Learn to analyze and measure risk by exploring the nature of trust and its application to cybersecurity  Trust in Computer Systems and the Cloud delivers an insightful and practical new take on what it means to trust in the context of computer and network security and the impact on the emerging field of Confidential Computing. Author Mike Bursell’s experience, ranging from Chief Security Architect at Red Hat to CEO at a Confidential Computing start-up grounds the reader in fundamental concepts of trust and related ideas before discussing the more sophisticated applications of these concepts to various areas in computing.  The book demonstrates in the importance of understanding and quantifying risk and draws on the social and computer sciences to explain hardware and software security, complex systems, and open source communities. It takes a detailed look at the impact of Confidential Computing on security, trust and risk and also describes the emerging concept of trust domains, which provide an alternative to standard layered security.  Foundational definitions of trust from sociology and other social sciences, how they evolved, and what modern concepts of trust mean to computer professionals  A comprehensive examination of the importance of systems, from open-source communities to HSMs, TPMs, and Confidential Computing with TEEs.  A thorough exploration of trust domains, including explorations of communities of practice, the centralization of control and policies, and monitoring  Perfect for security architects at the CISSP level or higher, Trust in Computer Systems and the Cloud is also an indispensable addition to the libraries of system architects, security system engineers, and master’s students in software architecture and security. 

Table of Contents:
Introduction xv Chapter 1 Why Trust? 1 Analysing Our Trust Statements 4 What Is Trust? 5 What Is Agency? 8 Trust and Security 10 Trust as a Way for Humans to Manage Risk 13 Risk, Trust, and Computing 15 Defining Trust in Systems 15 Defining Correctness in System Behaviour 17 Chapter 2 Humans and Trust 19 The Role of Monitoring and Reporting in Creating Trust 21 Game Theory 24 The Prisoner’s Dilemma 24 Reputation and Generalised Trust 27 Institutional Trust 28 Theories of Institutional Trust 29 Who Is Actually Being Trusted? 31 Trust Based on Authority 33 Trusting Individuals 37 Trusting Ourselves 37 Trusting Others 41 Trust, But Verify 43 Attacks from Within 43 The Dangers of Anthropomorphism 45 Identifying the Real Trustee 47 Chapter 3 Trust Operations and Alternatives 53 Trust Actors, Operations, and Components 53 Reputation, Transitive Trust, and Distributed Trust 59 Agency and Intentionality 62 Alternatives to Trust 65 Legal Contracts 65 Enforcement 66 Verification 67 Assurance and Accountability 67 Trust of Non-Human or Non-Adult Actors 68 Expressions of Trust 69 Relating Trust and Security 75 Misplaced Trust 75 Chapter 4 Defining Trust in Computing 79 A Survey of Trust Definitions in Computer Systems 79 Other Definitions of Trust within Computing 84 Applying Socio-Philosophical Definitions of Trust to Systems 86 Mathematics and Trust 87 Mathematics and Cryptography 87 Mathematics and Formal Verification 89 Chapter 5 The Importance of Systems 93 System Design 93 The Network Stack 94 Linux Layers 96 Virtualisation and Containers: Cloud Stacks 97 Other Axes of System Design 99 “Trusted” Systems 99 Trust Within the Network Stack 101 Trust in Linux Layers 102 Trust in Cloud Stacks 103 Hardware Root of Trust 106 Cryptographic Hash Functions 110 Measured Boot and Trusted Boot 112 Certificate Authorities 114 Internet Certificate Authorities 115 Local Certificate Authorities 116 Root Certificates as Trust Pivots 119 The Temptations of “Zero Trust” 122 The Importance of Systems 125 Isolation 125 Contexts 127 Worked Example: Purchasing Whisky 128 Actors, Organisations, and Systems 129 Stepping Through the Transaction 130 Attacks and Vulnerabilities 134 Trust Relationships and Agency 136 Agency 136 Trust Relationships 137 The Importance of Being Explicit 145 Explicit Actions 145 Explicit Actors 149 Chapter 6 Blockchain and Trust 151 Bitcoin and Other Blockchains 151 Permissioned Blockchains 152 Trust without Blockchains 153 Blockchain Promoting Trust 154 Permissionless Blockchains and Cryptocurrencies 156 Chapter 7 The Importance of Time 161 Decay of Trust 161 Decay of Trust and Lifecycle 163 Software Lifecycle 168 Trust Anchors, Trust Pivots, and the Supply Chain 169 Types of Trust Anchors 170 Monitoring and Time 171 Attestation 173 The Problem of Measurement 174 The Problem of Run Time 176 Trusted Computing Base 177 Component Choice and Trust 178 Reputation Systems and Trust 181 Chapter 8 Systems and Trust 185 System Components 185 Explicit Behaviour 188 Defining Explicit Trust 189 Dangers of Automated Trust Relationships 192 Time and Systems 194 Defining System Boundaries 198 Trust and a Complex System 199 Isolation and Virtualisation 202 The Stack and Time 205 Beyond Virtual Machines 205 Hardware-Based Type 3 Isolation 207 Chapter 9 Open Source and Trust 211 Distributed Trust 211 How Open Source Relates to Trust 214 Community and Projects 215 Projects and the Personal 217 Open Source Process 219 Trusting the Project 220 Trusting the Software 222 Contents xiii xiv Contents Supply Chain and Products 226 Open Source and Security 229 Chapter 10 Trust, the Cloud, and the Edge 233 Deployment Model Differences 235 What Host Systems Offer 237 What Tenants Need 237 Mutually Adversarial Computing 240 Mitigations and Their Efficacy 243 Commercial Mitigations 243 Architectural Mitigations 244 Technical Mitigations 246 Chapter 11 Hardware, Trust, and Confidential Computing 247 Properties of Hardware and Trust 248 Isolation 248 Roots of Trust 249 Physical Compromise 253 Confidential Computing 256 TEE TCBs in detail 261 Trust Relationships and TEEs 266 How Execution Can Go Wrong—and Mitigations 269 Minimum Numbers of Trustees 276 Explicit Trust Models for TEE Deployments 278 Chapter 12 Trust Domains 281 The Composition of Trust Domains 284 Trust Domains in a Bank 284 Trust Domains in a Distributed Architecture 288 Trust Domain Primitives and Boundaries 292 Trust Domain Primitives 292 Trust Domains and Policy 293 Other Trust Domain Primitives 296 Boundaries 297 Centralisation of Control and Policies 298 Chapter 13 A World of Explicit Trust 301 Tools for Trust 301 The Role of the Architect 303 Architecting the System 304 The Architect and the Trustee 305 Coda 307 References 309 Index 321