Beyond “Zero Trust” in Commodity Software Systems

DISI Seminar 2024
7 giugno 2024
Orario di inizio 
Polo Ferrari 1 - Via Sommarive 5, Povo (Trento)
Aula A224
Organizzato da: 
Dipartimento di Ingegneria e Scienza dell'Informazione
Comunità universitaria
Comunità studentesca UniTrento
Ingresso libero
prof. Bruno Crispo
Virgil D. Gligor, Carnegie Mellon University (USA)


We review the basic notions of trust, trust minimization, zero trust, and trust establishment. We show that zero trust impossible in any enterprise network and has meaning only as an unreachable limit of trust establishment. Then what is a zero-trust architecture (ZTA)? We present the key characteristics ZTAs and show that they have low breach-prevention value and that their goal of limiting the effects of security breaches (i.e., “lateral” adversary movement) is often unachieved. 
In view of these observations, we are asking how to increase breach-prevention value and further decrease breach-recovery costs for rational defenders (e.g., enterprises) that have already employed ZTAs and advanced AI/ML tools. We introduce the notion of selective high assurance for commodity software and show that it is economically justified for producers and necessary for rational defenders. We address the challenge of finding an economic value of selective high assurance and illustrate an example of how to do it in practice. 

About the speaker

Virgil D. Gligor is a Professor at Carnegie Mellon University. His research interests have ranged from access control mechanisms, penetration analysis, and denial-of-service protection to cryptographic protocols and applied cryptography. He was an associate editor of several ACM and IEEE journals and the editor in chief of the IEEE Transactions on Dependable and Secure Computing. He received the 2006 National Information Systems Security Award jointly given by NIST and NSA, the 2011 Outstanding Innovation Award of ACM SIGSAC, and the 2013 Technical Achievement Award of IEEE Computer Society. He was inducted into the National Cyber Security Hall of Fame in 2019.