if in our neighborhood, thieves come and just break the windows? Obviously, the security measures we have in place are not sufficient to prevent that. Just as obviously, this problem still exists because we did no evaluate the threats properly before we put our securities procedures in place. So even if quality and security standards are followed making sure that our processes are set and followed, it doesn’t help if those processes are based on the wrong appreciation of threats and capabilities to answer them. For computers as for houses, we need to understand the content we are trying to protect, the potential threats to that content and the measures that are available to alleviate the threats. Then we must define the quality and security processes accordingly. So, let us consider a bit how we accomplish that. Particularly as this all pertains to the establishment of trust through causality in computers or personal electronic devices.

As an anecdotal introduction, we call your attention to the construction of the new United States Embassy in Moscow. A highly sanitized version of this rather intriguing story is found on the United States Department of State Web site. A few additional wrinkles in our recounting of the story derived from various news accounts. The overture for this interaction between the United States and the Soviet Union began back in 1934. The United States sought an accommodation with the Stalin Government to build a new embassy complex in Moscow. The initial overture was rebuffed and the American Embassy occupied essentially temporary facilities for several decades thereafter. In the 1960’s, a reciprocal request for new facilities from the Soviet Government finally allowed an arrangement to be consummated. Unfortunately, at least for the security concerns of the United States, the arrangement entailed the acquisition of construction materials and support from Soviet sources. This is the interesting point from the perspective of trust through causality. As it became apparent, it was difficult to certify the sanctity of wet concrete and preformed building materials. In particular, it was possible for the Soviets to secret a huge number of clandestine listening devices into such materials. Thus, once completed, the embassy building was essentially a large microphone connected directly into the Soviet intelligence agencies. Some decades later, an arrangement was finally reached to demolish the upper levels of the building and rebuild those using American companies with appropriate security clearance. In general, boundaries between security components can be the most vulnerable aspects of such systems. The boundary between successive floors of a building is a surprising point of consideration.

As we’ve seen previously, personal electronic devices are typically composed of two parts: a general facility and a secure core. Sometimes, a personal electronic device can be reduced to a secure core. Since trust is our subject of inquiry here, we will consider in some detail secure cores. Our consideration will look in turn at their anatomy, their physiology, their embryology and then their sociology. As we do so, we will highlight the threats to be considered as well as possible responses. Once this is done, we will be able to set the proper processes, which in turn will be candidate for evaluation following the quality and security standards we discussed previously, and their corresponding certifications. In the following, our point of view will be that of developing trust in networks. We will provide a panorama of security threats and counter measures, and their associated trust level. This will not be a detailed technical discussion, for two reasons. The first one is that we would probably bore our reader. For the interested, more specialized literature is available, a sample of which is listed in the bibliography. The second reason is that, as insiders of the security industry we choose to limit our disclosure of security since it is typically true that insiders know more than is ever presented in public at any point in time. After all, the insiders build the products. This is, of course a bit of hyperbole and is actually illustrative of perhaps the current dominant form of security within the corporate world; that is, security through obscurity. However, it is true that within the computer world, just as within the secular and religious worlds, neither wizard nor witch (nor, apparently, public servants) ever divulge all of their secrets! That notwithstanding, let us resume the consideration of the secure cores of personal electronic devices.

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)