John Viega
Supplemental Material
Available for Download
Requires Asian Language Support in Adobe Reader And Japanese Language Support in your Browser
- 1 Adams C. and Zuccherato, R. A global PMI for electronic content distribution. In Seventh Annual Workshop on Selected Areas in Cryptography. Workshop Record, Aug. 2000. Springer-Verlag, to appear.]] Google Scholar
Digital Library
- 2 Collberg, C., Thomborson, C. and Low, D. A taxonomy of obfuscating transformations. Technical Report 148, Department of Computer Science, University of Auckland, New Zealand, Jul. 1997; ftp.cs.auckland. ac.nz/out/techreports/.]]Google Scholar
- 3 Internet Security Systems. Form tampering vulnerabilities in several Web-based shopping cart applications; xforce.iss.net/alerts/ advise42.php, Feb. 2000.]]Google Scholar
- 4 Wagner, D., Foster, J.S., Brewer, E.A. and Aiken, A. A first step towards automated detection of buffer overrun vulnerabilities. In Network and Distributed Systems Security Symposium, Feb. 2000.]]Google Scholar
Index Terms
- Trust (and mistrust) in secure applications
Recommendations
Benevolence trust: a key determinant of user continuance use of online social networks
Online social networking (OSN) has attracted increased attention and growing membership in recent years. In this paper, we propose and test an extended and unified theory of acceptance and use of technology (UTAUT) model, including the additional areas ...
Vertical trust/mistrust during information strategy formation
Based on findings of a longitudinal study this paper deals trust or mistrust between superiors and subordinates during the information strategy formation process. Working from within an interpretive framework, through which organisation 'stories' are ...
Does Technology Trust Substitute Interpersonal Trust?: Examining Technology Trust's Influence on Individual Decision-Making
While an increasing number of trust studies examine technological artifacts as trust recipients, there is still a lack of basic understanding of how technology trust relates to traditional trust and its role within the broader nomological net ...
Reviews
Andrew Robert Huber
Misplaced trust leads to reliability and security problems in software. A trust relationship exists whenever a program expects an entity (such as user input) to have a certain property. The authors illustrate how failing to explicitly define these trust relationships during software development leads to incorrect software. The buffer overflow problem is used as an example of misplaced trust in input values. Another example uses hidden parameters in Web scripts. An application-level example of a Web-based client/server architecture demonstrates problems with trusting client applications and execution environments. Although helpful in making developers aware of trust and related issues, the paper neither fully describes the problem nor provides solutions. The authors neither define nor categorize trust relationships completely, nor do they describe how to determine what trust assumptions a program makes or should make. Only generalities are offered: "As little trust as possible should be placed in the hands of external components." Advice on how much trust this is, or how to determine if more than the minimum trust has been assumed would be helpful. Incomplete requirements and miscommunication between development groups are cited as the two most common causes of dangerous trust assumptions, yet no suggestions are offered for addressing these causes. The authors also fail to differentiate between trust relationships arising during development (e.g., trusting networks over which design documents are sent) and those in the developed software. Developers may find this paper enlightening, but will likely be left wondering what to do next.
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments