Chapter 26. Who Do You Trust?
Trust is the most important quality in computer security. If you
build a bridge, you can look at the bridge every morning and make
sure it's still standing. If you paint a house, you
can sample the soil and analyze it at a laboratory to ensure that the
paint isn't causing toxic runoff. But in the field
of computer security, most of the tools that you have for determining
the strength of your defenses and for detecting break-ins reside on
your computer itself. Those tools are as mutable as the rest of your
computer system. And unlike physical sciences and engineering, in
which we have centuries of experience developing good measurements,
the field of information assurance has few reliable metrics to apply
to your computers and networks.
When your computer tells you that nobody has broken through your
defenses, how do you know that you can trust what it is saying?