Trust in Cyberspace

Whether or not you use a computer, you probably use a telephone, electric power, and a bank. Although you may not be aware of their presence, networked computer systems are increasingly becoming an integral part of your daily life. Yet, if such systems perform poorly or don't work at all, then they can put life, liberty, and property at tremendous risk. Is the trust that we?as individuals and as a society?are placing in networked computer systems justified? And if it isn't, what can we do to make such systems more trustworthy? This book provides an assessment of the current state of the art procedures for building trustworthy networked information systems. It proposes directions for research in computer and network security, software technology, and system architecture. In addition, the book assesses current technical and market trends in order to better inform public policy as to where progress is likely and where incentives could help. Trust in Cyberspace offers insights into: The strengths and vulnerabilities of the telephone network and Internet, the two likely building blocks of any networked information system. The interplay between various dimensions of trustworthiness: environmental disruption, operator error, "buggy" software, and hostile attack. The implications for trustworthiness of anticipated developments in hardware and software technology, including the consequences of mobile code. The shifts in security technology and research resulting from replacing centralized mainframes with networks of computers. The heightened concern for integrity and availability where once only secrecy mattered. The way in which federal research funding levels and practices have affected the evolution and current state of the science and technology base in this area. You will want to read this book if your life is touched in any way by computers or telecommunications. But then, whose life isn't? Table of Contents Front Matter Executive Summary 1 Introduction 2 Public Telephone Network and Internet Trustworthiness 3 Software for Networked Information Systems 4 Reinventing Security 5 Trustworthy Systems from Untrustworthy Components 6 The Economic and Public Policy Context 7 Conclusions and Research Recommendations Appendix A: Study Committee Biographies Appendix B: Briefers to the Committee Appendix C: Workshop Participants and Agendas Appendix D: List of Position Papers Prepared for the Workshops Appendix E: Trends in Software Appendix F: Some Related Trustworthiness Studies Appendix G: Some Operating System Security Examples Appendix H: Types of Firewalls Appendix I: Secrecy of Design Appendix J: Research in Information System Security and Survivability Funded by NSA and DARPA Appendix K: Glossary Index