Governance of Trusted Computing
نویسندگان
چکیده
Trusted computing systems offer great promise in corporate and governmental applications. Their uptake has been very slow outside of the national security agencies for which they were developed, in part because they have been difficult and expensive to configure and use. Recent designs are easier to use, but some compliance and governance issues are unresolved. Our analysis suggests that cryptographic systems, in order to be trustworthy in corporate environments, must support an audit of their most important operations. At minimum the audit record must reveal the number of keys that have been generated, as well as the creation times and authorities of these keys. This record of cryptographic activity must be tamper-evident, and must be open to inspection by the IT staff of the corporate owners as well as by their independent auditors.
منابع مشابه
Persistent Security, Privacy, and Governance for Healthcare Information
A fundamental tension between accessibility and governance exists in the design of healthcare information systems. In order to be useful in practice health information must be distributed, but as the information moves between systems — and different information governance policies — the risk of privacy and security violations increases. The lack of a persistent policy enforcement mechanism thus...
متن کاملPolicy-driven governance in cloud application platforms: an ontology-based approach
The emergence of cloud computing is changing the way in which software services are delivered and consumed. In a complex ecosystem of virtualised, interlinked applications and services, there is a greatly increased need for cloud platform operators to control the quality and standards of software offered on their platforms by enforcing different kinds of policy. Existing tools for policy-driven...
متن کاملThe role of trust in the governance of business process outsourcing relationships: A transaction cost economics approach
Purpose – Business process outsourcing (BPO) has become so prevalent that a new term, the extended enterprise, has arisen to describe this approach to structuring an organization. The purpose of this article is to integrate the information systems and the interfirm governance literatures to develop a framework for the role of trust in the governance of extended enterprises. Design/methodology/a...
متن کاملIntegrating the Trusted Computing Platform into the Security of Cloud Computing System
Cloud computing has become one of the fastest growing fields in computer science. As the new computing service pattern of cloud computing develops rapidly, the security problem of cloud computing has become a hot research topic. Before the user passes important data or computing task to the cloud, the user of the cloud may want to verify the trusted status of the platform which actually carries...
متن کاملTrusted Computing, Trusted Third Parties, and Verified Communications
Trusted Computing gives rise to a new supply of trusted third parties on which distributed systems can potentially rely. They are the secure system components (hardware and software) built into nodes with Trusted Computing capabilities. These trusted third parties may be used for supporting communications in distributed systems. In particular, a trusted third party can check and certify the dat...
متن کامل