Towards Zero Trust: An Experience Report

Abstract

Risk from supply chain attacks have gained prominence. In response to these attacks, regulators have suggested building systems on the principles of “zero-trust”, an aspirational motto that urges system designers to take measures to minimize trust. But, to what degree can one minimize trust in realistic systems? The answer to this question, of course, depends on the context. In this paper, we explore this question in the context of a satellite ground station front end processor – a critical component in satellite ground stations, in both standalone and cloud settings. Based on our design and implementation experience that spanned 18 months, we observe that it is possible to achieve a significant reduction in trust as measured by the lines of code. We also find that minimizing the lines of code improves productivity and the performance of our design. Finally, we find trust can be minimized to a greater extent for standalone systems than cloud systems.