Chair: Daniel Faigin, The Aerospace Corp., USA

Michael Clifford, The Aerospace Corp, USA

Matt Bishop, Univ. of Cal Davis, USA

Marshall Abrams, The MITRE Corp., USA

Very little agreement exists in the security community (or even outside of it) as to what trust actually means, and how to go about computing it. Various trust models use transitive, multilevel, hierarchical or relativistic methods of handling trust. The problem can be broken into three parts: how trust is defined, how an assertion of trust should be interpreted, and how trust relationships, or assertions of trust can be efficiently and correctly modeled and computed. For example, should trust be defined in terms of a mechanistic process, such as an evaluation against baseline criteria, as a deductive process based upon axioms, or as a subjective and interpretive process in which the meaning of trust is in constant flux? Or should some other method of determining trust be used? Once a trust relationship is asserted, should you accept or ignore the assertion, or use it to modify your own beliefs? Do you trust another entity to make such an assertion at all? If trust is defined and interpreted non-uniformly, can it be computed at all? The panelists will offer three different perspectives on how trust should be defined, computed and interpreted.