EvoSec 2025W Lecture 3: Difference between revisions

Lecture 3
---------

Perspectives on Trust

G1
 - waking up - do you trust that nothing bad will happen, or you just get up because you have to?
   - we can decouple, but can machines decouple trust from action?
 - continuous vs discrete trust
   - "levels of trust" - how does that affect actions

G2
 - game theory
   - prisoner's dilemma, agents are adversaries? where is the sociality of trust
   - not a full view
 - trust as black and white vs probability

G3
 - trust from creators to machines we create
 - humans have a sense of self preservation, that's where trust comes from
   - computers don't have that do they?

G4
 - humans develop trust over time
 - computers make trust decisions instantly
 - humans & computers value different things for trust
   - IP address vs image/voice in video call


Why did I assign these readings?
 - see the variety
 - note the lack of coherent purpose

game theory, prisoner's dilemma
 - cooperation is a bad idea
   - unless it is an iterated game
     - classic strategy, tit-for-tat
     - best strategy is tit-for-tat with revenge (for preserving cooperation)

 - but what if you already trust each other, why would you defect?

Analysis vs synthesis
 - computer security is on the synthesis side

Why do computer systems make trust decisions
 - so fast
 - without reference to past experience

 - too much work/effort/computation/storage?
 - user makes the trust decision?

Traditionally, computers haven't been empowered to make trust decisions
 - instead, they enforce trust relationships decided by people
 - i.e. people create policy, computers enforce policy
   - in those policies, the trust associated to entities is NOT determined by
     the computer

Why?
 - computers aren't autonomous

Only autonomous systems can really be trusted
 - because they are empowered to say no

What secrets will a computer never reveal?
 - secret keys is TPMs and similar devices