A key part of making our society’s information infrastructure work is enabling the parties involved—human users as well as programs—to make effective trust judgments about each other. Should A trust B for action X? If it’s all just wires and bits, how can A know? This problem is made even messier by the emerging multiplicity of users, roles, machines, administrative domains, application contexts, and opinions about what constitutes valid grounds for trust.
Over the past several years, my students and I have been exploring the technological issues underlying effective trust judgments. This talk will discuss some of our research:
-
Why should we trust what’s happening at a remote server? (I’ll discuss our experimental work in building private information servers.)
-
Why should we trust what’s happening at a local client? (I’ll discuss some of our experiences regarding the surprising insecurity of browsers and SSL.)
This talk will also briefly survey some of our other research in trusted computing platforms and applications, and in using PKI in wireless networking and Internet routing.
Speaker Biography
Sean Smith has been a scientist at Los Alamos National Laboratory and at IBM T.J.Watson Research Center, where he designed the security architecture for (and helped code and test) the IBM 4758 secure coprocessor, and then led the formal modeling and verification work that earned it the world’s first FIPS 140-1 Level 4 security validation. In July 2000, Sean left IBM for Dartmouth College. Sean was educated at Princeton (B.A., Math) and CMU (M.S., Ph.D., Computer Science).