Trust Models

The vast majority of the software that you run on your computer every day came from an open source. Every open source piece of software is held to an “open standard” that the software will work in the way intended and not do anything malicious, though the standard is not owned by any particular group of people. This involves a significant amount of trust on our end, that whenever we compile a program or visit a website, the pieces of software we use are not injecting malicious code into our computers. This is the basis of trust models.

• Lecture

  • Watch on Youtube
  • Download Lecture
  • Lecture Notes

• Notes

  • Trust Models

• Supplementary Resources

  • Ken Thompson on Reflections on Trusting Trust
  • David Maher on A human-centric trust model for the Internet of Things
  • Lee Rainie and Janna Anderson on The Fate of Online Trust in the Next Decade

• Thought Questions

  • Think of several examples of open source programs we simply “trust” to not do anything bad to us. In the past couple of weeks, what software or files you have downloaded from the Internet on your computer?
  • Why do we trust these programs? What makes us believe that they’re safe?
  • What are the risks involved? What can these programs potentially do to us? What can we do to keep ourselves as safe as possible?
  • The security model of “zero trust” is based on the notion that networks cannot be automatically trusted and thus must be verified before being granted access to anything. What would be the advantages and disadvantages of the widespread adoption of this model? (Hint: Learn about what zero trust is here and about how it can be implemented here.)