Have trust

By Nancy Salem

digitalized handshake illustration

To establish the safety and security of a given technology — as well as its ability to achieve new mission capabilities — the U.S. government calls for repeated demonstration of the technology’s effectiveness. 

However, increasing dependence on commercial technologies may expose critical government systems to potential malicious alterations during their life cycle. Can these systems be trusted to perform their intended function when called upon?  

When the complexities of the development environment elude conventional analysis, a new approach is needed to ensure highly reliable, critical systems.

At the forefront of creating such an approach, Sandia has initiated cross-discipline research and development that addresses the complete spectrum of life cycle threats — including insider and supply chain threats — to the integrity and performance of critical systems.

In this quest, Sandia is partnering with federal agencies, other Department of Energy laboratories and plants, and universities to bring strength and focus to the challenge. Also key is engaging with researchers who reflect the breadth, depth and cross-cutting emphasis of Sandia’s many different science and engineering disciplines to advance understanding of, and mitigations for, the risks critical systems might encounter in the development environment. These researchers are exploring a range of questions:

  • Designing for trustworthy/self-auditable systems: What technologies in the design can increase the resiliency of critical systems to compromise and also monitor the health of the system throughout its lifecycle? Can we design for simplicity to reduce the risk space?
  • Threat discovery/analysis technologies: Can we apply what we learn about threats to critical systems to recognize and understand previously unknown threats?
  • Managing risk: How can technology help decision makers manage the risks associated with untrustworthy content? Is it possible to quantify trustworthiness?

The Trusted Systems and Communications Research Challenge is using quantifiable engineering-based approaches to evaluate and improve trustworthiness. As part of this project, Sandia is launching two efforts focused on:  

  • Foundational techniques to support analysis of trustworthiness: Sandia is leveraging existing research in areas such as game theory, supply chain analytics and risk assessment to develop approaches for analyzing trust.
  • Use of diversification to improve trust: Sandia is developing verification-based analysis techniques to identify ways to create diversification within systems to increase the difficulty the attacker faces and minimize the impacts of successful attacks.
This research, if successful, will advance the ability to conduct quantitative analysis of trust and lay the groundwork for future development of completely objective techniques for the analysis and synthesis of trust — and also promises to help address challenges in similar problem areas.