A Trust-Based Model for Information Integrity in Open Systems

  • Yanjun Zuo
  • Brajendra Panda
Conference paper
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 193)


While it is difficult to apply conventional security services to a system without a central authority, trust management offers a solution for information assurance in such a system. In this paper, we have developed a policy-oriented decision model based on object trust management to assist users in selecting reliable and secure information in an open system. In the proposed model, an object represents a topic or issue under discussion, and it may have multiple versions, each of which represents a subject’s opinion towards the characteristics of that object. The developed trust-based decision model assists a user to select one object version with desired level of quality and security features from available versions of a given object. The model balances both positive and negative aspects of an object version, and an evaluator can explicitly specify, in form of a policy specification, which features of an object version are not acceptable and which features are favorable. A high-level policy language, called Selector, expresses the policy specification in an unambiguous way. Selector consists of primary and residual policy statements. It supports recursive function calls, and the invoked external functions are defined separately from the language itself. The proposed decision model doesn’t guarantee to select the “best” version for a given object. Rather it ensures that the selected version meets a user’s requirement for information integrity.

Key words

trust decision model information integrity information security policies policy language trustworthy computation 


  1. 1.
    Y. Zuo and B. Panda, “Component Based Trust Management in the Context of a Virtual Organization,” In Proceedings of the 2005 ACM Symposium on Applied Computing, New Mexico, USA, March 2005Google Scholar
  2. 2.
    A. Josang, “An Algebra for Assessing Trust in Certification Chains,” In Proceedings of the Internet Society 1999 Network and Distributed System Security Symposium, San Diego, USA, 1999Google Scholar
  3. 3.
    A. Rahaman, S. Hales, “Supporting Trust in Virtual Communities,” In Proceedings of the 33rd Hawaii International Conference on System Sciences, Hawaii, USA, 2000Google Scholar
  4. 4.
    I. Ray, S. Chakraborty, “A Vector Model of Trust for Developing Trustworthiness Systems,” In Proceedings of the 9th European Symposium on Research in Computer Security, Sophia Antipolis, French Riviera, France, 2004Google Scholar
  5. 5.
    T. Yu, X. Ma, M. Winslett, “PRUNES: An Efficient and Complete Strategy for Automated Trust Negotiation over the Internet,” In Proceedings of the Conference on Computer and Communication Security, Athens, Greece, 2000Google Scholar
  6. 6.
    T. Yu, and M. Winslett, “Interoperable Strategies in Automated Trust Negotiation,” In Proceedings of the Conference on Computer and Communication Security, Philadelphia, USA, 2001Google Scholar
  7. 7.
    W. Winsborough, N. Li, “Towards Practical Automated Trust Negotiation,” In Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, IEEE Press, Monterey, USA, June 2002Google Scholar
  8. 8.
    L. Xiong, L. Liu, “A Reputation-based Trust Model for Peer-to-Peer E-Commerce Communities,” In Proceedings of the IEEE Conference on E-Commerce, Newport Beach, California, USA, 2003Google Scholar
  9. 9.
    B. Yu, M. P. Singh, “Towards a Probabilistic Model of Distributed Reputation Management,” In Proceedings of the 4th Workshop on Deception, Fraud and Trust in Agent Societies, Montreal, Canada, 2001Google Scholar
  10. 10.
    L. Mui, M. Mohtashemi, A. Halberstadt, “A Computational Model for Trust and Reputation,” In Proceedings of the 35th Hawaii International Conference on System Science, Hawaii, USA, 2002Google Scholar
  11. 11.
    “An Introduction to Cryptography, in PGP 6.5.1 User’s Guide,” Network Associates Inc., p.11–36, Scholar
  12. 12.
    Adams, C. and S. Farrell, “RFC2510 — Internet X.509 Public Key Infrastructure Certificate Management Protocols”, 1999Google Scholar
  13. 13.
    Feigenbaum, J., “Overview of the AT&T Labs Trust Management Project: Position Paper,” In Proceedings of the 1998 Cambridge University Workshop on Trust and Delegation, UK, 1998Google Scholar
  14. 14.
    Blaz, M., “Using the KeyNote Trust Management System,” AT&T Research Labs,, 1999Google Scholar
  15. 15.
    Chu, Y.-H., J. Feigenbaum, B. LaMacchia, P. Resnick and M. Strauss, “REFEREE: Trust Management for Web Applications,” AT&T Research Labs,, 1997Google Scholar
  16. 16.
    P. McDaniel, “On Context in Authorization Policy,” In Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, Como, Italy, June 2003Google Scholar
  17. 17.
    N. Damianou, N. Dulay, E. Lupu, and M. Sloman, “The Ponder Policy Specification Language,” In Proceedings of the Policy Workshop 2001, Bristol, UK, January 2001Google Scholar
  18. 18.
    L. Kagal, “Rei: A Policy Language for the Me-Centric Project,” HP Labs Technology Report, 2002Google Scholar
  19. 19.
    Chang, B., Crary, K., DeLap, M., Harper, R. and Liszka, J., “Trustless Grid Computing in ConCert” http://www.cs.cmu/~concert/talks/Murphy2002Trustless/trustless.ppt#1Google Scholar
  20. 20.
    M. Bishop, “Computer Security — Art and Science,” Addison-Wesley, 2003Google Scholar
  21. 21.
    C._E. Landwehr, A. R. Bull, J. P. McDermott, and W. S. Choi, “ Taxonomy of Computer Program Security Flaws,” Computing Surveys, 26(3): pp. 211–255, 1994CrossRefGoogle Scholar
  22. 22.
    K. Ashcraft and D. Engler, “Using programmer-written Compiler Extension to Catch Security Holes,” In Proceedings of 2002 IEEE Symposium on Security and Privacy, pp. 143–159, Berkeley, CA, USA, 2002Google Scholar
  23. 23.
    M. Bishop and M. Dilger, “Checking for Race Conditions in File Accesses,” Computing Systems, 9(2), 1996Google Scholar
  24. 24.
    H. Chen, H. and D. Wagner, “An Infrastructure of Examining Security Properties of Software,” In Proceedings of ACM Conference on Computer and Communications Security (CCS), Washington DC, USA, 2002Google Scholar
  25. 25.
    B._V. Chess, “Improving Computer Security Using Extending Static Checking,” In Proceedings of 2002 IEEE Symposium on Security and Privacy, pp. 160–173, Berkeley, CA, USA, 2002Google Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • Yanjun Zuo
    • 1
  • Brajendra Panda
    • 2
  1. 1.Department of Information Systems and Business EducationUniversity of North DakotaGrand ForksUSA
  2. 2.Department of Computer Science and Computer EngineeringUniversity of ArkansasFayettevilleUSA

Personalised recommendations