Andrew S. Patrick, Pamela Briggs, and Stephen MarshTRUST IS A FUNDAMENTAL BUILDING BLOCK OF SOCIETY,[1] a means of making decisions about conferring authority or responsibility in unfamiliar or uncertain situations,[2] a method of understanding how decisions are made in context,[3] and one of the most important concepts in the security arena. Unfortunately, it also remains one of the most poorly understood concepts. A lack of trust will result in systems being ill-used at best, and not used at all at worst. A lack of understanding of trust, in both user and system, will result in the wrong decisionor no decision at allbeing made in security contexts. Too much trust can be at least as dangerous as not enough, and not enough trust can be dangerous enough.
This chapter examines the issue of trust in security and privacy systems. These systems purportedly help users make decisions about whom to trust with access, information, or data. For example, how much, when, and for what purposes can specific information be used? They can also help make decisions for the user when the user is not available. These decisions are based on a foundation of trust. |