formalizing end-to-end context-aware trust relationships in collaborative activities
DESCRIPTION
Dr Dave Bakken Dr Carl Hauser Department of Computer Science Washington State University Pullman, WA, USA Dr Deborah Frincke CyberSecurity Group Pacific Northwest National Laboratory Richland, WA, USA. Formalizing End-to-End Context-Aware Trust Relationships in Collaborative Activities. - PowerPoint PPT PresentationTRANSCRIPT
Formalizing End-to-End Context-Aware Trust Relationships in Collaborative Activities
Dr Ioanna Dionysiou Department of Computer ScienceSchool of SciencesUniversity of Nicosia, Cyprus
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Dr Dave BakkenDr Carl HauserDepartment of Computer ScienceWashington State UniversityPullman, WA, USA
Dr Deborah FrinckeCyberSecurity Group Pacific Northwest National Laboratory Richland, WA, USA
Talk OutlineMotivationActivity-Oriented Trust RelationshipsTrust Model OntologyTrust Model Functionality ExampleConclusions
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
2
Motivating ScenarioConsider the North American electric power grid Operations in a geographical region controlled by a
single entity Electric Market Deregulation Competition! Choose among electricity providers, open bidding
Impact on stability and security of the grid itself 3500 utility organizations (public, private, federal),
many points of interaction, share data Trustworthy Data exchange among these
organizations and end-users Producer of information, consumer of information
3
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Motivating Scenario (2)4
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
U1 is the consumer of State Estimation dataPMU Aggregation is the producer of State Estimation dataWhat U1 can say about the quality of the data?
Motivating Scenario (3)How can we answer the question? Security mechanisms are not adequate Encrypted digitally signed message Guarantee that not tampered with and no
unauthorized person read it What about the content itself? Reliable producer,
unsecure medium OR unreliable producer, secure medium?
Trust and its management Abstraction of beliefs that an entity has for specific
situations and interactions Not static but change over time Need to make decisions based on current beliefs
5
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Generalized Scenario 6
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Contributions of our work…A notation for specifying trust relationships tied
to a narrow context and a broad activity
An intuitive and practical way to manage trust assessment for an activity multiple trust relationships must be examined and
composed Expectations, violations, etc
7
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Talk OutlineMotivationActivity-Oriented Trust RelationshipsTrust Model OntologyTrust Model Functionality ExampleConclusions
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
8
Activity-Oriented Trust Relationships
9
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Activity-Oriented Trust Relationships (2)
10
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Talk OutlineMotivationActivity-Oriented Trust RelationshipsTrust Model OntologyTrust Model Functionality ExampleConclusions
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
11
Trust Relationship Attributes1
2
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Trust Relationship
τ(γ, δ, c, λ, ι, ε, id , s)
Trustor γ
Trustee δ
Context cTrust Level
λInterval ι
Expectations ε
Interaction identifier id
Status s
Trust is…13
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Trustor γ, based on its current trusting attitude,believes that the extent that trustee δ
will act as expected for context c during time interval ι is λ , and this belief
is subject to the satisfaction of expectation set ε .
This relationship is valid for a specific interaction id and its status is indicated by s.
Trust Level Attribute λ Trust is subjective
Trustee trustworthinessTrustee trustworthiness Trustor’s requirements are not met
by trustees at the same degree Extent to which trustee honors trust,
if trust is placed Trustor trustfulness Trustor trustfulness
Trustor’s willingness to trust Trusting attitude
How do we capture this subjectivity? Trust level, value, degree
Continuous values Discrete values
14
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Expectation Attribute εExpectation Requirement and its allowed values that a trustor has
for a particular interaction with the trustee
Expectation tuple π is a trust requirement o is a standard relational operator νo is the observed/actual value for the requirement νa is the allowed value for the requirement ev are the evaluation criteria for the specific
requirement Covering algorithm, triggering algorithm,
aggregating algorithm
15
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
ε(π,o,νo,νa,ev)
Expectation Attribute (2)16
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Trust requirement : facet (coarse-grained), properties (fine-grained)
Observed values: evidence (either internal or external)
Expectation Attribute (3)Observed value When? Triggering method: at fixed intervals, on arrival?
How? Aggregating method: average, weighted
average? For what? Allowed value vs. Observed value VIOLATIONS!!! Covering method: strict, relaxed
17
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Expectation Attribute (4)Expectation set describes all the requirements a trustor
has for a trustee in a particular relationship Not interesting by itself BUT, operations on the set ARE interesting! Define primitive comparison relationships between
elements Equal expectations Relaxed expectations
Define comparison relationships between expectation sets Strictly equal expectation sets Relaxed equal expectation sets
Define operation on sets Merging
18
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Expectation Attribute (5)19
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Equal Expectations (=) Expectation (π1 , o1 , νo1, νa1, ev1 ) is equal with expectation (π2 ,
o2 , νo2 , νa2 , ev2 ) if and only if (π1 = π2) (o∧ 1 = o2) (ν∧ o1 = νo2) (ν∧ a1 = νa2 ) (covering∧ 1 ev∈ 1 = covering2 ev∈ 2)
Relaxed Equal Expectations (≈) Expectation (π1 , o1 , νo1, νa1, ev1 ) is relaxed equal with
expectation (π2 , o2 , νo2 , νa2 , ev2 ) if and only if ( (π1 = π2) ∧(o1 = o2) (ν∧ o1 ≠ νo2) (ν∧ a1 ≠ νa2 ) (covering∧ 1 ev∈ 1 = covering2 ev∈ 2) ) or if ( (π1 = π2) (o∧ 1 = o2) (ν∧ o1 ≠ νo2) (ν∧ a1 = νa2 ) (covering∧ 1 ev∈ 1 = covering2 ev∈ 2) )
Expectation Attribute (6)What is the expectation set for a path as a single
entity?Merging of expectation sets!
20
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
fπ function for aggregating values
1. Initialize εmerge ←
2. If ε1 = ε2 then εmerge ← ε1
3. If ε1 ≈ ε2 then
∀ i:(π1 , o1 , νo1, νa1, ev1 ) ε∈ 1 , j:(π2 , o2 , νo2 , νa2 , ev2 ) ε∈ 2 such that i ≈ j do
εmerge ← εmerge {((π∪ 1 , o1 , f π (νo1 , νo2 ), f π (νa1 , νa2 ), ev1 ) )}.
€
∅
Trust Relation Properties and OperationsTrust relation is a set of trust relationships Properties Standard properties of any n-ary relation do not
hold due to the non-absolute characteristics of trust
Dynamic and composable nature Operations Changing the state of the trust relation Using the current state of the trust relation
21
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Operations changing the trust relation state
22
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Expiration of valid timeA trust relationship (γ, δ, c, λ, ι, ε, id , s) does not hold in relation τ if its valid interval time expires. Thus, a trust relationship τ(γ, δ, c, λ, ι, ε, id , s) is not valid in τ if the current time t1 > te, te ι∈
Arrival of New EvidenceSuppose that new evidence arrives at trustor γ for trustee δ regarding context c. The new evidence includes the trust requirement πr and the recommended value νr . All trust relationships (γ , δ , c , λi , ιi , εi , idi , si ) are updated to reflect the application of the new evidence on observed value νo
Expectation ViolationWhenever new evidence arrives, the observed value changes according to the aggregation scheme for the specific requirement. An update in the observed value may lead into expectation violation. In this case, the respective trust relationship’s status is set to ALERT
Operations using the trust relation state
23
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Trust Assessment for context c in interaction idTrustor γ1 may synthesize the two tuples to derive an aggregated trust assessment for context c during interval ιi (the intersection of ι1 and ι2 ) by applying expectation set operations on the expectation sets ε1 and ε2 to derive the aggregated expectation set εi . Expectation set εi has to be checked against the various trust level specifications in order to assign the trustworthiness level λi for the new tuple (γ, δ1,2, c, λi, ιi, εi, id, s) .
End-to-end Trust Assessment for interaction idSuppose there are aggregated trust assessments for contexts c1 and c2 , which are the only contexts belonging to interaction id1 : these are tuples (γ1 , δ1 , c1 , λ1 , ι1 , ε1 , id1 , s1 ) and (γ1 , δ2 , c2 , λ1 , ι2 , ε2 , id1 , s1 ) . Trustor γ1 may compose the two tuples to derive an end-to-end trust assessment for interaction id during interval ιi (the intersection of ι1 and ι2 ) by applying expectation set operations on the expectation sets ε1 and ε2 to derive the aggregated expectation set εi . Expectation set εi has to be checked against the various level specifications in order to assign the trustworthiness level λi for the new tuple (γ, δ1,2, c, λi, ιi, εi, id, s) .
Talk OutlineMotivationActivity-Oriented Trust RelationshipsTrust Model OntologyTrust Model Functionality ExampleConclusions
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
24
Revisit Original Scenario25
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Trust Relation GraphTrust Relation Graph
NetworkNetwork
Revisit Original Scenario (2)
26
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Trust Assessment for context c1 in interaction idτ(γC , δS1, c1 , λ1 , ι1 , ε1 , id , s ) and τ(γC , δS2, c1 , λ1 , ι2 , ε2 , id , s )
τ(γC , δS1,S2 , c1 , λ1 , ιk , εk , id , s )
εk={(authentication, =, certificate, certificate, ev1), (reliability,>=,average(0.97,0.95), average(0.95,0.95), ev2)}
ιk = [1,10]
Revisit Original Scenario (3)
27
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Trust Relation GraphTrust Relation Graph
End-to-end Trust Assessment for interaction idτ(γC , δS1,S2 , c1 , λ1 , ιk , εk , id , s ) and τ(γC , δP , c2 , λ1 , ι3 , ε3 , id , s )
τ(γC , δP,S1,S2 , c1,2 , λ1 , ιm , εm , id , s )
εm= {(authentication, =,certificate, certificate, ev1), (reliability, >=, average(0.90,0.96), average(0.80,0.95), ev2)}
ιm = [1,8]
Talk OutlineMotivationActivity-Oriented Trust RelationshipsTrust Model OntologyTrust Model Functionality ExampleConclusions
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
28
ConclusionsA intuitive notation to specify trust
relationships tied to an activity Allows dynamic and composable trust operations Allows a rich set of attributes to capture the trust
semantics
Current and future work,….
29
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
30
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Thanks for your attention!! Questions?
31
International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal
Σας ευχαριστω!!!