Trust-Based Security; Or, Trust Considered Harmful

被引：3

作者：

Singer, Abe ^{[1
]}

Bishop, Matt ^{[1
]}

机构：

[1] Univ Calif Davis, Davis, CA 95616 USA

来源：

NEW SECURITY PARADIGMS WORKSHOP (NSPW 2020) | 2020年

基金：

美国国家科学基金会;

关键词：

cybersecurity; risk assessment; trust; trust relationships; vulnerabilities; REFLECTIONS;

D O I：

10.1145/3442167.3442179

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Our review of common, popular risk analysis frameworks finds that they are very homogenous in their approach. These are considered IT Security Industry "best practices." However, one wonders if they are indeed "best", as evinced by the almost daily news of large companies suffering major compromises. Embedded in these "best practices" is the notion that "trust" is "good", i.e. is a desirable feature: "trusted computing;' "trusted third party," etc. We argue for the opposite: that vulnerabilities stem from trust relationships. We propose a a paradigm for risk analysis centered around identifying and minimizing trust relationships. We argue that by bringing trust relationships to the foreground, we can identify paths to compromise that would otherwise go undetected; a more comprehensive assessment of vulnerability, from which one can better prioritize and reduce risk.

引用

页码：76 / 89

页数：14

共 50 条

[1] A TRUST-BASED SECURITY ARCHITECTURE FOR TACTICAL MANETS
Lacharite, Yannick
Nguyen, Dang Quan
Wang, Maoyu
Lamont, Louise
[J]. 2008 IEEE MILITARY COMMUNICATIONS CONFERENCE: MILCOM 2008, VOLS 1-7, 2008, : 1227 - 1233
[2] Trust-based Security for Decentralized Clustering in IoV
Scott, Chandler
Khan, Mohammad S.
Bajracharya, Biju
Paranjothi, Anirudh
[J]. 2024 INTERNATIONAL CONFERENCE ON SMART APPLICATIONS, COMMUNICATIONS AND NETWORKING, SMARTNETS-2024, 2024,
[3] Trust-based Security for the Spanning Tree Protocol
Lai, Yingxu
Liu, Zenghui
Pan, Qiuyue
Chen, Yinong
Zhou, Zhizheng
[J]. PROCEEDINGS OF 2014 IEEE INTERNATIONAL PARALLEL & DISTRIBUTED PROCESSING SYMPOSIUM WORKSHOPS (IPDPSW), 2014, : 1339 - 1344
[4] Trust-based security for the OLSR routing protocol
Adnane, Asma
Bidan, Christophe
de Sousa Junior, Rafael Timoteo
[J]. COMPUTER COMMUNICATIONS, 2013, 36 (10-11) : 1159 - 1171
[5] Trust-based security in pervasive computing environments
Kagal, L
Finin, T
Joshi, A
[J]. COMPUTER, 2001, 34 (12) : 154 - 157
[6] Zero Trust-Based Mobile Network Security Architecture
Liu, Yiliang
Su, Zhou
Peng, Haixia
Xiang, Yushan
Wang, Wei
Li, Ruidong
[J]. IEEE WIRELESS COMMUNICATIONS, 2024, 31 (02) : 82 - 88
[7] Trust-based framework for security enhancement of wireless sensor
Oleshchuk, Vladimir
[J]. IDAACS 2007: PROCEEDINGS OF THE 4TH IEEE WORKSHOP ON INTELLIGENT DATA ACQUISITION AND ADVANCED COMPUTING SYSTEMS: TECHNOLOGY AND APPLICATIONS, 2007, : 623 - 627
[8] Trust-based security architecture for Ubiquitous Computing systems
Hung, Le Xuan
Giang, Pho Duc
Zhung, Yonil
Van Phuong, Tran
Lee, Sungyoung
Lee, Young-Koo
[J]. INTELLIGENCE AND SECURITY INFORMATICS, PROCEEDINGS, 2006, 3975 : 753 - 754
[9] An improved trust-based security framework for internet of things
Renjith P.N.
Ramesh K.
Sasikumar S.
[J]. International Journal of Information Technology, 2021, 13 (2) : 677 - 685
[10] A Survey on Trust & Trust-Based Schemes In VANETs
Kavitha, M.
Tangade, Shrikant S.
[J]. 2013 FOURTH INTERNATIONAL CONFERENCE ON COMPUTING, COMMUNICATIONS AND NETWORKING TECHNOLOGIES (ICCCNT), 2013,

← 1 2 3 4 5 →