In the US
Department of Defense, a 'trusted system or component' is defined as
'one which can break the security policy'. ...
You don't trust me to keep your medical records, because I don't
have them; regardless of whether I like you or hate you, I can't do
anything to affect your policy that your medical records should be
confidential. Your doctor can, though; and the fact that he is in a
position to harm you is really what is meant (at a system level) when
you say that you trust him.
Howard Chivers, John A. Clark, Susan Stepney.
Smart Devices and Software Agents
.
In
Security of Pervasive Computing, SPC'03, Boppard, Germany
.
LNCS 2804. Springer, 2003
Susan Stepney.
Critical Critical Systems
.
In
Formal Aspects of Security, FASeC'02, London, December 2002
.
LNCS 2629. Springer, 2003