Trust Relationships

Presented as part of the 2007 HCSS conference.

Abstract

Among the important tasks for a successful high-assurance security-engineering project is for all of the stakeholders to achieve an understanding of the interactions between the security policy and the proposed system architecture. In particular, it is critical to both identify the security obligations levied against the system components, as well as to make clear the assurance implications of the architecture.

In this talk, we'll discuss a technique for accomplishing these tasks, called a "trust relationship" analysis, which is a diagrammatic method for making clear the security-related relationships of a system. We'll describe how it works, how it helps us prepare for certification/evaluation, and then present some speculations on future directions for this technique.