Yongchun CAO,Xiaojiang CHEN,Bei HUA

DOI: https://doi.org/10.3969/j.issn.1006-0871.2005.03.006

2005-01-01

Abstract:After introducing a trust management model, KeyNote trust management system based on it is designed. Its application in active networks is illustrated.

彭志宇,李善平,杨朝晖,林欣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2010.05.011

2010-01-01

Abstract:An anonymous authorization mechanism was proposed to protect the user's privacy in the process of authorization in trust management. User requested for services using their real identification in most of the classic trust-management language system, which potentially leaded to the privacy leaking. Through dynamically searching for the delegation roles which take over the request, the anonymous authorization mechanism retained the right behavior of credential chain discovery and achieved a quantitative way of anonymity against the resource provider. Results showed that the anonymous mechanism shared the same worst-case time complexity with the traditional forward credential-chain-searching method. A method of caching all the members in the nodes was proposed to improve the performance in time spending. Simulation results showed that the performance in time spending greatly improved in the relative stable systems, in which the credentials change slowly.

Zhi-Yu Peng,Shan-Ping Li

DOI: https://doi.org/10.1109/icmlc.2008.4620616

2008-01-01

Abstract:As pervasive computing leading to an increased collection of information in the computational world as well as the real world, privacy leaking becomes a serious issue. Although privacy protection has drawn great attention in recent years, the privacy-preserving trust management has not been brought forward. Credential chain discovery problem is the key issue in trust management, and traditionally credentials are full open in the whole system. This could expose users' access control policies as well as other private information, and leads to a great risk of being cheated by malicious users. This paper advocates a privacy-preserving credential chain discovery mechanism, in which credentials are no longer available to everyone. By merely learning credentials of one's logic neighbors, this mechanism still achieves good results. The simulations show that this mechanism is practical.

Wen Li,Lingdi Ping,Kuijun Lu,Xiaoping Chen

DOI: https://doi.org/10.1109/ICIE.2009.33

2009-01-01

Abstract:As traditional network security cannot meet the security requirements, the international research shows that network security is on the way to Trustworthy Internet and that the trustworthy issue becomes a hot topic in the future Internet. Trust evaluation of users' behavior is an important part of Trustworthy Internet and a rational trust model plays a key role in the evaluation. This paper concludes many principles of the trust model by analyzing existing trust models and proposes a novel trust model including both the direct and indirect trust. In our model, the direct trust is more trustworthy and is weighted more with the more and more interactions and the indirect evaluation becomes less and less important. The subjective factor is considered to make the direct trust obey the principle of "rise-lowly, decline-quickly". Furthermore, recommenders' credibility is taken into account in the indirect trust evaluation, which can avoid the denigration and make indirect trust more objective. We also consider the process of referral of the credibility to gain more information to evaluate the indirect trust effectively. Credibility evaluation is the basis of the filtering of low credibility and the improvement of trust evaluation. Finally, several experiments are shown to illustrate the properties of the model. © 2009 IEEE.

Jianjun Wang,Jianping Li,Chongming Ma,Jing Peng

DOI: https://doi.org/10.1109/ICCWAMTIP.2013.6716621

2013-01-01

Abstract:In the distributed environments, Anonymous Access and Delegation are not satisfied in the traditional Access Control. However, they can be guaranteed in the Key-based Trust Models, because a key represents the identification of one user, both authorization and key are associated with each other. In the Key-based Trust Models, the most representative ones are PolicyMaker, SPKI/SDSI and QCM. In this paper, we extract the mechanisms of authorization from these models, discuss the advantages and disadvantages, so as to develop new studies and applications.

曾璎珞,潘雪增,陈健

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.10.052

2010-01-01

Abstract:This paper proposes a dynamic security access control model based on system reliability,so as to improve the flexibility of combination among multiple security access control strategies,and to ensure system security and practicality.The model can choose the proper kind of combination among the security access control strategies dynamically in order to deal with different system states and improve the whole system performance.Experimental results prove that this model makes the multiple strategies control more flexible,ensures the system security,and improves practicality of the system.

Jian-Jun Wang,Jian-Ping Li,Yong-Fan Li,Jing Peng

DOI: https://doi.org/10.1109/icwamtip.2012.6413490

2012-01-01

Abstract:This paper includes the theory developments and main characteristics of Policymaker, KeyNote, REFEREE, and SPKI/SDSI2.0 Key-Based Dynamic Trust Authorization Mechanisms in distributed environments; discusses the applications and existing security problems of cloud computer and mobile computer Key-Based Dynamic Trust Mechanisms in new distributed environment; describes the role that trust degree plays in solving the security problems of Dynamic Trust Mechanism in new distributed environments, and indicates Certificateless Public Key Cryptography is another development direction for Dynamic Trust Mechanism.

SHI Wenbo,CAO Chun

DOI: https://doi.org/10.3778/j.issn.1002-8331.1208-0528

2013-01-01

Abstract:Trust Management implements the authorization procedure and access control decision in an open network environment according to the credential issuing and the chain discovery algorithms. However, because of the complexity and dynamic of the trust network, the traditional trust-management system results in a low efficiency in credential discovery. To address the shortage, this paper proposes an autonomous trust-management system which introduces the concept of authority routing table.The system makes sure the direction of the search guides directly to the requester while finding the credential chain. While the trust network is complex and the right request happens frequently, the autonomous trust-management system can reduce the search cost and improve the efficiency in credential discovery.

PENG Jie,GUO Shan-Qing,MAO Bing,XIE Li

DOI: https://doi.org/10.3969/j.issn.1002-137X.2005.05.013

2005-01-01

Computer Science

Abstract:In this paper, we analyze the problems exposed by the current security management systems, and intro- duce the trust mechanism to XML-based security management platform. In the traditional trust model, the trust sub- kect is unitary, which can not meet the requirements raised by the XML-based security management to trust. In order to solve this problem, some necessary improvements are made to the traditional trust model. First, the bidirectional trust is proposed, resolving the mutual trust problem of the server and client. Second, a local trust library is added to enhance both the administrator's global analysis and the assessment of reputation-based trust degree.

官尚元,伍卫国,董小社,梅一多

DOI: https://doi.org/10.3321/j.issn:0253-987x.2009.06.004

2009-01-01

Abstract:Many trust management(TM) systems have been proposed,but some issues still remain to be addressed,e.g.there is no consensus on the definition of TM in the literature,and algorithms for proof of compliance are inefficient.To address these problems,a formal definition of TM is proposed in this paper,which is composed of a set of countable principals,a set of trust classes,a set of trust attributes,a set of contexts,a set of trust relationships and a set of rules.The relationship between the formal TM and the descriptive TM is discussed.Based on the formal definition of TM,an efficient TM,called NUMEN,is presented,and the algorithm for PoC is based on the lattice-theoretical fix-point theorem.The time complexity and the space complexity of the algorithm are both O(n) where n is the cardinality of the set of authorization credentials.Experimental results show that NUMEN can effectively protect sensitive resources at the cost of little performance of systems,and the PoC algorithm for NUMEN is more efficient than those for the existing TM systems such as SKPI/SDSI and KeyNote.It is observed that the numbers of authorization brokers and of delegation credentials are crucial factors in determining the runtime.

GUO Xiao-qiong,GUAN Hai-bing

DOI: https://doi.org/10.3969/j.issn.1009-8054.2008.02.020

2008-01-01

Abstract:Taking the advantage of the characteristics of the Bayesian network, this paper puts forward a trust manage-ment model based on Yao Wang and Julita Vassilevas model, by using a method for updating CPTs by recording all attributes of every transaction, which can comprehensively consider the correlation and many-sidedness of the context in computation of trust.

TIAN Li-qin,JI Tie-guo,LIN Chuang,YIANG Yiang

DOI: https://doi.org/10.3778/j.issn.1002-8331.2008.19.004

2008-01-01

Abstract:The paper establishes a user behaviour trust and Role-Based Access Control(RBAC) model,which introduces the attribute concept and adds the user behaviour trust degree set on the basis of RBAC model.The detailed description and the authorization flow are given in the article.At last the model is analyzed from the dynamic performance and trust mechanism and role numbers and work performance.The new access control achieves the dynamic authorization by the dynamic assignment of role attributes and achieves the connection identity trust with behavior trust by setting the trust degree as an obligatory attribute,which changes the static authorization only based the identity of existing access control models.The model can reduce the role number by setting the attributes for the role,which can lighten the role management burden caused by the large number roles and improve the performance at the same time.

Jian-Jun Qi,Zeng-Zhi Li

DOI: https://doi.org/10.1007/11559221_77

2005-01-01

Abstract:This paper proposes a security architecture that employs trust notion to address security issues in active networks. The subjectivity of trust is discussed, and the innovative idea is that how to compute trust should be decided subjectively by an entity. Then, a general framework for a trust system is described. Finally, a flexible trust management model, which employs the features of active networks, is presented. In this model, different entities can use different methods to compute trust, and an entity can change its computing method of trust over time.

Ke Yang,Da Li,Lei Zhou,Kai Cheng

DOI: https://doi.org/10.1088/1742-6596/2166/1/012042

2022-01-01

Journal of Physics: Conference Series

Abstract:Abstract The new power system presents new features such as massive, decentralized, multiple types of equipment and user access, more complex interactions, and faster response speed. The zero-trust security model still has problems such as the single-point failure risk of permission control and the inability to balance dynamic fine-grained permission adjustment and real-time response. Based on this, this paper proposes an adaptive dynamic access control model based on blockchain and token. First, build a decentralized authorization management architecture based on blockchain smart contracts to provide users with reliable and intelligent authorization services. Secondly, an authorization technology based on short-term tokens is proposed, which realizes adaptive dynamic access authority adjustment through user trust evaluation and smart contract automatic discrimination. Finally, an intelligent identity authentication mechanism based on user behavior data analysis is designed to support the adaptive update of tokens. Experiments have verified that this model has certain advantages in accurate and adaptive dynamic authorization, which can provide a reference for the improvement of the zero-trust model.

Lu Chen,Qing Zhou,Gaofeng Huang,Liqiang Zhang

DOI: https://doi.org/10.1109/CIS.2014.47

2014-01-01

Abstract:Resource sharing is one of the main applications of network. How to establish a trust relationship between resources requestor and provider, and enforce authority is the key issue of efficient resource sharing. Existing models and methods are mostly focus on identity, recommendation and other information, but lack of the considering of resource requestor's conduct and environment of computing. And once authorized, it will not be able to track and control user behavior dynamically. It may cause more risks when sharing resources. Aiming to resolve the above problems, a trust-role based context aware access control model is proposed relying on the measurement and verification of the \"trust credentials and evidences\" which embody the context information of user behavior and platform environment to achieve the security, dependable and dynamic access control for resource sharing.

WANG Yuan,XU Feng,CAO Chun

DOI: https://doi.org/10.3969/j.issn.1002-137X.2005.08.069

2005-01-01

Computer Science

Abstract:The security problems of the open coordination software environment make great influence on the develop- ment and application of the software systems. Trust management is a new approach to solve these security problems ef- fectively. By analyzing the security problems of the open coordination software systems and the limitations of the tradi- tional trust management systems, this paper designs and implements a distributed access control system, DACBTM, based on trust management, which is suitable for the application system in the open coordination software environment. The system can evaluate the trust relationship between software entities by the approach of trust-evaluation. We also present an improved, effective algorithm for the collection of the security information, which provides a reasonable mechanism to solve the shortness of the security information in the open coordination software environment.

Zoi Lygizou,Dimitris Kalles

2024-04-13

Abstract:Current trust and reputation models continue to have significant limitations, such as the inability to deal with agents constantly entering or exiting open multi-agent systems (open MAS), as well as continuously changing behaviors. Our study is based on CA, a previously proposed decentralized computational trust model from the trustee's point of view, inspired by synaptic plasticity and the formation of assemblies in the human brain. It is designed to meet the requirements of highly dynamic and open MAS, and its main difference with most conventional trust and reputation models is that the trustor does not select a trustee to delegate a task; instead, the trustee determines whether it is qualified to successfully execute it. We ran a series of simulations to compare CA model to FIRE, a well-established, decentralized trust and reputation model for open MAS under conditions of continuous trustee and trustor population replacement, as well as continuous change of trustees' abilities to perform tasks. The main finding is that FIRE is superior to changes in the trustee population, whereas CA is resilient to the trustor population changes. When the trustees switch performance profiles FIRE clearly outperforms despite the fact that both models' performances are significantly impacted by this environmental change. Findings lead us to conclude that learning to use the appropriate trust model, according to the dynamic conditions in effect could maximize the trustor's benefits.

Multiagent Systems,Artificial Intelligence

Peter C. Chapin,Sean Wang

2006-01-01

Abstract:Trust management systems are frameworks for authorization in modern distributed systems, allowing remotely accessible resources to be protected by providers. By allowing providers to specify policy, and access requesters to possess certain access rights, trust management automates the process of determining whether access should be allowed on the basis of policy, rights, and an authorization semantics. In this paper we survey modern stateof-the-art in trust management, focusing on features of policy and rights languages that provide the necessary expressiveness for modern practice. We characterize systems in light of a generic structure that takes into account components of practical implementations. We emphasize systems that have a formal foundation, since security properties of them can be rigorously guaranteed. Underlying formalisms are reviewed to provide necessary background.

Yuan Wang,Feng Xu,Ye Tao,Chun Cao,Jian Lü

DOI: https://doi.org/10.1007/11839569_23

2006-01-01

Abstract:Trust management is an efficient approach to ensure the security and reliability in the autonomic and coordination systems. Various trust management systems are proposed from different viewpoints. However, evaluating different trust management approaches is usually more intuitive than formal. This paper presents a role-based formal framework to specify trust management systems. By quantifying two types of trust commonly occurring in the existing trust management systems, the framework proposes a set of elements to express the assertions and recommendation relationships in trust management. Furthermore, some facilities are provided to specify the semantics of trust engines. The framework makes it more convenient to understand, compare, analyze and design trust management systems.

Shangyuan Guan,Xiaoshe Dong,Weiguo Wu,Yiduo Mei,Guofu Feng

DOI: https://doi.org/10.1109/aina.2008.25

2008-01-01

Abstract:Trust has been recognized as an important factor for information security in open and dynamic environments, such as Internet applications, p2p systems etc. On the basis of analyzing existing trust management systems, this paper proposes a Distributed Trust Management based on Authorizing Negotiation (DTMAN). DTMAN presents a number of innovative features. First, it can authorize strangers by using authorizing negotiation, so it is very suitable for open and dynamic environments. Second, a high efficient algorithm for compliance checking is developed to support DTMAN, whose time complexity and space complexity are both O(n) (where n is the cardinality of the set of authorization credentials). The experimental result shows that the algorithm of DTMAN is more efficient than others.