BY EUGENE H. SPAFFORD
INSPIRATION AND TRUST
Not every important problem can be solved through science and technology, but
that doesn’t mean they shouldn’t be addressed.
In August 1984, Communications published one of the most important works in the literature
on information security and assurance—the Turing Award essay “Reflections on Trusting Trust”
by Ken Thompson [ 3]. In a concise and elegant manner, Thompson presented what may be the
fundamental reason why real-world cyber security is so difficult: At some level we must trust that
what we are using is correct because we cannot verify it. Furthermore, the essay embodied other
important points, including the problem of the insider threat, as well as the lesson that technol-
ogy alone cannot address all the problems of security. It is no wonder that it is on every signifi-
cant “required reading” list concerning security, privacy, and assurance and has served to inspire
so many professionals to get as close as they can to solutions to these problems.
Iam one of those people whose career was changed
by the opportune appearance of that particular
essay. In 1984 I was developing the second generation of the CLOUDS distributed kernel for my
Ph.D. thesis at Georgia Tech, where I was also helping administer some of the machines that were part of
the early NSFnet and Usenet. Those experiences
impressed on me the difficulty of configuring systems
correctly to protect against intruders and exploitation.
When queried, my faculty advisors steered me toward
the extant literature in security, which dealt largely
with cryptography, covert channels, and capability
architectures. These topics didn’t give me much
insight into how to protect our current operational
systems, nor did they seem to suggest that such lines
of inquiry might be of longer-term academic interest.
One advisor told me I was wasting my time “
playing” with security. The emergence of computer viruses
and major intrusions, such as the one detailed in the
“Cuckoo’s Egg” incident (my server was among the
victimized and is why I am in the references here [ 2]),
gave me firsthand experience with these emerging
threats. It was clear to me that security issues were
important, even if some of my professors didn’t share
that view.
This was the context in which the August 1984
issue appeared. Not only did Thompson’s essay address
some of the same questions I found interesting and vex-
