IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [trust]

A description of a state of benevolence that exists between two or more parties. A measurement of the confidence in a benign outcome of a transaction involving two or more parties.

A principal in a security system trusts another principal if it allows its security to depend on assertions made by that other principal. For example, when a web browser assumes that a web site is legitimate because the site shows a certificate signed by a certificate authority, the browser trusts the CA. Trust is often established and propagated through cryptography. The concept is derived from the plain English meaning of the word, which is studied by social sciences.

Related concepts

  • : public key infrastructure, a class of systems for establishing trust between a priori unrelated parties, based on central authorities.
  • Web of trust: a class of systems for establishing trust between a priori unrelated parties, based on assertions between peers.
  • : a series of protocols and designs related to the security of PC-style computers, promoted by the Trusted Computing Group, including the TPM.
228 questions
11
votes
8 answers

How do I choose whether to trust a particular website?

From @GrahamLee's comment over on this question, this is a very good point: How do I choose whether to trust a particular website when the only information I have relevant to my trust decision is the web? Do I trust it because of history? It has…
Rory Alsop
  • 61,507
  • 12
  • 118
  • 322
4
votes
1 answer

What is the current status of trust management?

It is almost 30 years now since Ken Thompson presented his widely known ACM Turing Award Lecture "Reflections on Trusting Trust". What is the current status of practice and research on trust management?
Mok-Kong Shen
  • 1,199
  • 1
  • 11
  • 14
3
votes
1 answer

How to bootstrap trust in an on-premise environment?

As part of moving from few on-premise monoliths to multiple on-premise microservices, I'm trying to improve the situation where database passwords and other credentials are stored in configuration files in /etc. Regardless of the the technology…
Peter V. Mørch
  • 133
  • 5
2
votes
1 answer

In the context of security engineering, is trust an equivalence relation?

This is the definition of an equivalence relation according to Wikipedia: In mathematics, an equivalence relation is the relation that holds between two elements if and only if they are members of the same cell within a set that has been partitioned…
anonymousMan
  • 21
  • 2
2
votes
0 answers

How can car-to-car communication be trusted?

Giving autonomous vehicles the ability to communicate has a lot of potential benefits: the entire network of cars will be able to operate with more information, making everything more efficient. That said, I'm struggling to see any form of (useful)…
Nathan Merrill
  • 332
  • 2
  • 12
1
vote
0 answers

Is there a theorem that states "whatever can be done with trust can be done without"?

I remember hearing something like this when I first learned the protocols that removed the need of a trusted third party, but I can't find this theorem or "law" anywhere. Any pointers?
Riff Schelder
  • 11
  • 1
1
vote
2 answers

Trust Boundary Definition and Example

I am very confused with Trust Boundary. How does this work? Do I draw a trust boundary in between the application tier and the web tier because my servers in the web tier has a higher chances of getting hacked? Or should I draw it in between my end…
Shawn Sim
  • 141
  • 1
  • 3
1
vote
2 answers

Trust companies for information storage?

Most people have personal information on many sites such as Amazon or smaller sites. When we type create an account and add details like our address and the place where we work, it is never said how well this information will be stored and secured.…
Shashimee
  • 405
  • 1
  • 3
  • 10