System security, platform security and usability

Abstract

Scalable trusted computing seeks to apply and extend the fundamental technologies of trusted computing to large-scale systems. To provide the functionality demanded by users, bootstrapping a trusted platform is but the first of many steps in a complex, evolving mesh of components. The bigger picture involves building up many additional layers to allow computing and communication across large-scale systems, while delivering a system retaining some hint of the original trust goal. Not to be lost in the shuffle is the most important element: the system's human users. Unlike 40 years ago, they cannot all be assumed to be computer experts, under the employ of government agencies which provide rigorous and regular training, always on tightly controlled hardware and software platforms. It seems obvious that the design of scalable trusted computing systems necessarily must involve, as an immutable design constraint, realistic expectations of the actions and capabilities of normal human users. Experience shows otherwise. The security community does not have a strong track record of learning from user studies, nor of acknowledging that it is generally impossible to predict the actions of ordinary users other than by observing (e.g., through user experience studies) the actions such users actually take in the precise target conditions. We assert that because the design of scalable trusted computing systems spans the full spectrum from hardware to software to human users, experts in all these areas are essential to the end-goal of scalable trusted computing.