An authorization-based trust model for multiagent systems

In this paper an authorization-based trust model (ABTM) is described which is designed for managing access to services in a semi-open distributed environment. This is called a multiagent-based smart office environment. In this model, "trust" is defined as a set of authorization attributes that are granted by the owner of a service to the user of the service. Central to this model is a trust manager that redelegates authorizations from the service owner to the requesting user, based on access control policies that are specified by role labels which are assigned to a set of agents. The ABTM scheme is different from a centralized scheme, in which authorizations are granted directly by an authority. It is also different from a fully distributed system,where authorizations are granted based solely on the discretion of the owner of the services. The design philosophy is the separation of trust management and trust application to allow efficient management of access control in large-scale and dynamic environment, such as those that exist in multiagent systems.

[1]  Steven M. Bellovin,et al.  Limitations of the Kerberos authentication system , 1990, CCRV.

[2]  Stephen Marsh,et al.  Formalising Trust as a Computational Concept , 1994 .

[3]  Jan P. Kruys Security of open systems , 1989, Comput. Secur..

[4]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[5]  Tim Finin,et al.  Secret Agents - A Security Architecture for the KQML Agent Communication Language , 1995, CIKM 1995.

[6]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[7]  Qi He,et al.  Personal security agent: KQML-based PKI , 1998, AGENTS '98.

[8]  Thomas Beth,et al.  Trust relationships in secure systems-a distributed authentication perspective , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[10]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.