Zhi-Yu Peng,Shan-Ping Li

DOI: https://doi.org/10.1109/icmlc.2008.4620616

2008-01-01

Abstract:As pervasive computing leading to an increased collection of information in the computational world as well as the real world, privacy leaking becomes a serious issue. Although privacy protection has drawn great attention in recent years, the privacy-preserving trust management has not been brought forward. Credential chain discovery problem is the key issue in trust management, and traditionally credentials are full open in the whole system. This could expose users' access control policies as well as other private information, and leads to a great risk of being cheated by malicious users. This paper advocates a privacy-preserving credential chain discovery mechanism, in which credentials are no longer available to everyone. By merely learning credentials of one's logic neighbors, this mechanism still achieves good results. The simulations show that this mechanism is practical.

HL Hu,D Chen,CQ Huang

DOI: https://doi.org/10.1007/11428862_31

2005-01-01

Abstract:The open and anonymous of grid make the task of controlling access to sharing information more difficult, which cannot be addressed by traditional access control methods. In this paper, we identify access control requirements in such environments and propose a trust based access control framework for grid resource sharing. The framework is an integrated solution involving aspects of trust and recommendation models, based the discretionary access control (DAC), and are applied to grid resource-sharing systems. In this paper, we integrate technology of web services into idea of trust for describing resources.

Wenjuan Li,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1109/iceie.2010.5559829

2010-01-01

Abstract:Security and interoperability is the biggest challenge to promote cloud computing currently. Trust has proved to be one of the most important and effective alternative means to construct security in distributed systems. In order to efficiently and safely construct entities' trust relationship in cloud and cross-clouds environment, this paper proposed a novel cloud trust model and a new cloud security framework. The propose trust model is domain-based. It divides one cloud provider's resource nodes into the same trust domain. It designs different trust strategies for different roles. Trust recommendation is treated as one type of cloud services just like computation or storage. Based on the proposed trust model, it introduced a novel cloud security framework with an independent trust management module. Using the proposed security model, it introduced some trust-based security mechanisms. Results of simulation experiments show that the proposed security model can achieve high transaction success rate with high trust accuracy.

彭志宇,李善平,杨朝晖,林欣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2010.05.011

2010-01-01

Abstract:An anonymous authorization mechanism was proposed to protect the user's privacy in the process of authorization in trust management. User requested for services using their real identification in most of the classic trust-management language system, which potentially leaded to the privacy leaking. Through dynamically searching for the delegation roles which take over the request, the anonymous authorization mechanism retained the right behavior of credential chain discovery and achieved a quantitative way of anonymity against the resource provider. Results showed that the anonymous mechanism shared the same worst-case time complexity with the traditional forward credential-chain-searching method. A method of caching all the members in the nodes was proposed to improve the performance in time spending. Simulation results showed that the performance in time spending greatly improved in the relative stable systems, in which the credentials change slowly.

Yuan Wang,Feng Xu,Ye Tao,Chun Cao,Jian Lü

DOI: https://doi.org/10.1007/11839569_23

2006-01-01

Abstract:Trust management is an efficient approach to ensure the security and reliability in the autonomic and coordination systems. Various trust management systems are proposed from different viewpoints. However, evaluating different trust management approaches is usually more intuitive than formal. This paper presents a role-based formal framework to specify trust management systems. By quantifying two types of trust commonly occurring in the existing trust management systems, the framework proposes a set of elements to express the assertions and recommendation relationships in trust management. Furthermore, some facilities are provided to specify the semantics of trust engines. The framework makes it more convenient to understand, compare, analyze and design trust management systems.

Xiyuan Chen,Miaoliang Zhu

DOI: https://doi.org/10.4028/www.scientific.net/kem.439-440.178

2010-01-01

Abstract:Semantic; Trust Management; RBAC; User-role Assignment Abstract. The application of RBAC in access management of the enterprise services and resources is very widely. With phenomenal growth of information interaction and cooperation between distributed systems, the number of users can be in the hundreds of thousands or millions. This renders manual user-to-role assignment a formidable task. In this paper, we propose a semantic and trust based framework to automatically assign users to roles based on a finite set of assignment rules defined by authorized people in the enterprise. These rules take into consideration the attributes users own and any constraints set forth by the enterprise including the assignment history and the credit of the requester. We choose OWL to specify the user attributes.

Wu Liu,Haixin Duan,Jianping Wu,Xing Li

DOI: https://doi.org/10.1007/11596981_76

2005-01-01

Abstract:This paper presents a policy-driven trust management framework (PDTM) which is composed of five interfaces to feature the fully decentralized and policy-driven framework. The transmission interface allows trust instances to be exchanged between principals. The trust induction interface encapsulates the evaluation of policies and answers queries made against these policies. The trust management interface allows the trust instances including collection, storage and retrieval to be downloaded from small mobile devices, where resources are limited. The policy inquiry interface is designed to facilitate communication between strangers, so that unknown policies can be discovered through a query-based process. The trust agent interface, on the other hand, is designed to automate communication between strangers.

Shangyuan Guan,Xiaoshe Dong,Weiguo Wu,Yiduo Mei,Guofu Feng

DOI: https://doi.org/10.1109/aina.2008.25

2008-01-01

Abstract:Trust has been recognized as an important factor for information security in open and dynamic environments, such as Internet applications, p2p systems etc. On the basis of analyzing existing trust management systems, this paper proposes a Distributed Trust Management based on Authorizing Negotiation (DTMAN). DTMAN presents a number of innovative features. First, it can authorize strangers by using authorizing negotiation, so it is very suitable for open and dynamic environments. Second, a high efficient algorithm for compliance checking is developed to support DTMAN, whose time complexity and space complexity are both O(n) (where n is the cardinality of the set of authorization credentials). The experimental result shows that the algorithm of DTMAN is more efficient than others.

Hong Mei

DOI: https://doi.org/10.1109/ICECCS.2005.31

2005-01-01

Abstract:Due to the widespread trust threat under the open and dynamic Internet environment, the computer community has endeavored to engage in the studies of technologies for protecting and evaluating trustworthiness. This paper firstly defines trust from three aspects: trust relationship, trust property and trust entity, and build a uniform view for multiple trust properties. Secondly, according to abstract the common characteristics over varied trust properties, a model of trust management is elaborated, in which the trust entities, measurement model and trust policy are described. Thirdly, the trust management is implemented as a kind of public service on a J2EE compliant middleware platform, i.e., the PKUAS.

官尚元,伍卫国,董小社,梅一多

DOI: https://doi.org/10.3969/j.issn.1002-137x.2010.03.005

2010-01-01

Computer Science

Abstract:Trust is an important aspect of decision making for network-meditated principals,which can handle uncertainty,uncontrollability,fuzziness and incomplete information during interactions.Since trust management specifies,establishes,verifies and maintains trust relationships among principals,it receives increasing attention.On the basis of ana-lyzing the existing concepts of trust and trust relationship,this paper presented the descriptive definition and the formal one of trust management,and discussed the relationship between them.Next,some typical trust management systems were introduced and compared.Based on the analysis of the shortcomings and problems of the existing trust mana-gement systems,we ended this paper with discussions on the trend of research and application.

SHI Wenbo,CAO Chun

DOI: https://doi.org/10.3778/j.issn.1002-8331.1208-0528

2013-01-01

Abstract:Trust Management implements the authorization procedure and access control decision in an open network environment according to the credential issuing and the chain discovery algorithms. However, because of the complexity and dynamic of the trust network, the traditional trust-management system results in a low efficiency in credential discovery. To address the shortage, this paper proposes an autonomous trust-management system which introduces the concept of authority routing table.The system makes sure the direction of the search guides directly to the requester while finding the credential chain. While the trust network is complex and the right request happens frequently, the autonomous trust-management system can reduce the search cost and improve the efficiency in credential discovery.

Orhio Mark Creado,Bala Srinivasan,Phu Dung Le,Jefferson Tan

DOI: https://doi.org/10.5121/csit.2014.4212

2014-03-03

Abstract:Trust is an absolute necessity for digital communications; but is often viewed as an implicit singular entity. The use of the internet as the primary vehicle for information exchange has made accountability and verifiability of system code almost obsolete. This paper proposes a novel approach towards enforcing system security by requiring the explicit definition of trust for all operating code. By identifying the various classes and levels of trust required within a computing system; trust is defined as a combination of individual characteristics. Trust is then represented as a calculable metric obtained through the collective enforcement of each of these characteristics to varying degrees. System Security is achieved by facilitating trust to be a constantly evolving aspect for each operating code segment capable of getting stronger or weaker over time.

Cryptography and Security

Christos-Minas Mathas,Costas Vassilakis,Nicholas Kolokotronis

DOI: https://doi.org/10.1109/SERVICES48979.2020.00047

2021-09-04

Abstract:In modern internet-scale computing, interaction between a large number of parties that are not known a-priori is predominant, with each party functioning both as a provider and consumer of services and information. In such an environment, traditional access control mechanisms face considerable limitations, since granting appropriate authorizations to each distinct party is infeasible both due to the high number of grantees and the dynamic nature of interactions. Trust management has emerged as a solution to this issue, offering aids towards the automated verification of actions against security policies. In this paper, we present a trust- and risk-based approach to security, which considers status, behavior and associated risk aspects in the trust computation process, while additionally it captures user-to-user trust relationships which are propagated to the device level, through user-to-device ownership links.

Cryptography and Security

WANG Yuan,XU Feng,CAO Chun

DOI: https://doi.org/10.3969/j.issn.1002-137X.2005.08.069

2005-01-01

Computer Science

Abstract:The security problems of the open coordination software environment make great influence on the develop- ment and application of the software systems. Trust management is a new approach to solve these security problems ef- fectively. By analyzing the security problems of the open coordination software systems and the limitations of the tradi- tional trust management systems, this paper designs and implements a distributed access control system, DACBTM, based on trust management, which is suitable for the application system in the open coordination software environment. The system can evaluate the trust relationship between software entities by the approach of trust-evaluation. We also present an improved, effective algorithm for the collection of the security information, which provides a reasonable mechanism to solve the shortness of the security information in the open coordination software environment.

Minghui Zhou,Haiyan Zhao,Hong Mei

DOI: https://doi.org/10.1109/ICWS.2006.14

2006-01-01

Abstract:In the service-oriented architecture, the components deployed on application servers are published as Web services. Though many researches focus on how to authorize at the Web service level currently, there is little work involving the authorization gap between the service and its component implementation. This paper tries to bridge the gap by proposing a service-oriented trust management model, which expands the application server's capability to deal with more complex trust relationship between service users and services, and supplies a flexible trust management mechanism to integrate authentication and authorization together. Moreover, the model provides a finer granularity access control, sustains delegation between users, and has a certain extent reasoning capability. The model has been implemented in a J2EE application server, and the experiment has demonstrated that the model has high flexibility and scalability

Ming-Hui ZHOU,Hong MEI,Wen-Pin JIAO

DOI: https://doi.org/10.3321/j.issn:0372-2112.2005.05.011

2005-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:Being confronted with the trust crisis under the Internet environment, people have endeavored to develop technologies for supporting and measuring trust. Basically, traditional models and mechanisms seldom studied trust from the perspective of the trust itself and most of them can only deal with trust on a single aspect. Those traditional approaches can not manage or support trust in consistent ways when systems are required to be in possession of multiple trust properties. Regarding software services in the Internet environment as the investigating entities, this paper is devoted to build uniform view for multiple trust properties. Firstly, a trust management model based on middleware is built. Secondly, based on the model, a trust management framework is built, which is customizable and extendable. Thirdly, by analyzing various trust properties deeply, a viable trust-measuring model is setup. At last, the framework is implemented on the top of a middleware platform, i.e. the PKUAS. This paper also compares our research with the related work.

Vamsi Thummala,Jeff Chase

DOI: https://doi.org/10.48550/arXiv.1510.04629

2015-10-16

Abstract:We present SAFE, an integrated system for managing trust using a logic-based declarative language. Logical trust systems authorize each request by constructing a proof from a context---a set of authenticated logic statements representing credentials and policies issued by various principals in a networked system. A key barrier to practical use of logical trust systems is the problem of managing proof contexts: identifying, validating, and assembling the credentials and policies that are relevant to each trust decision. This paper describes a new approach to managing proof contexts using context linking and caching. Credentials and policies are stored as certified logic sets named by secure identifiers in a shared key-value store. SAFE offers language constructs to build and modify logic sets, link sets to form unions, pass them by reference, and add them to proof contexts. SAFE fetches and validates credential sets on demand and caches them in the authorizer. We evaluate and discuss our experience using SAFE to build secure services based on case studies drawn from practice: a secure name service resolver, a secure proxy shim for a key value store, and an authorization module for a networked infrastructure-as-a-service system with a federated trust structure.

Cryptography and Security,Logic in Computer Science

官尚元,伍卫国,董小社,梅一多

DOI: https://doi.org/10.3321/j.issn:0253-987x.2009.06.004

2009-01-01

Abstract:Many trust management(TM) systems have been proposed,but some issues still remain to be addressed,e.g.there is no consensus on the definition of TM in the literature,and algorithms for proof of compliance are inefficient.To address these problems,a formal definition of TM is proposed in this paper,which is composed of a set of countable principals,a set of trust classes,a set of trust attributes,a set of contexts,a set of trust relationships and a set of rules.The relationship between the formal TM and the descriptive TM is discussed.Based on the formal definition of TM,an efficient TM,called NUMEN,is presented,and the algorithm for PoC is based on the lattice-theoretical fix-point theorem.The time complexity and the space complexity of the algorithm are both O(n) where n is the cardinality of the set of authorization credentials.Experimental results show that NUMEN can effectively protect sensitive resources at the cost of little performance of systems,and the PoC algorithm for NUMEN is more efficient than those for the existing TM systems such as SKPI/SDSI and KeyNote.It is observed that the numbers of authorization brokers and of delegation credentials are crucial factors in determining the runtime.

Ran Yang,Chuang Lin,Yixin Jiang,Xiaowen Chu

DOI: https://doi.org/10.1109/icc.2011.5963329

2011-01-01

Communications

Abstract:The rapid development of applications running on global information infrastructure poses the problem of securing information sharing among domain collaborations. Existing access control models are defective in dynamic authorization based on user's trustworthiness and do not take full advantages of the infrastructure in implementing access control system. In this work, we propose a trust and role based access control model and the corresponding framework in infrastructure-centric environment. With the extension to RBAC model, trust level requirements, which dictate that the roles in the privilege context must be activated by the trustworthy user, can be specified. The comprehensive trust model, which calculates the user's trust level in multiple trust contexts based on behavior histories, is proposed. Moreover, by taking advantages of the infrastructure services, our scheme is flexible and scalable in that system administrators are free to choose custom scoring functions while the infrastructure trust evaluation services are relieved of the heavy burdens of history record maintenance and trust level update.

Sandro Etalle,William H. Winsborough

DOI: https://doi.org/10.48550/arXiv.cs/0503061

2005-03-23

Abstract:We introduce the use, monitoring, and enforcement of integrity constraints in trust management-style authorization systems. We consider what portions of the policy state must be monitored to detect violations of integrity constraints. Then we address the fact that not all participants in a trust management system can be trusted to assist in such monitoring, and show how many integrity constraints can be monitored in a conservative manner so that trusted participants detect and report if the system enters a policy state from which evolution in unmonitored portions of the policy could lead to a constraint violation.

Cryptography and Security,Databases