Towards Architectural Trust Properties: Establishing Architectural Elements and Dependencies

Abstract

Trusted computing enables the secure reporting of a platform’s integrity through a process called attestation, in which one entity (human, machine or process) can determine whether a given platform is in an acceptable configuration. Suppose an entity was presented with two trustable platforms with identical configurations, how would they choose one that will provide a greater guarantee of confidentiality and integrity? This question becomes even more challenging when you start considering complex systems such as grid or cloud computing that may use a collection of cooperating platforms for a single task, e.g. executing a job. To answer this question, we need to identify the attributes that can differentiate two systems, we call these trust properties and define them as structural, environmental or operational attributes of a system that enhance the degree to which the system can behave consistent to its specifications and further allows other entities to reason about the overall security state of a system. We identify the source of the attributes to be a system’s architecture combined with attributes of its runtime environment. We are therefore interested in understanding the trust properties of an architecture and how these properties influence trustworthiness of systems based on that architecture.