AccessMyLibrary provides FREE access to over 30 million articles from top publications available through your library.
Create a link to this page
Copy and paste this link tag into your Web page or blog:
TRUST (AND MISTRUST) IN SECURE APPLICATIONS.(Industry Trend or Event)
Exploring and considering trust assumptions during every stage of software development.
TRUST AND TRUSTWORTHINESS are the foundations of security. Homeowners trust lock manufacturers to create quality locks to protect their homes. Some locks are trustworthy; others are not. Businesses trust security guards to admit only authorized personnel into sensitive areas. Some security guards should be trusted; some should not. CGI programmers trust users to provide valid inputs to the data fields on Web pages. Although most users can be trusted, some cannot. The basis for these trust relationships and how they are formed can dramatically affect the underlying security of any system--be it home protection or online privacy.
Because these trust assumptions are often illusive, software development efforts seldom handle these assumptions correctly. Several common ways in which erroneous trust assumptions in software applications can wreak havoc on the security of those applications are explored here. We consider the common trust assumptions and why they are often wrong, how these trust assumptions can arise during an application's development process, and how to minimize the number of problematic trust assumptions in an application.
A trust relationship is a relationship involving multiple entities (such as companies, people, or software components). Entities in a relationship trust each other to have or not have certain properties (the so-called trust assumptions). If the trusted entities satisfy these properties, then they are trustworthy. Unfortunately, because these properties are seldom explicitly defined, misguided trust relationships in software applications are not uncommon.
Software developers have trust relationships during every stage of software development. Before a software project is conceived, there are business and personal trust relationships that developers generally assume will not be abused. For example, many corporations trust that their employees will not attack the information systems of the company. Because of this trust, a company might have a software application talking to a database over the company's network without the aid of encryption and authentication. Employees could easily abuse the lack of security to convince database applications to run phony updates. Companies usually trust their software developers and assume their developers will not leave back doors or other artifacts in their code that could potentially compromise the security of the system.
- Trust relationships driven by estate planning advisers.(Agent/Broker)
- Magazine article from: National Underwriter Life & Health-Financial Services Edition King, Carole May 15, 1995 700+ words
As agents and their companies become more active in directing and handling the trust assets of affluent clients, they are encountering strong competition from banks, corporate trustees and other professionals whose presence may already be established in the market. Two surveys conducted by Prince
- TrustDesk Further Enhances Trust Relationships.
- Press release article from: PR Newswire September 21, 1998 700+ words
MILWAUKEE, Sept. 21 /PRNewswire/ -- M&I Data Services, a leader in trust workstation technology, has announced its general release of TrustDesk(TM) for Windows(TM). TrustDesk provides trust administrators and investment professionals with easy access to customer and asset information in
- In M & D we trust. (Relationships).(teenagers trust parents most)
- Magazine article from: Scholastic Choices May 1, 2002 700+ words
As a teen, you may not get along with your parents. But guess what? Chances are you trust your parents a whole lot more than you might be willing to admit. In a recent survey conducted by the PBS program ZOOM, 10,000 kids were asked whom they trusted. A total of 86 percent said they believe their
- Getting plugged in to E-Government; Ambitious program comprises two dozen...
- Magazine article from: Network World Byannbednarz, N. July 8, 2002 700+ words
Apply for Social Security benefits, reserve campground space at a national park or comment on pending legislation - all from the comfort of your Internet-connected home computer. That's the scenario envisioned by the U.S. government under its broadly termed "E-Government" plan to simplify delivery
- CONFERENCE OFFERS TEEN STUDENTS PRACTICAL TIPS TO FACE CHALLENGES TOPICS RANGED...
- Newspaper article from: The Virginian Pilot Walzer, Philip March 22, 1998 700+ words
Byline: PHILIP WALZER, STAFF WRITER NORFOLK -- More than 150 teens heard a mix of moral advice (say no to early sex) and practical tips (how to get onto the Internet and win interviewers' hearts) at a conference Saturday at Norfolk State University. The Ninth Annual African-American Development
- Evaluation of current trust and reputation systems as employed by companies...
- Press release article from: M2 Presswire June 1, 2006 700+ words
...clarifies the concepts of Trust, Trust Relationships, Trustworthiness, Trustworthiness...and methodologies of establishing Trust Relationships, to help the reader solve problems...world of e-business. By building trust relationships and establishing trustworthiness...
- Research and Markets: Evaluation of current trust and reputation systems as...
- Press release article from: Business Wire June 1, 2006 700+ words
...clarifies the concepts of Trust, Trust Relationships, Trustworthiness, Trustworthiness...and methodologies of establishing Trust Relationships, to help the reader solve problems...world of e-business. By building trust relationships and establishing trustworthiness...
- How to extend your network to your partners without risking your crown jewels;...
- Magazine article from: Network World Kearns, Dave June 28, 2006 700+ words
...access meant extending trust relationships from one forest to another...weren't happy extending trust relationships from one domain to another...most Microsoft-style trust relationships is that they're all...