skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Attention:

The NSF Public Access Repository (PAR) system and access will be unavailable from 8:00 PM ET on Friday, March 21 until 8:00 AM ET on Saturday, March 22 due to maintenance. We apologize for the inconvenience.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Trust-Based Security; Or, Trust Considered Harmful
Our review of common, popular risk analysis frameworks finds that they are very homogenous in their approach. These are considered IT Security Industry ”best practices.” However, one wonders if they are indeed ”best”, as evinced by the almost daily news of large companies suffering major compromises. Embedded in these ”best practices” is the notion that ”trust” is ”good”, i.e. is a desirable feature: ”trusted computing,” ”trusted third party,” etc. We argue for the opposite: that vulnerabilities stem from trust relationships. We propose a a paradigm for risk analysis centered around identifying and minimizing trust relationships. We argue that by bringing trust relationships to the foreground, we can identify paths to compromise that would otherwise go undetected; a more comprehensive assessment of vulnerability, from which one can better prioritize and reduce risk.  more » « less
Award ID(s):
1739025
PAR ID:
10317421
Author(s) / Creator(s):
;
Date Published:
Journal Name:
Proceedings of the 2020 New Security Paradigms Workshop
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, Journal of Management Inquiry)
    In this essay, we argue that the advent of the Fourth Industrial Revolution calls for a reexamination of trust patterns within and across organizations. We identify fundamental changes in terms of (1) what form organizational trust takes, (2) how it is produced, and (3) who needs to be trusted. First, and most broadly, trust is likely to become more impersonal and systemic. Trust between actors is increasingly substituted by trust in a system based on digital technology. Second, in terms of trust production modes, characteristic- and institution-based trust production will gain in importance. Third, despite the move toward system trust, there will nonetheless be a need to trust certain individuals; however, these trustees are no longer the counterparts to the interaction but rather third parties in charge of the technological systems and data. Thus, the focal targets of interpersonal trust are changing. 
    more » « less
  2. ; ; ; (, IEEE Transactions on Visualization and Computer Graphics)
    The prevalence of inadequate SARS-COV-2 (COVID-19) responses may indicate a lack of trust in forecasts and risk communication. However, no work has empirically tested how multiple forecast visualization choices impact trust and task-based performance. The three studies presented in this paper (N=1299) examine how visualization choices impact trust in COVID-19 mortality forecasts and how they influence performance in a trend prediction task. These studies focus on line charts populated with real-time COVID-19 data that varied the number and color encoding of the forecasts and the presence of best/worst-case forecasts. The studies reveal that trust in COVID-19 forecast visualizations initially increases with the number of forecasts and then plateaus after 6–9 forecasts. However, participants were most trusting of visualizations that showed less visual information, including a 95% confidence interval, single forecast, and grayscale encoded forecasts. Participants maintained high trust in intervals labeled with 50% and 25% and did not proportionally scale their trust to the indicated interval size. Despite the high trust, the 95% CI condition was the most likely to evoke predictions that did not correspond with the actual COVID-19 trend. Qualitative analysis of participants' strategies confirmed that many participants trusted both the simplistic visualizations and those with numerous forecasts. This work provides practical guides for how COVID-19 forecast visualizations influence trust, including recommendations for identifying the range where forecasts balance trade-offs between trust and task-based performance. 
    more » « less
  3. ; ; (, ACM)
    Modern software installation tools often use packages from more than one repository, presenting a unique set of security challenges. Such a configuration increases the risk of repository compromise and introduces attacks like dependency confusion and repository fallback. In this paper, we offer the first exploration of attacks that specifically target multiple repository update systems, and propose a unique defensive strategy we call articulated trust. Articulated trust is a principle that allows software installation tools to specify trusted developers and repositories for each package. To implement articulated trust, we built Artemis, a framework that introduces several new security techniques, such as per-package prioritization of repositories, multi-role delegations, multiple-repository consensus, and key pinning. These techniques allow for a greater diversity of trust relationships while eliminating the security risk of single points of failure. To evaluate Artemis, we examine attacks on software update systems from the Cloud Native Computing Foundation’s Catalog of Supply Chain Compromises, and find that the most secure configuration of Artemis can prevent all of them, compared to 14-59% for the best existing system. We also cite real-world deployments of Artemis that highlight its practicality. These include the JDF/Linux Foundation Uptane Standard that secures over-the-air updates for millions of automobiles, and TUF, which is used by many companies for secure software distribution. 
    more » « less
  4. ; (, IEEE Computer Society Annual Symposium on VLSI (ISVLSI))
    Increasing System-on-Chip (SoC) design complexity coupled with time-to-market constraints have motivated manufacturers to integrate several third-party Intellectual Property (IP) cores in their SoC designs. IPs acquired from potentially untrusted vendors can be a serious threat to the trusted IPs when they are connected using the same Network-on-Chip (NoC). For example, the malicious IPs can tamper packets as well as degrade SoC performance by launching DoS attacks. While existing authentication schemes can check the data integrity of packets, it can introduce unacceptable overhead on resource-constrained SoCs. In this paper, we propose a lightweight and trust-aware routing mechanism to bypass malicious IPs during packet transfers. This reduces the number of re-transmissions due to tampered data, minimizes DoS attack risk, and as a result, improves SoC performance even in the presence of malicious IPs. Experimental results demonstrate significant improvement in both performance and energy efficiency with minor impact on area overhead. 
    more » « less
  5. ; ; ; (, Benchmarking: An International Journal)
    Purpose In the buyer-supplier relationship of a high-technology enterprise, the concepts of trust and risk are closely intertwined. Entering into a buyer-supplier relationship inherently involves a degree of risk, since there is always an opportunity for one of the parties to act opportunistically. Purchasing and supply managers play an important role in reducing the firm's risk profile, and must make decisions about whether or not to enter into, or remain in, a relationship with a supplier based on a subjective assessment of trust and risk. Design/methodology/approach In this paper, the authors seek to explore how trust in the buyer-supplier relationship can be quantitatively modeled in the presence of risk. The authors develop a model of trust between a buyer and supplier as a risk-based decision, in which a buyer decides to place trust in a supplier, who may either act cooperatively or opportunistically. The authors use a case study of intellectual property (IP) piracy in the electronics industry to illustrate the conceptual discussion and model development. Findings The authors produce a generalizable model that can be used to aid in decision-making and risk analysis for potential supply-chain partnerships, and is both a theoretical and practical innovation. However, the model can benefit a variety of high-technology enterprises. Originality/value While the topic of trust is widely discussed, few studies have attempted to derive a quantitative model to support trust-based decision making. This paper advanced the field of supply chain management by developing a model which relates risk and trust in the buyer-supplier relationship. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email