012 ACM (Association for Computing Machinery) Conference on Computer & Communications Security in Raleigh, NC.

RELATED STORIES
Trust Drives Opportunity
Firewall Costs; Hidden Costs
ICS, SCADA Myth: Protection by Firewalls
ISASecure Means More Security

His talk, entitled, “On the Foundations of Trust in Networks of Humans and Computers,” focused on computational trust and human behavioral trust.

Gligor ran a graphic during his presentation of threats detected by Microsoft’s Malicious Software Removal Tool (MSRT) to illustrate the importance that human trust has in the propagation of malware in computer systems worldwide.

He sees the 44.8% in the bar chart below as some abuse of human trust. Which is to say, the user was somehow tricked into installing malware on his or her own machine.

Malware propagation methods.


Gligor envisions security research that would enable and promote trust-enhancement infrastructures in human and computer networks – trust networks that exploit established social relations.

He’s of the persuasion a general theory of trust in networks of humans and computers must coalesce from both a theory of behavioral trust and a theory of computational trust. He cites increased participation of people in online social networking, crowd sourcing, human computation, and socio-economic protocols as motivation for such a theory.

Gligor spoke of the interactive trust protocols (ITP) that advance his “foundations of trust.” ITPs are protocols that help authenticate attributes of unknown parties, services, and software in a safe manner.

Gligor is a professor of Electrical and Computer Engineering at Carnegie Mellon University. He has researched access control mechanisms, penetration analysis, denial-of-service protection, cryptographic protocols, and applied cryptography.
Nicholas Sheble (nsheble@isssource.com) is an engineering writer and technical editor in Raleigh, NC.



Leave a Reply

You must be logged in to post a comment.