Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

Trust Engineering - Rejecting the Tyranny of the Weakest Link

In 2002, the National Security Agency's Information Assurance
Research Group coined the term, trust engineering, to describe a
methodology for making use of software of uncertain provenance in
mission-critical systems. Today, the loss of control that made
software so hard to trust then applies to the rest of the supply
chain as well. The discipline we described in the internal paper,
Trust-engineering: An Assurance Strategy for Softwarebased
Systems, no longer seems heretical today, even at NSA. Ten years
later, we revisit the principles of trust engineering, compare
the mechanisms available to us today with the practices of the
past, and explore the construction of systems that are stronger
than their weakest link.


Susan Alexander    
United States


Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC