Date post: | 31-May-2018 |
Category: |
Documents |
Upload: | anon-886736 |
View: | 222 times |
Download: | 0 times |
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 1/30
Trust Management
SurveySini Ruohomaa , Lea Kutvonen
University of Helsinki, Finland
iTrust 2005Presented by Wen-Yuan Zhu
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 2/30
Outline
• Introduction
• On the Nature of Trust
•
The Tasks of a Trust ManagementSystem
• Conclusions
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 3/30
Introduction
• to provide an overview of trustmanagement research
•
without going too deeply into anyimplementation specifics
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 4/30
On the Nature of Trust
• Concepts for Trust Management
• The Trust Management Model
•
The Trust Information Model
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 5/30
Concepts for TrustManagement
• Trust is quite a complicatedphenomenon
• Humans do not seem to always makefully rational trust decisions
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 6/30
Concepts for TrustManagement(2)
• Trustor
- service provider
•
Trustee- an identifiable agent in the network
- cannot directly be controlled by
outsiders
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 7/30
Concepts for TrustManagement(3)
• Trust
“the extent to which one party iswilling to participate in a given actionwith a given partner, considering therisks and incentives involved ”
- a means for people to deal withuncertainty about the future andtheir interaction partners
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 8/30
Concepts for TrustManagement(4)
• A trust decision
- binary
- based on the balance between trustand risk
• Actions
- using services provided by thetrustor
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 9/30
Concepts for TrustManagement(5)
• Risks
- the effect of trust
- tied to assets• Action importance
- business value
- it affects trust similarly to goodreputation
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 10/30
Concepts for TrustManagement(6)
• Reputation
“a perception a party createsthrough past actions about itsintentions and norms”
- exists only in a community which isobserving its members in one way oranother
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 11/30
Concepts for TrustManagement(7)
• Recommendation
“an attempt at communicating a party’s reputation from onecommunity context to another ”
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 12/30
The Trust ManagementModel
• trust management research has itsroots in authentication andauthorisation
• in the context of authentication, trustis established by means such asdigital certificates
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 13/30
The Trust ManagementModel(2)
• certificates are proof of eitheridentity directly or membership in agroup of good reputation
• policy languages are used todetermine whether certaincredentials are sufficient for
performing a certain action
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 14/30
The Trust ManagementModel(3)
• credentials are sufficient when thesystem is either convinced of thetrustee’s identity or knows her to be
a member of some sufficientlytrusted group
- policy languages are static
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 15/30
The Trust ManagementModel(4)
• to make trust more dynamic, thebehaviour of the trustee should beconsidered as well
- intrusion detection systems
- to monitor users
- behaviour information can begathered
- locally
- third-party observations
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 16/30
The Trust ManagementModel(5)
• newcomers create a problem for atrust management system based onbehaviour history alone
- initial level of trust
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 17/30
The Trust Information Model
• reciprocity is the mutual exchange of deeds
- favor or revenge
• research on trust can be divided intothree groups
- fundamental level- service level
- highest level
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 18/30
The Tasks of a TrustManagement System
• Initializing a Trust Relationship
• Observation
•
Evolving Reputation and Trust
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 19/30
Initializing a TrustRelationship
• discovery service
- a plethora of potential partners
- may be incompetent or evenmalicious
- a reputation system may aid in
locating the most trustworthy one
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 20/30
Initializing a TrustRelationship(2)
• a reputation system aggregatesinformation
- the past behaviour
• experience or reputation informationgathering and storage
- be organized centrally- be distributed across peers
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 21/30
Initializing a TrustRelationship(3)
• a user is trustworthy by “3 on a scalefrom 1 to 5”
- it is a reputation statement
- what does it mean
- difficulties for porting ratings from
one system to another as well
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 22/30
Initializing a TrustRelationship(4)
• requirements for a successfulreputation system
- Resnick et al.
- three requirements
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 23/30
Initializing a TrustRelationship(5)
• three requirements
- the entities must be long-lived andhave use for reputation
- feedback must be captured,distributed and made available in thefuture
- the feedback must be used to guidetrust decisions
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 24/30
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 25/30
Observation(2)
• intrusion detection system
- observing users or partners in atrust management system
- traditional approach
- system calls
- network traffic
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 26/30
Observation(3)
• approaches of intrusion detectionsystem
- attempts to model normalbehaviour
- learning from experience
- misuse detection- constructs models to match the
attacks
- specification-based
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 27/30
Observation(4)
• observation ties up resources
- it is impossible to keep close trackof what every user is doing at alltimes
• suspicious activity
- not actual misbehaviour
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 28/30
Evolving Reputation and Trust
• mathematical models
- dealing with experience
- “cooperated ” or “defected ”- scalars
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 29/30
Evolving Reputation and Trust(2)
• information about user's reputationcan be distributed usingrecommendations
- representation of user's identity indifferent communities
- not necessary the truth
8/14/2019 Trust Management Survey
http://slidepdf.com/reader/full/trust-management-survey 30/30
Conclusions
• trust as a concept has many verydifferent applications
• it is difficult to find a satisfactoryrepresentation of trust for computersystems