Abstract
While it is difficult to apply conventional security services to a system without a central authority, trust management offers a solution for information assurance in such a system. In this paper, we have developed a policy-oriented decision model based on object trust management to assist users in selecting reliable and secure information in an open system. In the proposed model, an object represents a topic or issue under discussion, and it may have multiple versions, each of which represents a subject’s opinion towards the characteristics of that object. The developed trust-based decision model assists a user to select one object version with desired level of quality and security features from available versions of a given object. The model balances both positive and negative aspects of an object version, and an evaluator can explicitly specify, in form of a policy specification, which features of an object version are not acceptable and which features are favorable. A high-level policy language, called Selector, expresses the policy specification in an unambiguous way. Selector consists of primary and residual policy statements. It supports recursive function calls, and the invoked external functions are defined separately from the language itself. The proposed decision model doesn’t guarantee to select the “best” version for a given object. Rather it ensures that the selected version meets a user’s requirement for information integrity.
This work was supported in part by US AFOSR under grant FA9550-04-1-0429 and was performed when the first author was with the University of Arkansas.
Chapter PDF
Key words
References
Y. Zuo and B. Panda, “Component Based Trust Management in the Context of a Virtual Organization,” In Proceedings of the 2005 ACM Symposium on Applied Computing, New Mexico, USA, March 2005
A. Josang, “An Algebra for Assessing Trust in Certification Chains,” In Proceedings of the Internet Society 1999 Network and Distributed System Security Symposium, San Diego, USA, 1999
A. Rahaman, S. Hales, “Supporting Trust in Virtual Communities,” In Proceedings of the 33rd Hawaii International Conference on System Sciences, Hawaii, USA, 2000
I. Ray, S. Chakraborty, “A Vector Model of Trust for Developing Trustworthiness Systems,” In Proceedings of the 9th European Symposium on Research in Computer Security, Sophia Antipolis, French Riviera, France, 2004
T. Yu, X. Ma, M. Winslett, “PRUNES: An Efficient and Complete Strategy for Automated Trust Negotiation over the Internet,” In Proceedings of the Conference on Computer and Communication Security, Athens, Greece, 2000
T. Yu, and M. Winslett, “Interoperable Strategies in Automated Trust Negotiation,” In Proceedings of the Conference on Computer and Communication Security, Philadelphia, USA, 2001
W. Winsborough, N. Li, “Towards Practical Automated Trust Negotiation,” In Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, IEEE Press, Monterey, USA, June 2002
L. Xiong, L. Liu, “A Reputation-based Trust Model for Peer-to-Peer E-Commerce Communities,” In Proceedings of the IEEE Conference on E-Commerce, Newport Beach, California, USA, 2003
B. Yu, M. P. Singh, “Towards a Probabilistic Model of Distributed Reputation Management,” In Proceedings of the 4th Workshop on Deception, Fraud and Trust in Agent Societies, Montreal, Canada, 2001
L. Mui, M. Mohtashemi, A. Halberstadt, “A Computational Model for Trust and Reputation,” In Proceedings of the 35th Hawaii International Conference on System Science, Hawaii, USA, 2002
“An Introduction to Cryptography, in PGP 6.5.1 User’s Guide,” Network Associates Inc., p.11–36, http://fi.pgpi.org/doc/pgpintro/
Adams, C. and S. Farrell, “RFC2510 — Internet X.509 Public Key Infrastructure Certificate Management Protocols” http://www.cis.ohio-state.edu/htbin/rfc/rfc2510.html, 1999
Feigenbaum, J., “Overview of the AT&T Labs Trust Management Project: Position Paper,” In Proceedings of the 1998 Cambridge University Workshop on Trust and Delegation, UK, 1998
Blaz, M., “Using the KeyNote Trust Management System,” AT&T Research Labs, http://www.crypto.com/trustmgt/kn.html, 1999
Chu, Y.-H., J. Feigenbaum, B. LaMacchia, P. Resnick and M. Strauss, “REFEREE: Trust Management for Web Applications,” AT&T Research Labs, http://www.farcaster.com/papers/www6-referee, 1997
P. McDaniel, “On Context in Authorization Policy,” In Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, Como, Italy, June 2003
N. Damianou, N. Dulay, E. Lupu, and M. Sloman, “The Ponder Policy Specification Language,” In Proceedings of the Policy Workshop 2001, Bristol, UK, January 2001
L. Kagal, “Rei: A Policy Language for the Me-Centric Project,” HP Labs Technology Report, 2002
Chang, B., Crary, K., DeLap, M., Harper, R. and Liszka, J., “Trustless Grid Computing in ConCert” http://www.cs.cmu/~concert/talks/Murphy2002Trustless/trustless.ppt#1
M. Bishop, “Computer Security — Art and Science,” Addison-Wesley, 2003
C._E. Landwehr, A. R. Bull, J. P. McDermott, and W. S. Choi, “ Taxonomy of Computer Program Security Flaws,” Computing Surveys, 26(3): pp. 211–255, 1994
K. Ashcraft and D. Engler, “Using programmer-written Compiler Extension to Catch Security Holes,” In Proceedings of 2002 IEEE Symposium on Security and Privacy, pp. 143–159, Berkeley, CA, USA, 2002
M. Bishop and M. Dilger, “Checking for Race Conditions in File Accesses,” Computing Systems, 9(2), 1996
H. Chen, H. and D. Wagner, “An Infrastructure of Examining Security Properties of Software,” In Proceedings of ACM Conference on Computer and Communications Security (CCS), Washington DC, USA, 2002
B._V. Chess, “Improving Computer Security Using Extending Static Checking,” In Proceedings of 2002 IEEE Symposium on Security and Privacy, pp. 160–173, Berkeley, CA, USA, 2002
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
Zuo, Y., Panda, B. (2005). A Trust-Based Model for Information Integrity in Open Systems. In: Dowland, P., Furnell, S., Thuraisingham, B., Wang, X.S. (eds) Security Management, Integrity, and Internal Control in Information Systems. IICIS 2004. IFIP International Federation for Information Processing, vol 193. Springer, Boston, MA. https://doi.org/10.1007/0-387-31167-X_22
Download citation
DOI: https://doi.org/10.1007/0-387-31167-X_22
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-29826-9
Online ISBN: 978-0-387-31167-8
eBook Packages: Computer ScienceComputer Science (R0)