trust management survey

8/14/2019 Trust Management Survey

http://slidepdf.com/reader/full/trust-management-survey 1/30

Trust Management

SurveySini Ruohomaa , Lea Kutvonen

University of Helsinki, Finland

iTrust 2005Presented by Wen-Yuan Zhu



Outline

• Introduction

• On the Nature of Trust

•

The Tasks of a Trust ManagementSystem

• Conclusions



Introduction

• to provide an overview of trustmanagement research

•

without going too deeply into anyimplementation specifics



On the Nature of Trust

• Concepts for Trust Management

• The Trust Management Model

•

The Trust Information Model



Concepts for TrustManagement

• Trust is quite a complicatedphenomenon

• Humans do not seem to always makefully rational trust decisions



Concepts for TrustManagement(2)

• Trustor

- service provider

•

Trustee- an identifiable agent in the network

- cannot directly be controlled by

outsiders




• Trust

“the extent to which one party iswilling to participate in a given actionwith a given partner, considering therisks and incentives involved ”

- a means for people to deal withuncertainty about the future andtheir interaction partners




• A trust decision

- binary

- based on the balance between trustand risk

• Actions

- using services provided by thetrustor




• Risks

- the effect of trust

- tied to assets• Action importance

- business value

- it affects trust similarly to goodreputation




• Reputation

“a perception a party createsthrough past actions about itsintentions and norms”

- exists only in a community which isobserving its members in one way oranother




• Recommendation

“an attempt at communicating a party’s reputation from onecommunity context to another ”



The Trust ManagementModel

• trust management research has itsroots in authentication andauthorisation

• in the context of authentication, trustis established by means such asdigital certificates



The Trust ManagementModel(2)

• certificates are proof of eitheridentity directly or membership in agroup of good reputation

• policy languages are used todetermine whether certaincredentials are sufficient for

performing a certain action




• credentials are sufficient when thesystem is either convinced of thetrustee’s identity or knows her to be

a member of some sufficientlytrusted group

- policy languages are static




• to make trust more dynamic, thebehaviour of the trustee should beconsidered as well

- intrusion detection systems

- to monitor users

- behaviour information can begathered

- locally

- third-party observations




• newcomers create a problem for atrust management system based onbehaviour history alone

- initial level of trust



The Trust Information Model

• reciprocity is the mutual exchange of deeds

- favor or revenge

• research on trust can be divided intothree groups

- fundamental level- service level

- highest level



The Tasks of a TrustManagement System

• Initializing a Trust Relationship

• Observation

•

Evolving Reputation and Trust



Initializing a TrustRelationship

• discovery service

- a plethora of potential partners

- may be incompetent or evenmalicious

- a reputation system may aid in

locating the most trustworthy one



Initializing a TrustRelationship(2)

• a reputation system aggregatesinformation

- the past behaviour

• experience or reputation informationgathering and storage

- be organized centrally- be distributed across peers




• a user is trustworthy by “3 on a scalefrom 1 to 5”

- it is a reputation statement

- what does it mean

- difficulties for porting ratings from

one system to another as well




• requirements for a successfulreputation system

- Resnick et al.

- three requirements




• three requirements

- the entities must be long-lived andhave use for reputation

- feedback must be captured,distributed and made available in thefuture

- the feedback must be used to guidetrust decisions



Observation(2)

• intrusion detection system

- observing users or partners in atrust management system

- traditional approach

- system calls

- network traffic



Observation(3)

• approaches of intrusion detectionsystem

- attempts to model normalbehaviour

- learning from experience

- misuse detection- constructs models to match the

attacks

- specification-based



Observation(4)

• observation ties up resources

- it is impossible to keep close trackof what every user is doing at alltimes

• suspicious activity

- not actual misbehaviour



Evolving Reputation and Trust

• mathematical models

- dealing with experience

- “cooperated ” or “defected ”- scalars



Evolving Reputation and Trust(2)

• information about user's reputationcan be distributed usingrecommendations

- representation of user's identity indifferent communities

- not necessary the truth



Conclusions

• trust as a concept has many verydifferent applications

• it is difficult to find a satisfactoryrepresentation of trust for computersystems

trust management survey

Documents