Trust in Cyberspace
Full Title of Reference
Trust in Cyberspace
Full Citation
Nat'l Research Council, Trust in Cyberspace (Fred B. Schneider ed., National Academy Press 1999). Web
Categorization
- Overview: Independent Reports
- Threats and Actors: Telephone; Military Networks (.mil); Public Data Networks
- Issues: Incentives
- Approaches: Government Organizations
Key Words
COTS Software, Denial of Service Attack,
Interdependencies, Computer Network Attack,
Synopsis
This book, edited by a study committee convened by the Computer Science and Telecommunications Board (CSTB) of the National Research Council, provides an assessment of the current state of the art procedures for building trustworthy networked information systems. It proposes directions for research in computer and network security, software technology, and system architecture. In addition, the book assesses current technical and market trends in order to better inform public policy as to where progress is likely and where incentives could help. Trust in Cyberspace offers insights into:
- The current state of networked information systems (NIS)
To be labeled as trustworthy, a system not only must behave as expected but also must reinforce the belief that it will continue to produce expected behavior and will not be susceptible to subversion. The question of how to achieve assurance has been the target of several research programs sponsored by the Department of Defense and others. Yet currently practiced and proposed approaches for establishing assurance are still imperfect and/or impractical. Testing can demonstrate only that a flaw exists, not that all flaws have been found; deductive and analytical methods are practical only for certain small systems or specific properties. Moreover, all existing assurance methods are predicated on an unrealistic assumption—that system designers and implementers know what it means for a system to be “correct” before and during development. The study committee believes that progress in assurance for the foreseeable future will most likely come from figuring out (1) how to combine multiple approaches and (2) how best to leverage add-on technologies and other approaches to enhance existing imperfect systems. Improved assurance, without any pretense of establishing a certain or a quantifiable level of assurance, should be the aim.
- The strengths and vulnerabilities of the telephone network and Internet, the two likely building blocks of any networked information system.
- The interplay between various dimensions of trustworthiness: environmental disruption, operator error, "buggy" software, and hostile attack.
- The implications for trustworthiness of anticipated developments in hardware and software technology, including the consequences of mobile code.
- The shifts in security technology and research resulting from replacing centralized mainframes with networks of computers.
- The heightened concern for integrity and availability where once only secrecy mattered.
- The way in which federal research funding levels and practices have affected the evolution and current state of the science and technology base in this area.
Additional Notes and Highlights
Expertise Required: Technology - Low