Need for Trustworthy Systems
Global service provider, enterprise, and government networks rely on the unimpeded operation of complex computing and communications networks. The integrity of the data and IT infrastructure is foundational to maintaining the security of these networks and user trust. With the evolution to anywhere, anytime access to personal data, users expect the same level of access and security on every network. The threat landscape is also changing, with adversaries becoming more aggressive. Protecting networks from attacks by malevolent actors and from counterfeit and tampered products becomes even more crucial.
Routers are a critical component of the network infrastructure and so must have the ability to protect the network and report on system integrity. A “trustworthy solution” is one that does what it is expected to do in a verifiable way. Building trustworthy solutions requires that security is a primary design consideration. Routers that constitute trustworthy systems are a function of security, and trust is about preventing as well as knowing whether systems have been tampered with.
In trustworthy systems, trust starts at the lowest levels of hardware and is carried through the boot process, into the operating system (OS) kernel, and finally into runtime in the OS.
Trustworthy systems form an ecosystem with the following components:
-
Hardware root-of-trust
-
Secure Boot support to protect the OS
-
Extensions of trust into the OS runtime with Secure Install, SE Linux and IMA attestation

Trustworthy systems must have methods to securely measure hardware, firmware, and software components and to securely attest to these secure measurements.
For information on key concepts used in this chapter, see the Understanding Key Concepts in Security.