Skip to main content

Trust in Cyberspace (1999) / Chapter Skim
Currently Skimming:

7 Conclusions and Research Recommendations
Pages 240-256

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 240...
... and the extant science and technology base for building trustworthy NISs. Trustworthiness is a multidimensional property of an entire system, and going beyond what is known today will require research breakthroughs.
Read the entire page →
From page 241...
... makeup of an NIS, the use of extensible components, the expectation of growth by accretion, and the likely absence of centralized control, trust, or authority demand a new approach to security: risk mitigation rather than risk avoidance, technologies to hinder attacks rather than prevent them outright, add-on technologies and defense in depth, and relocation of vulnerabilities rather than their elimination. But other aspects of trustworthiness also demand progress and also will require new thinking, because the networked environment and the scale of an NIS impose novel constraints, enable new types of solutions, and change engineering tradeoffs.
Read the entire page →
From page 242...
... network used to manage central office switches was designed for a small, closed community of telephone companies; with deregulation will come increased opportunities for insider attacks. Telephone companies are also increasingly sharing facilities and technology with each other and the Internet, thereby creating yet another point of new vulnerability.
Read the entire page →
From page 243...
... The sharing of routing information facilitates route optimization, but such cooperation also increases the risk that malicious or malfunctioning routers can compromise routing. In any event, current Internet routing algorithms are inadequate because they do not scale well, they require central processing unit (CPU)
Read the entire page →
From page 244...
... The use of some systematic development processes seems to contribute to the quality of NISs. Project management, a long-standing challenge in software development, is especially problematic when building NISs because of the large and complex nature of such systems and because of the continual software changes.
Read the entire page →
From page 245...
... Although there are accepted processes for component design and implementation, the novel characteristics of NISs raise questions about the utility of these processes. Modern programming languages include features that promote trustworthiness, and the potential may exist for further gains from research.
Read the entire page →
From page 246...
... Modern programming languages include features, such as compile-time checks and support for modularity and component integration, that promote trustworthiness. The potential may exist for further gains by developing even more-expressive type systems and other compile-time analysis techniques.
Read the entire page →
From page 247...
... Finally, these formal policy models cannot account for defensive measures, such as virus scan software or firewalls mechanisms that should not work or be needed in theory but, in practice, hinder attacks. The complex and distributed nature of NISs, with their numerous subsystems that typically have their own access controls, raises the question of whether a complete formal security model could ever be specified.
Read the entire page →
From page 248...
... Biometric authentication technologies have limitations when employed in network contexts, because the compromise of the digital version of someone's biometric data could allow an attacker to impersonate a legitimate user over the network. Obstacles exist to more widespread deployment of keymanagement technology and there has been little experience with public-key infrastructures, especially large-scale ones.
Read the entire page →
From page 249...
... However, NIS trustworthiness will deteriorate unless effective security mecha nisms are developed and implemented to defend against attacks by foreign code. Authenticating the author or provider of foreign code has not and likely will not prove effective for protecting against hostile foreign code.
Read the entire page →
From page 250...
... For example, each request for service may appear legitimate in itself, but the aggregate number of requests in a short time period that are focused on a specific subsystem can overwhelm that subsystem because the act of checking a request for legitimacy consumes resources. BUILDING TRUSTWORTHY SYSTEMS FROM UNTRUSTWORTHY COMPONENTS Improved trustworthiness may be achieved by the careful organization of untrustworthy components.
Read the entire page →
From page 251...
... The absence of standard metrics or a recognized organization to conduct assessments for trustworthiness is an important contributing factor to the imperfect information problem. Useful metrics for the security dimension of trustworthiness are unlikely to be developed because the corresponding formal model for any particular metric would necessarily be incomplete.
Read the entire page →
From page 252...
... The production costs associated with integration and testing represent a substantial proportion of total producer costs for improving trustworthiness, and it is often difficult to separate "trustworthiness" costs from other costs. Time-to-market considerations discourage the inclusion of trustworthiness features and encourage the postponement of trustworthiness to later stages of the product life cycle.
Read the entire page →
From page 253...
... The public policy controversy surrounding export controls and key recovery does indeed inhibit the widespread deployment of cryptography. However, cryptography is not more widely deployed for other reasons, which include reduced convenience and usability, possible sacrifice of interoperability, increased computational and communications requirements, lack of a national or international key infrastructure, restrictions resulting from patents, and the fact that most information is already secure enough relative to its value to an unauthorized party.
Read the entire page →
From page 254...
... The nature and scope of major Defense Advanced Research Projects Agency (DARPA) projects that were funded in the 1970s where security work was an integral part of a large, integrated effort seem to characterize DARPA's greatest successes in the security domain.
Read the entire page →
From page 255...
... An increase in expenditures for research in information security and NIS trustworthiness is warranted. The committee believes that increased funding is warranted for both information security research in particular and NIS trustworthiness research in general.
Read the entire page →

Key Terms

  • foreign code
  • formal methods
  • telephone network
  • access control
  • policy models

  • critical infrastructures
  • networked information
  • formal policy
  • information security
  • building trustworthy

  • cots components
  • trustworthiness research
  • trustworthiness costs
  • widespread deployment
  • security policies

  • public telephone
  • hardware tokens
  • promote trustworthiness
  • cots software
  • security research

  • prove effective
  • modern programming
  • programming language
  • communications products
  • telephone companies

  • complex software
  • implementing trustworthiness
  • software development
  • traffic security
  • cryptographic authentication


    • This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
    More information on Chapter Skim is available.