A new paradigm for trusted systems

Abstract

The current paradigm for trusted systems holds that trust is a property of a system. We have argued that this paradigm, which underlies the Criteria for trusted systems, is inconsistent with the way trust works in the world. We then examined the concept, of trust, showing that trust is an assessment made ly an observer about a person, organization, or object observed. These assessments are formed and shared in a world-wide market where people interact with each other, with organizations, and with objects. Our own assessments are based on our personal experiences and on the assessments of others whom we trust. This understanding of trust as an assessment formed in a market leads to a radically different approach to the development of security criteria. In this paradigm, the criteria would be a set of standards directly related to customer satisfaction. The standards would reflect current market requirements, be specific to different types of products, and be stated in terms of actual users, processes, and entities rather than abstractions such as subjects and objects. They would continually evolve to respond to new technologies, new threats, and new demands in the market. The criteria would not impose requirements on the internal structure of a system or on development methodologies. The vendors would be free to choose their own methods for producing secure systems. Their systems will be evaluated according to market-based criteria for customer satisfaction, and they will be trusted as long as they meet the evolving standards and needs of the customers. Further study is needed to determine whether the proposed approach is sound for at least commercial systems if not military ones. If it is, then additional work is needed to identify the current community standards in order to formulate new criteria. Beyond that, the approach opens up the possibility of new security architectures and methodologies, and of news products that support the evaluation process, in particular security benchmarks.