blob: fe2ca5f0b4d94e200fe2de9f94ab7624948aa2b8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
The word trust is used in a number of contexts with different technical meanings.
Sometimes it is used to confuse, for instance trusted computing is rarely about
providing users reason to trust that software they are running does not violate
their intents but about providing a mechanism for a third party to verify
that software that runs on a remote computer obeys him or her rather than the
user.
When we say that a program trusts another, we mean that [[correctness]] of the
former depends on the cooperation of the latter. For instance, when a user runs
ssh, the user's intention is that all communication is encrypted. In this case,
the user trusts that the ssh binary respects this intent. In Unix, a program's
[[trusted computing base]] consists not only of the kernel (and all the drivers,
file systems and protocol stacks that it contains) but every program running
under the same UID; it is impossible to protect against
[[destructive interference]] from programs running under the same UID.
|