This approach to security through causality in mechanisms dates from the earliest records and artifacts of the operation of social orders. Our rather immediate and specific objective is the use of causality as a means to establishing trust within computer systems in general, and in secure core systems specifically. We will begin our discussions by extracting something of the architectural characteristics of this approach. We’ll then consider the methodology through which relevant architectures are applied to actual mechanisms for establishing trust. By first examining in some detail the intricacies of current personal electronic devices, particularly those that encompass secure core elements, we’ll then seek to extract a more abstract understanding for such systems. We’ll then attempt to apply this understanding to real world situations. If we cut to the chase for this discussion, in the end we’ll find that relative to computer systems, trust through causality is a necessary, but not sufficient approach to achieve the desire levels of trust in our systems. This will then provide us the impetus and a bit better footing when we seek to extend the discussion in the next chapter to the concept of establishing trust through process.

Given some seminal point of causality, to convey trust from this point requires a system whose architecture encompasses the tamper-resistant and tamper-evident characteristics that we noted above. We expect this architecture to yield in its implementation the characteristics of security that we previously discussed in Chapter 3. Over the history of social ecosystems, such architectures have been established in a variety of forms. First, and foremost, are architectures that make use of secrets to convey trust from a point of ultimate causality to some other location within the ecosystem. The thing, be it artifact or process, that is kept secret is not trust in and of itself, but rather it typically establishes the identity of some entity and subsequently allows any trust imbued within that entity to be conveyed across time or space, or both. Consider in a bit more detail the bulla that we previously mentioned in earlier chapters.

From exhibits at the Louvre and other museums throughout the world, specific relics show us that as early as five millennia ago, the civilizations of Mesopotamia made use of writing on clay tablets to keep records of quantities of goods exchanged. In order to convey such accounting information in a trusted fashion, small clay tablets were enclosed in a sealed clay pocket, called bulla, about the size of a small fist. The bulla evolved over time until becoming a quite complex object with its very evolution that we see in the Louvre exhibits giving us a good understanding of the significance of its constituent components. We’ll consider here its most elaborate, and final form as far as the archeological record is concerned. On the surface of the clay pocket was a seal indicating the identity of the source of the contained information, together with sacred symbols. The seal was intricate and difficult to construct in the first place, and hence it was difficult to replace when broken. This mechanism provided a means to convey the information found inside the bulla along with some degree of trust imbued in the originator of the information; that is, the person represented by the seal, validated by the protection afforded by the religious symbols. The owner of flocks might send some number of sheep to market to be sold. The sheep were driven to market by shepherds to whom either the temporary custodianship of the sheep, or the money received from their sale returning from market, might constitute an overwhelming temptation to sell a sheep or two on the side and tell the owner the price received for the full complement was less than anticipated. The shepherds in this situation represent a non-secure communication channel. The bulla was introduced as a counter-measure against just this type of threat. A bulla sent by the flock owner could convey to the purchaser just how many sheep were expected. A returned bulla sent by the purchaser could tell the owner what price was paid. The bulla could be conveyed by the shepherd, even though he might be of suspect trustworthiness; an example of secure trusted communication through an unsecured channel.

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)