Developing a Reference Framework for Cybercraft Trust Evaluation

Abstract : It should be no surprise that Department of Defense (DoD) and U.S. Air Force (USAF) networks are the target of constant attack. As a result, network defense remains a high priority for cyber warriors. On the technical side, trust issues for a comprehensive end-to-end network defense solution are abundant and involve multiple layers of complexity. The Air Force Research Labs (AFRL) is currently investigating the feasibility of a holistic approach to network defense, called Cybercraft. We envision Cybercraft to be trusted computer entities that cooperate with other Cybercraft to provide autonomous and responsive network defense services. A top research goal related to Cybercraft centers around how we may examine and ultimately prove features related to this root of trust. In this work, we investigate use-case scenarios for Cybercraft operation with a view towards analyzing and expressing trust requirements inherent in the environment. Based on a limited subset of functional requirements for Cybercraft in terms of their role, we consider how current trust models may be used to answer various questions of trust between components. We characterize generic model components that assist in answering questions regarding Cybercraft trust and pose relevant comparison criteria as evaluation points for various (existing) trust models. The contribution of this research is a framework for comparing trust models that are applicable to similar network-based architectures. Ultimately, we provide a reference evaluation framework for how (current and future) trust models may be developed or integrated into the Cybercraft architecture.

[1]  Jonathon T. Giffin,et al.  AIR FORCE RESEARCH LABORATORY INFORMATION DIRECTORATE , 2011 .

[2]  Ken Thompson,et al.  Reflections on trusting trust , 1984, CACM.

[3]  Michael Stevens Use of Trust Vectors in Support of the CyberCraft Initiative , 2012 .

[4]  Dieter Gollmann,et al.  Why Trust is Bad for Security , 2006, Electron. Notes Theor. Comput. Sci..

[5]  Diego Gambetta Can We Trust Trust , 2000 .

[6]  Licia Capra,et al.  Engineering human trust in mobile system collaborations , 2004, SIGSOFT '04/FSE-12.

[7]  Yong Chen,et al.  Using Trust for Secure Collaboration in Uncertain Environments , 2003, IEEE Pervasive Comput..

[8]  Paul W. Phister,et al.  CyberCraft: Concept Linking NCW Principles with the Cyber Domain in an Urban Operational Environment , 2005 .

[9]  Nancy Argüelles,et al.  Author ' s , 2008 .

[10]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[11]  J. Mcdonald,et al.  Developing a Requirements Framework for Cybercraft Trust Evaluation , 2008 .

[12]  Paul D. Williams,et al.  Use of Trust Vectors for CyberCraft and the Limits of Usable Data History for Trust Vectors , 2007, 2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications.

[13]  Indrajit Ray,et al.  A Vector Model of Trust for Developing Trustworthy Systems , 2004, ESORICS.

[14]  Lt Daniel Karrels CyberCraft : Protecting Air Force Electronic Systems with Lightweight Agents , 2007 .

[15]  Munindar P. Singh,et al.  Developing trust in large-scale peer-to-peer systems , 2004, IEEE First Symposium onMulti-Agent Security and Survivability, 2004.

[16]  Indrajit Ray,et al.  VTrust: A Trust Management System Based on a Vector Model of Trust , 2005, ICISS.

[17]  Richard A. Raines,et al.  A framework for analyzing and mitigating the vulnerabilities of complex systems via attack and protection trees , 2007 .

[18]  B. Esfandiari,et al.  On How Agents Make Friends: Mechanisms for Trust Acquisition , 2000 .