{"product_id":"trust-in-computer-systems-and-the-cloud-isbn-9781119692324","title":"Trust in Computer Systems and the Cloud","description":"\u003cp\u003e\u003cb\u003eLearn to analyze and measure risk by exploring the nature of trust and its application to cybersecurity \u003cbr\u003e\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eTrust in Computer Systems and the Cloud\u003c\/i\u003e delivers an insightful and practical new take on what it means to trust in the context of computer and network security and the impact on the emerging field of Confidential Computing. Author Mike Bursell’s experience, ranging from Chief Security Architect at Red Hat to CEO at a Confidential Computing start-up grounds the reader in fundamental concepts of trust and related ideas before discussing the more sophisticated applications of these concepts to various areas in computing. \u003c\/p\u003e \u003cp\u003eThe book demonstrates in the importance of understanding and quantifying risk and draws on the social and computer sciences to explain hardware and software security, complex systems, and open source communities. It takes a detailed look at the impact of Confidential Computing on security, trust and risk and also describes the emerging concept of trust domains, which provide an alternative to standard layered security. \u003c\/p\u003e \u003cul\u003e \u003cli\u003eFoundational definitions of trust from sociology and other social sciences, how they evolved, and what modern concepts of trust mean to computer professionals \u003c\/li\u003e \u003cli\u003eA comprehensive examination of the importance of systems, from open-source communities to HSMs, TPMs, and Confidential Computing with TEEs. \u003c\/li\u003e \u003cli\u003eA thorough exploration of trust domains, including explorations of communities of practice, the centralization of control and policies, and monitoring \u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003ePerfect for security architects at the CISSP level or higher, \u003ci\u003eTrust in Computer Systems and the Cloud\u003c\/i\u003e is also an indispensable addition to the libraries of system architects, security system engineers, and master’s students in software architecture and security. \u003c\/p\u003e \u003cp\u003eIntroduction xv\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Why Trust? 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAnalysing Our Trust Statements 4\u003c\/p\u003e \u003cp\u003eWhat Is Trust? 5\u003c\/p\u003e \u003cp\u003eWhat Is Agency? 8\u003c\/p\u003e \u003cp\u003eTrust and Security 10\u003c\/p\u003e \u003cp\u003eTrust as a Way for Humans to Manage Risk 13\u003c\/p\u003e \u003cp\u003eRisk, Trust, and Computing 15\u003c\/p\u003e \u003cp\u003eDefining Trust in Systems 15\u003c\/p\u003e \u003cp\u003eDefining Correctness in System Behaviour 17\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Humans and Trust 19\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Role of Monitoring and Reporting in Creating Trust 21\u003c\/p\u003e \u003cp\u003eGame Theory 24\u003c\/p\u003e \u003cp\u003eThe Prisoner’s Dilemma 24\u003c\/p\u003e \u003cp\u003eReputation and Generalised Trust 27\u003c\/p\u003e \u003cp\u003eInstitutional Trust 28\u003c\/p\u003e \u003cp\u003eTheories of Institutional Trust 29\u003c\/p\u003e \u003cp\u003eWho Is Actually Being Trusted? 31\u003c\/p\u003e \u003cp\u003eTrust Based on Authority 33\u003c\/p\u003e \u003cp\u003eTrusting Individuals 37\u003c\/p\u003e \u003cp\u003eTrusting Ourselves 37\u003c\/p\u003e \u003cp\u003eTrusting Others 41\u003c\/p\u003e \u003cp\u003eTrust, But Verify 43\u003c\/p\u003e \u003cp\u003eAttacks from Within 43\u003c\/p\u003e \u003cp\u003eThe Dangers of Anthropomorphism 45\u003c\/p\u003e \u003cp\u003eIdentifying the Real Trustee 47\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Trust Operations and Alternatives 53\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTrust Actors, Operations, and Components 53\u003c\/p\u003e \u003cp\u003eReputation, Transitive Trust, and Distributed Trust 59\u003c\/p\u003e \u003cp\u003eAgency and Intentionality 62\u003c\/p\u003e \u003cp\u003eAlternatives to Trust 65\u003c\/p\u003e \u003cp\u003eLegal Contracts 65\u003c\/p\u003e \u003cp\u003eEnforcement 66\u003c\/p\u003e \u003cp\u003eVerification 67\u003c\/p\u003e \u003cp\u003eAssurance and Accountability 67\u003c\/p\u003e \u003cp\u003eTrust of Non-Human or Non-Adult Actors 68\u003c\/p\u003e \u003cp\u003eExpressions of Trust 69\u003c\/p\u003e \u003cp\u003eRelating Trust and Security 75\u003c\/p\u003e \u003cp\u003eMisplaced Trust 75\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Defining Trust in Computing 79\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eA Survey of Trust Definitions in Computer Systems 79\u003c\/p\u003e \u003cp\u003eOther Definitions of Trust within Computing 84\u003c\/p\u003e \u003cp\u003eApplying Socio-Philosophical Definitions of Trust to Systems 86\u003c\/p\u003e \u003cp\u003eMathematics and Trust 87\u003c\/p\u003e \u003cp\u003eMathematics and Cryptography 87\u003c\/p\u003e \u003cp\u003eMathematics and Formal Verification 89\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 The Importance of Systems 93\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSystem Design 93\u003c\/p\u003e \u003cp\u003eThe Network Stack 94\u003c\/p\u003e \u003cp\u003eLinux Layers 96\u003c\/p\u003e \u003cp\u003eVirtualisation and Containers: Cloud Stacks 97\u003c\/p\u003e \u003cp\u003eOther Axes of System Design 99\u003c\/p\u003e \u003cp\u003e“Trusted” Systems 99\u003c\/p\u003e \u003cp\u003eTrust Within the Network Stack 101\u003c\/p\u003e \u003cp\u003eTrust in Linux Layers 102\u003c\/p\u003e \u003cp\u003eTrust in Cloud Stacks 103\u003c\/p\u003e \u003cp\u003eHardware Root of Trust 106\u003c\/p\u003e \u003cp\u003eCryptographic Hash Functions 110\u003c\/p\u003e \u003cp\u003eMeasured Boot and Trusted Boot 112\u003c\/p\u003e \u003cp\u003eCertificate Authorities 114\u003c\/p\u003e \u003cp\u003eInternet Certificate Authorities 115\u003c\/p\u003e \u003cp\u003eLocal Certificate Authorities 116\u003c\/p\u003e \u003cp\u003eRoot Certificates as Trust Pivots 119\u003c\/p\u003e \u003cp\u003eThe Temptations of “Zero Trust” 122\u003c\/p\u003e \u003cp\u003eThe Importance of Systems 125\u003c\/p\u003e \u003cp\u003eIsolation 125\u003c\/p\u003e \u003cp\u003eContexts 127\u003c\/p\u003e \u003cp\u003eWorked Example: Purchasing Whisky 128\u003c\/p\u003e \u003cp\u003eActors, Organisations, and Systems 129\u003c\/p\u003e \u003cp\u003eStepping Through the Transaction 130\u003c\/p\u003e \u003cp\u003eAttacks and Vulnerabilities 134\u003c\/p\u003e \u003cp\u003eTrust Relationships and Agency 136\u003c\/p\u003e \u003cp\u003eAgency 136\u003c\/p\u003e \u003cp\u003eTrust Relationships 137\u003c\/p\u003e \u003cp\u003eThe Importance of Being Explicit 145\u003c\/p\u003e \u003cp\u003eExplicit Actions 145\u003c\/p\u003e \u003cp\u003eExplicit Actors 149\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Blockchain and Trust 151\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBitcoin and Other Blockchains 151\u003c\/p\u003e \u003cp\u003ePermissioned Blockchains 152\u003c\/p\u003e \u003cp\u003eTrust without Blockchains 153\u003c\/p\u003e \u003cp\u003eBlockchain Promoting Trust 154\u003c\/p\u003e \u003cp\u003ePermissionless Blockchains and Cryptocurrencies 156\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 The Importance of Time 161\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDecay of Trust 161\u003c\/p\u003e \u003cp\u003eDecay of Trust and Lifecycle 163\u003c\/p\u003e \u003cp\u003eSoftware Lifecycle 168\u003c\/p\u003e \u003cp\u003eTrust Anchors, Trust Pivots, and the Supply Chain 169\u003c\/p\u003e \u003cp\u003eTypes of Trust Anchors 170\u003c\/p\u003e \u003cp\u003eMonitoring and Time 171\u003c\/p\u003e \u003cp\u003eAttestation 173\u003c\/p\u003e \u003cp\u003eThe Problem of Measurement 174\u003c\/p\u003e \u003cp\u003eThe Problem of Run Time 176\u003c\/p\u003e \u003cp\u003eTrusted Computing Base 177\u003c\/p\u003e \u003cp\u003eComponent Choice and Trust 178\u003c\/p\u003e \u003cp\u003eReputation Systems and Trust 181\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Systems and Trust 185\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSystem Components 185\u003c\/p\u003e \u003cp\u003eExplicit Behaviour 188\u003c\/p\u003e \u003cp\u003eDefining Explicit Trust 189\u003c\/p\u003e \u003cp\u003eDangers of Automated Trust Relationships 192\u003c\/p\u003e \u003cp\u003eTime and Systems 194\u003c\/p\u003e \u003cp\u003eDefining System Boundaries 198\u003c\/p\u003e \u003cp\u003eTrust and a Complex System 199\u003c\/p\u003e \u003cp\u003eIsolation and Virtualisation 202\u003c\/p\u003e \u003cp\u003eThe Stack and Time 205\u003c\/p\u003e \u003cp\u003eBeyond Virtual Machines 205\u003c\/p\u003e \u003cp\u003eHardware-Based\u003c\/p\u003e \u003cp\u003eType 3 Isolation 207\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Open Source and Trust 211\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDistributed Trust 211\u003c\/p\u003e \u003cp\u003eHow Open Source Relates to Trust 214\u003c\/p\u003e \u003cp\u003eCommunity and Projects 215\u003c\/p\u003e \u003cp\u003eProjects and the Personal 217\u003c\/p\u003e \u003cp\u003eOpen Source Process 219\u003c\/p\u003e \u003cp\u003eTrusting the Project 220\u003c\/p\u003e \u003cp\u003eTrusting the Software 222\u003c\/p\u003e \u003cp\u003e\u003cb\u003eContents xiii\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003exiv Contents\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSupply Chain and Products 226\u003c\/p\u003e \u003cp\u003eOpen Source and Security 229\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Trust, the Cloud, and the Edge 233\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDeployment Model Differences 235\u003c\/p\u003e \u003cp\u003eWhat Host Systems Offer 237\u003c\/p\u003e \u003cp\u003eWhat Tenants Need 237\u003c\/p\u003e \u003cp\u003eMutually Adversarial Computing 240\u003c\/p\u003e \u003cp\u003eMitigations and Their Efficacy 243\u003c\/p\u003e \u003cp\u003eCommercial Mitigations 243\u003c\/p\u003e \u003cp\u003eArchitectural Mitigations 244\u003c\/p\u003e \u003cp\u003eTechnical Mitigations 246\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11 Hardware, Trust, and Confidential Computing 247\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eProperties of Hardware and Trust 248\u003c\/p\u003e \u003cp\u003eIsolation 248\u003c\/p\u003e \u003cp\u003eRoots of Trust 249\u003c\/p\u003e \u003cp\u003ePhysical Compromise 253\u003c\/p\u003e \u003cp\u003eConfidential Computing 256\u003c\/p\u003e \u003cp\u003eTEE TCBs in detail 261\u003c\/p\u003e \u003cp\u003eTrust Relationships and TEEs 266\u003c\/p\u003e \u003cp\u003eHow Execution Can Go Wrong—and Mitigations 269\u003c\/p\u003e \u003cp\u003eMinimum Numbers of Trustees 276\u003c\/p\u003e \u003cp\u003eExplicit Trust Models for TEE Deployments 278\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12 Trust Domains 281\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Composition of Trust Domains 284\u003c\/p\u003e \u003cp\u003eTrust Domains in a Bank 284\u003c\/p\u003e \u003cp\u003eTrust Domains in a Distributed Architecture 288\u003c\/p\u003e \u003cp\u003eTrust Domain Primitives and Boundaries 292\u003c\/p\u003e \u003cp\u003eTrust Domain Primitives 292\u003c\/p\u003e \u003cp\u003eTrust Domains and Policy 293\u003c\/p\u003e \u003cp\u003eOther Trust Domain Primitives 296\u003c\/p\u003e \u003cp\u003eBoundaries 297\u003c\/p\u003e \u003cp\u003eCentralisation of Control and Policies 298\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13 A World of Explicit Trust 301\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTools for Trust 301\u003c\/p\u003e \u003cp\u003eThe Role of the Architect 303\u003c\/p\u003e \u003cp\u003eArchitecting the System 304\u003c\/p\u003e \u003cp\u003eThe Architect and the Trustee 305\u003c\/p\u003e \u003cp\u003eCoda 307\u003c\/p\u003e \u003cp\u003eReferences 309\u003c\/p\u003e \u003cp\u003eIndex 321\u003c\/p\u003e \u003cp\u003e\u003cb\u003eMIKE BURSELL\u003c\/b\u003e is CEO and co-founder of Profian, a Confidential Computing company.  He holds multiple security patents, is a sought-after speaker at global technology conferences, and has contributed to major reports and security specifications for the European Telecommunications Standards Institute.\u003c\/p\u003e  \u003cp\u003e“A must-read book to understand how one of the bases of human civilization can and must be applied in the digital world.”\u003c\/p\u003e \u003cp\u003e\u003cb\u003e— Dr. Diego R. Lopez, Head of Technology Exploration, Telefonica and Chair of ETSI blockchain initiative\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003e“As we have moved to the digital society, appreciating what and what not to trust is paramount if you use computer systems and\/or the Cloud. You will be well prepared when you have read this book.” \u003c\/p\u003e\u003cp\u003e\u003cb\u003e— Professor Peter Landrock, D.Sc. (hon), Founder of Cryptomathic\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003e\u003cb\u003eA groundbreaking exploration of trust, risk, and security\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eTrust is a central concept in computer software and hardware, but it remains poorly defined and even less understood. Many information technology professionals operate without an overarching, theory-based understanding of what trust is, how it is built, or how it is shared between computer systems and users. \u003c\/p\u003e\u003cp\u003eIn \u003ci\u003eTrust in Computer Systems and the Cloud, \u003c\/i\u003erenowned security expert Mike Bursell delivers an insightful and compelling treatment of how trust can be discussed, defined, and managed in many areas of computing. By anchoring his sophisticated, but approachable, exploration of the topic in the concept of understanding and quantifying risk, the author walks readers through the basic ideas of trust and the applications of trust to complex systems, open-source communities, and trust domains. \u003c\/p\u003e\u003cp\u003eThe book draws on recent scholarship in the social and computer sciences to explain contemporary trends in hardware and software security while maintaining a tight focus on pragmatic applications in computing. It serves as a practical starting point for decisions and discussions about trust, security, and risk. This approach establishes the core trust principles underlying Confidential Computing and  introduces cross-disciplinary frameworks on which readers can build powerful new computing and cloud applications.   \u003c\/p\u003e\u003cp\u003e\u003ci\u003e\"The problem is that when you use the word trust, people think they know what you mean. It turns out that they almost never do. \u003c\/i\u003eWith this singular statement, Bursell has defined both the premise and the value he expounds in this insightful treatise spanning the fundamentals and complexities of digital trust. Operationalizing trust is foundational to effective human and machine digital relationships, with Bursell leading the reader on a purposeful journey expressing and consuming elements of digital trust across current and future-relevant data lifecycles.\"\u003cbr\u003e\u003cb\u003e\u003cb\u003e—\u003c\/b\u003eKurt Roemer, Chief Security Strategist and Office of the CTO, Citrix\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\"Trust is a matter of context. Specifically, \"context\" is one of the words most repeated in this book, and I must say that its use is justified in all cases. Not only is the meaning of trust is analysed in all possible contexts, including some essential philosophical and psychological foundations, but the concept is also applied to all possible ICT contexts, from basic processor instructions to cloud and edge infrastructures, and different trust frameworks are explored, from hierarchical (CAs) to distributed (DLTs) approaches. A must-read book to understand how one of the bases of human civilization can and must be applied in the digital world.\"\u003cbr\u003e\u003cb\u003e\u003cb\u003e—\u003c\/b\u003eDr. Diego R. Lopez, Head of Technology Exploration, Telefonica and Chair of ETSI blockchain initiative\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e“Trust is a complex and important concept in network security. Bursell neatly unpacks it in this detailed and readable book.”\u003cbr\u003e\u003cb\u003e\u003cb\u003e—\u003c\/b\u003eBruce Schneier, author of \u003ci\u003eLiars and Outliers: Enabling the Trust Society Needs to Thrive\u003c\/i\u003e\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\"As we have moved to the digital society, appreciating what and what not to trust is paramount if you use computer systems and\/or the Cloud. You will be well prepared when you have read this book.\"\u003cbr\u003e\u003cb\u003e\u003cb\u003e—\u003c\/b\u003eProfessor Peter Landrock, D.Sc. (hon), Founder of Cryptomathic\u003cbr\u003e\u003cbr\u003e\u003c\/b\u003e\"This book needs to be on every technologist's and engineer's bookshelf. Combining storytelling and technology, Bursell has shared with all of us the knowledge we need to build trust and security in a cloud computing environment.\"\u003cbr\u003e\u003cb\u003e\u003cb\u003e—\u003c\/b\u003eSteve Kolombaris, CISO \u0026amp; Cyber Security Leader with 20+ years' experience, formerly Apple, JPMorgan Chase, Bank of America\u003c\/b\u003e\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47990416834789,"sku":"NP9781119692324","price":50.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781119692324.jpg?v=1761787741","url":"https:\/\/k12savings.com\/es\/products\/trust-in-computer-systems-and-the-cloud-isbn-9781119692324","provider":"K12savings","version":"1.0","type":"link"}