Towards a dynamic and composable model of trust

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Towards a dynamic and composable model of trust

Full text

Pdf (860 KB)

Source

Symposium on Access Control Models and Technologies archive
Proceedings of the 14th ACM symposium on Access control models and technologies table of contents

Stresa, Italy

SESSION: Trust and access control in systems table of contents

Pages 217-226

Year of Publication: 2009

ISBN:978-1-60558-537-6

Authors

Adam J. Lee	University of Pittsburgh, Pittsburgh, PA, USA
Ting Yu	North Carolina State University, Raleigh, NC, USA

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 34, Downloads (12 Months): 161, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1542207.1542242 What is a DOI?

ABSTRACT

During their everyday decision making, humans consider the interplay between two types of trust: vertical trust and horizontal trust. Vertical trust captures the trust relationships that exist between individuals and institutions, while horizontal trust represents the trust that can be inferred from the observations and opinions of others. Although researchers are actively exploring both vertical and horizontal trust within the context of distributed computing (e.g., credential-based trust and reputation-based trust, respectively), the specification and enforcement of composite trust management policies involving the flexible composition of both types of trust metrics is currently an unexplored area.

In this paper, we take the first steps towards developing a comprehensive approach to composite trust management for distributed systems. In particular, we conduct a use case analysis to uncover the functional requirements that must be met by composite trust management policy languages. We then present the design and semantics of CTM: a flexible policy language that allows arbitrary composition of horizontal and vertical trust metrics. After showing that CTM embodies each of the requirements discovered during our use case analysis, we demonstrate that CTM can be used to specify a wide range of interesting composite trust management policies, and comment on several systems challenges that arise during the composite trust management process.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Amazon.com: Recommended for you. Web Site, Dec. 2008. http://www.amazon.com/gp/yourstore/recs/.
	2	S. Axelsson. Intrusion detection systems: A survey and taxonomy. Dept. of Computer Engineering Technical Report 99-15, Chalmers University of Technology, Mar. 2000.
	3	Lujo Bauer , Scott Garriss , Michael K. Reiter, Distributed Proving in Access-Control Systems, Proceedings of the 2005 IEEE Symposium on Security and Privacy, p.81-95, May 08-11, 2005 [doi>10.1109/SP.2005.9]
	4	Cassandra: Distributed Access Control Policies with Tunable Expressiveness, Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, p.159, June 07-09, 2004
	5	Trust-X: A Peer-to-Peer Framework for Trust Establishment, IEEE Transactions on Knowledge and Data Engineering, v.16 n.7, p.827-842, July 2004 [doi>10.1109/TKDE.2004.1318565]
	6	Bharat K. Bhargava , Yuhui Zhong, Authorization Based on Evidence and Trust, Proceedings of the 4th International Conference on Data Warehousing and Knowledge Discovery, p.94-103, September 04-06, 2002
	7	J. Biskup and Y. Karabulut. A hybrid pki model: Application to secure mediation. In DBSec, pages 271--282, 2002.
	8	Matt Blaze , Joan Feigenbaum , Jack Lacy, Decentralized Trust Management, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.164, May 06-08, 1996
	9	Matt Blaze , Joan Feigenbaum , Martin Strauss, Compliance Checking in the PolicyMaker Trust Management System, Proceedings of the Second International Conference on Financial Cryptography, p.254-274, February 23-25, 1998
	10	P. Bonatti, C. Duma, D. Olmedilla, and N. Shahmehri. An integration of reputation-based and policy-based trust management. In Sematic Web and Policy Workshop, Galway, Ireland, Nov. 2005.
	11	B. Carminati, E. Ferrari, and A. Perego. Enforcing access control in web-based social networks. ACM Transactions in Information and System Security. to appear.
	12	B. Carminati, E. Ferrari, and A. Perego. Combining social networks and semantic web technologies for personalizing web access. In Proceedings of the 4th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), Nov. 2008.
	13	B. Carminati, E. Ferrari, and A. Perego. A decentralized security framework for web-based social networks. International Journal of Information Security and Privacy, 2(4):22--53, 2008.
	14	Fabrizio Cornelli , Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, Choosing reputable servents in a P2P network, Proceedings of the 11th international conference on World Wide Web, May 07-11, 2002, Honolulu, Hawaii, USA [doi>10.1145/511446.511496]
	15	Ernesto Damiani , De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati , Fabio Violante, A reputation-based approach for choosing reliable resources in peer-to-peer networks, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA [doi>10.1145/586110.586138]
	16	Keith Frikken , Mikhail Atallah , Jiangtao Li, Attribute-Based Access Control with Hidden Policies and Hidden Credentials, IEEE Transactions on Computers, v.55 n.10, p.1259-1270, October 2006 [doi>10.1109/TC.2006.158]
	17	M. Grimsley, A. Meehan, G. Green, and B. Stafford. Social capital, community trust, and e-government services. In International Conference on Trust Management, Pisa, Italy, May 2003.
	18	K. Hoffman, D. Zage, and C. Nita-Rotaru. A survey of attack and defense techniques for reputation systems. ACM Computing Surveys, to appear.
	19	Trevor Jim, SD3: A Trust Management System with Certified Evaluation, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.106, May 14-16, 2001
	20	Audun Jøsang , Roslan Ismail , Colin Boyd, A survey of trust and reputation systems for online service provision, Decision Support Systems, v.43 n.2, p.618-644, March, 2007 [doi>10.1016/j.dss.2005.05.019]
	21	Sepandar D. Kamvar , Mario T. Schlosser , Hector Garcia-Molina, The Eigentrust algorithm for reputation management in P2P networks, Proceedings of the 12th international conference on World Wide Web, May 20-24, 2003, Budapest, Hungary [doi>10.1145/775152.775242]
	22	S. Kruk, S. Grzonkowski, A. Gzella, T. Woroniecki, and H.-C. Choi. D-foaf: Distributed identity management with access rights delegation. In Asian Semantic Web Conference, Beijing, China, Sept. 2006.
	23	Adam J. Lee , Marianne Winslett, Towards an efficient and language-agnostic compliance checker for trust negotiation systems, Proceedings of the 2008 ACM symposium on Information, computer and communications security, March 18-20, 2008, Tokyo, Japan [doi>10.1145/1368310.1368343]
	24	N. Li and J. C. Mitchell. RT: A role-based trust-management framework. In Proceedings of the Third DARPA Information Survivability Conference and Exposition (DISCEX III), pages 201--212, Apr. 2003.
	25	Ninghui Li , John C. Mitchell , William H. Winsborough, Beyond proof-of-compliance: security analysis in trust management, Journal of the ACM (JACM), v.52 n.3, p.474-514, May 2005 [doi>10.1145/1066100.1066103]
	26	Ninghui Li , William H. Winsborough , John C. Mitchell, Distributed credential chain discovery in trust management, Journal of Computer Security, v.11 n.1, p.35-86, February 2003
	27	Liberty alliance project. Web Site, Dec. 2008. http://www.projectliberty.org/.
	28	A. Mounji , B. Le Charlier , D. Zampunieris , N. Habra, Distributed audit trail analysis, Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95), p.102, February 16-17, 1995
	29	NetFlix prize: Home. Web Site, Dec. 2008. http://www.netflixprize.com/.
	30	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	31	K. Seamons , M. Winslett , T. Yu , B. Smith , E. Child , J. Jacobson , H. Mills , L. Yu, Requirements for Policy Languages for Trust Negotiation, Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), p.68, June 05-07, 2002
	32	Shibboleth Project. http://shibboleth.internet2.edu/.
	33	TrustBuilder2 download page. Web site, Oct. 2008. http://dais.cs.uiuc.edu/dais/security/tb2/.
	34	Lingyu Wang , Duminda Wijesekera , Sushil Jajodia, A logic-based framework for attribute based access control, Proceedings of the 2004 ACM workshop on Formal methods in security engineering, October 29-29, 2004, Washington DC, USA [doi>10.1145/1029133.1029140]
	35	Duminda Wijesekera , Sushil Jajodia, A propositional policy algebra for access control, ACM Transactions on Information and System Security (TISSEC), v.6 n.2, p.286-325, May 2003 [doi>10.1145/762476.762481]
	36	W. H. Winsborough, K. E. Seamons, and V. E. Jones. Automated trust negotiation. In DARPA Information Survivability Conference and Exposition, Jan. 2000.
	37	Li Xiong , Ling Liu, A reputation-based trust model for peer-to-peer ecommerce communities [Extended Abstract], Proceedings of the 4th ACM conference on Electronic commerce, June 09-12, 2003, San Diego, CA, USA [doi>10.1145/779928.779972]