Trustworthy Computing
Encyclopedia
The term Trustworthy Computing (TwC) has been applied to computing systems that are inherently secure, available, and reliable. The Committee on Information Systems Trustworthiness’ publication, Trust in Cyberspace, defines such a system as one which
More recently, Microsoft
has adopted the term Trustworthy Computing as the title of a company initiative to improve public trust in its own commercial offerings. In large part, it is intended to address the concerns about the security
and reliability of previous Microsoft Windows
releases and, in part, to address general concerns about privacy and business practices. This initiative has changed the focus of many of Microsoft’s internal development efforts, but has been greeted with skepticism by some in the computer industry
.
had distinct meanings. A given system can be trustworthy but not trusted and vice versa.
The National Security Agency
(NSA) defines a trusted system or component as one "whose failure can break the security policy", and a trustworthy system or component as one "that will not fail". Trusted Computing has been defined and outlined with a set of specifications and guidelines by the Trusted Computing Platform Alliance (TCPA), including secure input and output, memory curtaining, sealed storage, and remote attestation. As stated above, Trustworthy Computing aims to build consumer confidence in computers, by making them more reliable, and thus more widely used and accepted.
, the space program, financial institutions and public safety
organizations. The computing industry began to identify deficiencies in existing systems and focus on areas that would address public concerns about reliance on automated systems.
In 1967, Allen-Babcock
Computing identified four areas of trustworthiness that foreshadow Microsoft’s. Their time-share business allowed multiple users from multiple businesses to coexist on the same computer, presenting many of the same vulnerabilities of modern networked information systems
.
Allen-Babcock’s strategy for providing trustworthy computing concentrated on four areas:
A benchmark event occurred in 1989, when 53 government and industry organizations met. This workshop assessed the challenges involved in developing trustworthy critical computer systems and recommended the use of formal methods
as a solution. Among the issues addressed was the need for improved software testing
methods that would guarantee high level of reliability on initial software release. The attendees further recommended programmer certification
as a means to guarantee the quality and integrity of software.
In 1996, the National Research Council
recognized that the rise of the Internet
simultaneously increased societal reliance on computer systems while increasing the vulnerability of such systems to failure. The Committee on Information System Trustworthiness was convened; producing the work, Trust in Cyberspace. This report reviews the benefits of trustworthy systems, the cost of un-trustworthy systems and identifies actions required for improvement. In particular, operator errors, physical disruptions, design errors, and malicious software as items to be mitigated or eliminated. It also identifies encrypted authorization
, fine level access control
and proactive monitoring as essential to a trustworthy system.
Microsoft launched its Trustworthy Computing initiative in 2002. This program was in direct response to Internet devastation caused by the Code Red
and Nimda worms in 2001. Announcement of the initiative came in the form of an all-employee email from Microsoft founder Bill Gates
redirecting the company’s software development activities to include a “by design” view of security.
authored a whitepaper in 2002, defining the framework of the company’s Trustworthy Computing program. Four areas were identified as the initiative’s key “pillars”. Microsoft has subsequently organized its efforts to align with these goals. These key activities are set forth as:
Another essential element of privacy is providing the user a sense of control over their personal information. This includes ongoing education, information, and notification of policy and procedures. In a world of spam
, hackers
, and unwanted pop-ups, computer users need to feel empowered with the tools and computing products, especially when it comes to protecting their personal information.
Six key attributes have been defined for a reliable system:
of Enron
, Worldcom and others, but it also speaks to the concerns regarding software developer integrity and responsiveness.
Microsoft identifies two major areas of concentration for business integrity. These are responsiveness: “The company accepts responsibility for problems, and takes action to correct them. Help is provided to customers in planning for, installing and operating the product”; and transparency: “The company is open in its dealings with customers. Its motives are clear, it keeps its word, and customers know where they stand in a transaction or interaction with the company.”
More recently, Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
has adopted the term Trustworthy Computing as the title of a company initiative to improve public trust in its own commercial offerings. In large part, it is intended to address the concerns about the security
Security
Security is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
and reliability of previous Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
releases and, in part, to address general concerns about privacy and business practices. This initiative has changed the focus of many of Microsoft’s internal development efforts, but has been greeted with skepticism by some in the computer industry
Computer industry
Computer industry is a collective term used to describe the whole range of businesses involved in developing computer software, designing computer hardware and computer networking infrastructures, the manufacture of computer components and the provision of information technology services.-See...
.
"Trusted" vs. "Trustworthy"
The terms Trustworthy Computing and Trusted ComputingTrusted Computing
Trusted Computing is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by...
had distinct meanings. A given system can be trustworthy but not trusted and vice versa.
The National Security Agency
National Security Agency
The National Security Agency/Central Security Service is a cryptologic intelligence agency of the United States Department of Defense responsible for the collection and analysis of foreign communications and foreign signals intelligence, as well as protecting U.S...
(NSA) defines a trusted system or component as one "whose failure can break the security policy", and a trustworthy system or component as one "that will not fail". Trusted Computing has been defined and outlined with a set of specifications and guidelines by the Trusted Computing Platform Alliance (TCPA), including secure input and output, memory curtaining, sealed storage, and remote attestation. As stated above, Trustworthy Computing aims to build consumer confidence in computers, by making them more reliable, and thus more widely used and accepted.
History
Trustworthy computing is not a new concept. The 1960s saw an increasing dependence on computing systems by the militaryMilitary
A military is an organization authorized by its greater society to use lethal force, usually including use of weapons, in defending its country by combating actual or perceived threats. The military may have additional functions of use to its greater society, such as advancing a political agenda e.g...
, the space program, financial institutions and public safety
Public Safety
Public safety involves the prevention of and protection from events that could endanger the safety of the general public from significant danger, injury/harm, or damage, such as crimes or disasters .-See also:* By nation...
organizations. The computing industry began to identify deficiencies in existing systems and focus on areas that would address public concerns about reliance on automated systems.
In 1967, Allen-Babcock
Allen-Babcock
Allen-Babcock Computing"Allen-Babcock Computing was founded in Los Angeles in 1964. The company was established by James Babcock and Michael Jane Allen Babcock to take advantage of the fast-growing market for computer time-sharing services."...
Computing identified four areas of trustworthiness that foreshadow Microsoft’s. Their time-share business allowed multiple users from multiple businesses to coexist on the same computer, presenting many of the same vulnerabilities of modern networked information systems
Information systems
Information Systems is an academic/professional discipline bridging the business field and the well-defined computer science field that is evolving toward a new scientific area of study...
.
Allen-Babcock’s strategy for providing trustworthy computing concentrated on four areas:
- An ironclad operating systemOperating systemAn operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
[reliability] - Use of trustworthy personnel [~business integrity]
- Effective access controlAccess controlAccess control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...
[security] - User requested optional privacyPrivacyPrivacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...
[privacy]
A benchmark event occurred in 1989, when 53 government and industry organizations met. This workshop assessed the challenges involved in developing trustworthy critical computer systems and recommended the use of formal methods
Formal methods
In computer science and software engineering, formal methods are a particular kind of mathematically-based techniques for the specification, development and verification of software and hardware systems...
as a solution. Among the issues addressed was the need for improved software testing
Software testing
Software testing is an investigation conducted to provide stakeholders with information about the quality of the product or service under test. Software testing can also provide an objective, independent view of the software to allow the business to appreciate and understand the risks of software...
methods that would guarantee high level of reliability on initial software release. The attendees further recommended programmer certification
Product certification
Product certification or product qualification is the process of verifying that a certain product has passed performance tests and quality assurance tests or qualification requirements stipulated in contracts, regulations, or specifications...
as a means to guarantee the quality and integrity of software.
In 1996, the National Research Council
United States National Research Council
The National Research Council of the USA is the working arm of the United States National Academies, carrying out most of the studies done in their names.The National Academies include:* National Academy of Sciences...
recognized that the rise of the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
simultaneously increased societal reliance on computer systems while increasing the vulnerability of such systems to failure. The Committee on Information System Trustworthiness was convened; producing the work, Trust in Cyberspace. This report reviews the benefits of trustworthy systems, the cost of un-trustworthy systems and identifies actions required for improvement. In particular, operator errors, physical disruptions, design errors, and malicious software as items to be mitigated or eliminated. It also identifies encrypted authorization
Authorization
Authorization is the function of specifying access rights to resources, which is related to information security and computer security in general and to access control in particular. More formally, "to authorize" is to define access policy...
, fine level access control
Access control
Access control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...
and proactive monitoring as essential to a trustworthy system.
Microsoft launched its Trustworthy Computing initiative in 2002. This program was in direct response to Internet devastation caused by the Code Red
Code Red (computer worm)
The Code Red worm was a computer worm observed on the Internet on July 13, 2001. It attacked computers running Microsoft's IIS web server.The Code Red worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh...
and Nimda worms in 2001. Announcement of the initiative came in the form of an all-employee email from Microsoft founder Bill Gates
Bill Gates
William Henry "Bill" Gates III is an American business magnate, investor, philanthropist, and author. Gates is the former CEO and current chairman of Microsoft, the software company he founded with Paul Allen...
redirecting the company’s software development activities to include a “by design” view of security.
Microsoft and Trustworthy Computing
Microsoft CTO and Senior Vice President Craig MundieCraig Mundie
Craig James Mundie is chief research and strategy officer at Microsoft. He started in its consumer platforms division in 1992, managing the production of Windows CE for hand-held and automotive systems and early console games. In 1997, Mundie oversaw the acquisition of WebTV Networks...
authored a whitepaper in 2002, defining the framework of the company’s Trustworthy Computing program. Four areas were identified as the initiative’s key “pillars”. Microsoft has subsequently organized its efforts to align with these goals. These key activities are set forth as:
- Security
- Privacy
- Reliability
- Business Integrity
Security
Microsoft’s first pillar of Trustworthy Computing is security. Security has always been a part of computing, but now it must become a priority. According to Microsoft, security goes beyond the technology to include the social aspect as well. This is outlined in the following three components:- Technology Investment – Investing in the expertise and technology necessary to create a secure and trustworthy computing environment.
- Responsible Leadership – Microsoft highlights the responsibility that goes with being an industry leader. This includes working with law enforcement agencies, government experts, academia, and private sectors to join forces and create partnerships necessary to create and enforce secure computing.
- Customer Guidance and Engagement – It is important to develop trust by educating consumers with training and information on best practices for secure computing.
Privacy
For computing to become ubiquitous in connecting people and transmitting information over various networks and services it is critical that information is protected and kept private. Microsoft has privacy as the second pillar for Trustworthy Computing and commits to making privacy a priority in the design, developing, and testing of their products. To ensure this privacy, it is also important to contribute to standards and policies created by industry organizations and government. Privacy policies must be honored and practiced across the industry.Another essential element of privacy is providing the user a sense of control over their personal information. This includes ongoing education, information, and notification of policy and procedures. In a world of spam
Spam (electronic)
Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...
, hackers
Hacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
, and unwanted pop-ups, computer users need to feel empowered with the tools and computing products, especially when it comes to protecting their personal information.
Reliability
Microsoft’s third pillar of Trustworthy Computing is reliability. Microsoft uses a fairly broad definition to encompass all technical aspects related to availability, performance and disruption recovery. It is intended to be a measure not only of whether a system is working, but whether it will continue working in non-optimal situations.Six key attributes have been defined for a reliable system:
- Resilient. The system will continue to provide the user a service in the face of internal or external disruption.
- Recoverable. Following a user- or system-induced disruption, the system can be easily restored, through instrumentation and diagnosis, to a previously known state with no data loss.
- Controlled. Provides accurate and timely service whenever needed.
- Undisruptable. Required changes and upgrades do not disrupt the service being provided by the system.
- Production-ready. On release, the system contains minimal software bugSoftware bugA software bug is the common term used to describe an error, flaw, mistake, failure, or fault in a computer program or system that produces an incorrect or unexpected result, or causes it to behave in unintended ways. Most bugs arise from mistakes and errors made by people in either a program's...
s, requiring a limited number of predictable updates. - Predictable. It works as expected or promised, and what worked before works now.
Business Integrity
Microsoft’s fourth pillar of Trustworthy Computing is business integrity. Many view this as a reaction by the technology firm to the accounting scandalsAccounting scandals
Accounting scandals, or corporate accounting scandals, are political and business scandals which arise with the disclosure of misdeeds by trusted executives of large public corporations...
of Enron
Enron
Enron Corporation was an American energy, commodities, and services company based in Houston, Texas. Before its bankruptcy on December 2, 2001, Enron employed approximately 22,000 staff and was one of the world's leading electricity, natural gas, communications, and pulp and paper companies, with...
, Worldcom and others, but it also speaks to the concerns regarding software developer integrity and responsiveness.
Microsoft identifies two major areas of concentration for business integrity. These are responsiveness: “The company accepts responsibility for problems, and takes action to correct them. Help is provided to customers in planning for, installing and operating the product”; and transparency: “The company is open in its dealings with customers. Its motives are clear, it keeps its word, and customers know where they stand in a transaction or interaction with the company.”
External links
- Trusted Computing Group
- Wave Systems Corp. Managing Trusted Computing Platforms (TPM)
- The Age of Corporate Open Source Enlightenment, Paul Ferris, ACM Press
- The Controversy over Trusted Computing, Catherine Flick, University of Sydney
- Email from Bill Gates to Microsoft Employees, Wired News, January, 2002
- Trust in Cyberspace, Committee on Information Systems Trustworthiness
- Trustworthy Computing, Microsoft
- Trustworthy Computing, Craig Mundie, Microsoft