Department of Computer Science and Technology

Technical reports

Trusting in computer systems

William S. Harbison

December 1997, 95 pages

This technical report is based on a dissertation submitted May 1997 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Wolfson College.

DOI: 10.48456/tr-437


We need to be able to reason about large systems, and not just about their components. For this we need new conceptual tools, and this dissertation therefore indicates the need for a new methodology which will allow us to better identify areas of possible conflict or lack of knowledge in a system.

In particular, it examines at the concept of trust, and how this can help us to understand the basic security aspects of a system. The main proposal of this present work is that systems are viewed in a manner which analyses the conditions under which they have been designed to perform, and the circumstances under which they have been implemented, and then compares the two. This problem is then examined from the point of what is being trusted in a system, or what it is being trusted for.

Starting from an approach developed in a military context, we demonstrate how this can lead to unanticipated risks when applied inappropriately. We further suggest that ‘trust’ be considered a relative concept, in contast to the more usual usage, and that it is not the result of knowledge but a substitute for it. The utility of these concepts is in their ability to quantify the risks associated with a specific participant, whether these are explicitly accepted by them, or not.

We finally propose a distinction between ‘trust’ and ‘trustworthy’ and demonstrate that most current uses of the term ‘trust’ are more appropriately viewed as statements of ‘trustworthiness’. Ultimately, therefore, we suggest that the traditional “Orange Book” concept of trust resulting from knowledge can violate the security policy of a system.

Full text

PDF (1.6 MB)

BibTeX record

  author =	 {Harbison, William S.},
  title = 	 {{Trusting in computer systems}},
  year = 	 1997,
  month = 	 dec,
  url = 	 {},
  institution =  {University of Cambridge, Computer Laboratory},
  doi = 	 {10.48456/tr-437},
  number = 	 {UCAM-CL-TR-437}