Modelling Trust and Trusted Systems: A Category Theoretic Approach

TL;DR

This paper introduces a category-theoretic framework for modeling trust in systems, formalizing trust elements and processes, and enabling nuanced trust levels and compositional analysis of attestation procedures.

Contribution

It presents a novel category-theoretic approach to model trust, including trust levels with Heyting Algebra and composition of attestation operations, advancing formal understanding of trusted systems.

Findings

Formalized trust as objects and processes as morphisms in a category

Utilized Heyting Algebra for nuanced trust levels beyond binary

Provided examples including system sequences and attack scenarios

Abstract

We introduces a category-theoretic framework for modelling trust as applied to trusted computation systems and remote attestation. By formalizing elements, claims, results, and decisions as objects within a category, and the processes of attestation, verification, and decision-making as morphisms, the framework provides a rigorous approach to understanding trust establishment and provides a well-defined semantics for terms such as `trustworthiness' and 'justification'/forensics. The trust decision space is formalized using a Heyting Algebra, allowing nuanced trust levels that extend beyond binary trusted/untrusted states. We then present additional structures and in particular utilise exponentiation in a category theoretic sense to define compositions of attestation operations and provide the basis of a measurement for the expressibility of an attestation environment. We present a number of worked examples including boot-run-shutdown sequences, Evil Maid attacks and the specification of an attestation environment based upon this model. We then address challenges in modelling dynamic and larger systems made of multiple compositions.