Posted by: David Harley | July 22, 2010

More Reflections on Trusting Trust*

*Reflections on Trusting Trust, Ken Thompson. Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763.

Thompson’s article is a classic reference pointing to the potential risk from “any code you did not totally write yourself,” an approach rediscovered not so long ago by the author of W32/Induc.

However, the issue of trust (in excess or in its absence) dominates security: after all, what we call social engineering in the context of security is essentially psychological manipulation in order to induce trust where it isn’t merited. And if there’s one thing that’s been obvious in the past few weeks, it’s that AMTSO has “benefited” fully from distrust of the security industry in general and anti-virus companies in particular.

I’ve come across several references in the past day or two to an interesting article by Pete Herzog on Essential Trust Analysis. Well, trust is a big topic, and even that relatively short article ranges from biochemical and parasitic influences on our inclination to trust or distrust, to the influence of life experience, to a study from Yale on “The Seductive Allure of Neuroscience Explanations” (you need to read the article to appreciate the context that gives humour to this serious academic paper on a specialist application of “how to blind people with science”) to Isecom’s certification in trust analysis.

I think I feel a paper coming on…

David Harley CITP FBCS CISSP
ESET Sr. Research Fellow

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: