Decentralized trust-based access control for dynamic collaborative environments

The goal of this research was to create a decentralized trust-based access control (TBAC) system for a dynamic collaborative environment (DCE). By building a privilege management infrastructure (PMI) based on trust, user access was determined using behavior grading without the need for pre-configured, centrally managed role hierarchies or permission sets. The PMI provided TBAC suitable for deployment in a rapidly assembled, highly fluid, collaborative environment. DCEs were assembled and changed membership as required to achieve the goals of the group. A feature of these environments was that there was no way of knowing who would join the group, no way refusing anyone entry into the and no way of determining how long members would remain in the group. DCEs were formed quickly to enable participants to share information while, at the same time, allowing them to retain control over the resources that they brought with them to the coalition. This research progressed the state of the art in the fields of access control and trust management. The Trust Management System developed through this research effectively implemented a decentralized access control scheme. Each resource owner independently evaluated the reputation and risk of network members to make access decisions. Because the PMI system used past behavior as an indication of future performance, no a priori user or resource configuration was required.

[1]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[2]  Vitaly Shmatikov,et al.  Reputation-Based Trust Management ∗ , 2003 .

[3]  Yong Chen,et al.  Trust Propagation in Small Worlds , 2003, iTrust.

[4]  Andrew Twigg,et al.  Enforcing Collaboration in Peer-to-Peer Routing Services , 2003, iTrust.

[5]  Kenton O'Hara,et al.  Dealing with mobility: understanding access anytime, anywhere , 2001, TCHI.

[6]  Paul Resnick,et al.  Reputation systems , 2000, CACM.

[7]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[8]  George C. Hadjichristofi,et al.  A framework for key management in mobile ad hoc networks , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[9]  Deborah Estrin Inter-organization networks: implications of access control: requirements for interconnection protocol , 1986, SIGCOMM '86.

[10]  Srdjan Capkun,et al.  Mobility helps security in ad hoc networks , 2003, MobiHoc '03.

[11]  Timothy W. Finin,et al.  A Framework for Distributed Trust Management , 2001 .

[12]  W. J. Adams,et al.  TMS: a trust management system for access control in dynamic collaborative environments , 2006, 2006 IEEE International Performance Computing and Communications Conference.

[13]  Andrew Odlyzko,et al.  Paris Metro pricing: the minimalist differentiated services solution , 1999, 1999 Seventh International Workshop on Quality of Service. IWQoS'99. (Cat. No.98EX354).

[14]  Alexander Ost Performance of communication systems: a model based approach with matrix geometric methods , 2001 .

[15]  Stephen Hailes,et al.  Supporting trust in virtual communities , 2000, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.

[16]  Ninghui Li,et al.  RT: a Role-based Trust-management framework , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[17]  Christian Damsgaard Jensen,et al.  Towards a Framework for Assessing Trust-Based Admission Control in Collaborative Ad Hoc Applications , 2002 .

[18]  Alexander Ost Performance of Communication Systems , 2001 .

[19]  Himanshu Khurana,et al.  Review and Revocation of Access Privileges Distributed with PKI Certificates , 2000, Security Protocols Workshop.

[20]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[21]  Pietro Michiardi,et al.  Simulation-based analysis of security exposures in mobile ad hoc networks , 2002 .

[22]  Tracy Camp,et al.  A survey of mobility models for ad hoc network research , 2002, Wirel. Commun. Mob. Comput..

[23]  Levente Buttyán,et al.  Removing the financial incentive to cheat in micropayment schemes , 2000 .

[24]  Refik Molva,et al.  Security in Ad Hoc Networks , 2003, PWC.

[25]  Gabriel Montenegro,et al.  Crypto-based identifiers (CBIDs): Concepts and applications , 2004, TSEC.

[26]  N. L. Chervany,et al.  THE MEANINGS OF TRUST , 2000 .

[27]  Carl M. Ellison,et al.  Establishing identity without certification authorities , 1996 .

[28]  Angelos D. Keromytis,et al.  Trust management for IPsec , 2002, TSEC.

[29]  Karl Aberer,et al.  Managing trust in a peer-2-peer information system , 2001, CIKM '01.

[30]  G. Suryanarayana,et al.  A Survey of Trust Management and Resource Discovery Technologies in Peer-to-Peer Applications , 2004 .

[31]  Luiz A. DaSilva,et al.  Network mobility and protocol interoperability in ad hoc networks , 2004, IEEE Communications Magazine.

[32]  Himanshu Khurana,et al.  Reasoning about joint administration of access policies for coalition resources , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[33]  Ray Jain,et al.  The art of computer systems performance analysis - techniques for experimental design, measurement, simulation, and modeling , 1991, Wiley professional computing.

[34]  Vijay Karamcheti,et al.  dRBAC: distributed role-based access control for dynamic coalition environments , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[35]  Munindar P. Singh,et al.  Incentive Mechanisms for Peer-to-Peer Systems , 2003, AP2PC.

[36]  Giorgos Zacharia,et al.  Trust management through reputation mechanisms , 2000, Appl. Artif. Intell..

[37]  Joachim Biskup,et al.  Towards a credential-based implementation of compound access control policies , 2004, SACMAT '04.

[38]  Adi Shamir,et al.  PayWord and MicroMint: Two Simple Micropayment Schemes , 1996, Security Protocols Workshop.

[39]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[40]  John S. Heidemann,et al.  Modeling the performance of HTTP over several transport protocols , 1997, TNET.

[41]  Stephen Marsh,et al.  Formalising Trust as a Computational Concept , 1994 .

[42]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[43]  Valérie Issarny,et al.  Enhanced Reputation Mechanism for Mobile Ad Hoc Networks , 2004, iTrust.

[44]  Audun Jøsang,et al.  Analysing the Relationship between Risk and Trust , 2004, iTrust.

[45]  Lars Hertzberg,et al.  On the attitude of trust , 1988 .

[46]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[47]  Markus Jakobsson,et al.  Reputation-based Wi-Fi deployment protocols and security analysis , 2004, WMASH '04.

[48]  Partha Dasgupta,et al.  SECURING REPUTATION DATA IN PEER-TO-PEER NETWORKS , 2004 .

[49]  Claudia Keser,et al.  Experimental games for the design of reputation management systems , 2003, IBM Syst. J..

[50]  N.J. Davis,et al.  Toward a decentralized trust-based access control system for dynamic collaboration , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[51]  Lawrence Robinson,et al.  Proving multilevel security of a system design , 1977, SOSP '77.

[52]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[53]  Refik Molva,et al.  Core: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks , 2002, Communications and Multimedia Security.

[54]  Michael J. Butler,et al.  A Trust Analysis Methodology for Pervasive Computing Systems , 2004, Trusting Agents for Trusting Electronic Societies.

[55]  Jean-Pierre Hubaux,et al.  The quest for security in mobile ad hoc networks , 2001, MobiHoc '01.

[56]  Lik Mui,et al.  Computational models of trust and reputation: agents, evolutionary games, and social networks , 2002 .

[57]  Srdjan Capkun,et al.  Self-Organized Public-Key Management for Mobile Ad Hoc Networks , 2003, IEEE Trans. Mob. Comput..

[58]  T. C. Ting,et al.  Information sharing and security in dynamic coalitions , 2002, SACMAT '02.

[59]  Maria Fasli,et al.  On Deciding to Trust , 2005, iTrust.

[60]  S. Gill,et al.  BUILDING TRUST , 2020, Tao te Ching.

[61]  Vinny Cahill,et al.  Towards an Evaluation Methodology for Computational Trust Systems , 2005, iTrust.

[62]  Michael J. Prietula,et al.  Boundedly rational and emotional agents cooperation, trust and rumor , 2001 .

[63]  Rahul Telang,et al.  The Economics of Peer-to-Peer Networks , 2003 .

[64]  Lars Rasmusson,et al.  Simulated social control for secure Internet commerce , 1996, NSPW '96.

[65]  Anupam Joshi,et al.  Vigil: Providing Trust for Enhanced Security in Pervasive Systems , 2005 .

[66]  Tim Gibson An Architecture for Flexible, High Assurance, Multi-Security Domain Networks , 2001, NDSS.

[67]  Michael J. Prietula,et al.  Advice, Trust, and Gossip Among Artificial Agents , 2000 .

[68]  Yong Chen,et al.  End-to-End Trust Starts with Recognition , 2003, SPC.

[69]  David Ingram,et al.  Risk Models for Trust-Based Access Control(TBAC) , 2005, iTrust.

[70]  Timothy W. Finin,et al.  In reputation we believe: query processing in mobile ad-hoc networks , 2004, The First Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, 2004. MOBIQUITOUS 2004..

[71]  Karl Aberer,et al.  Beyond "Web of trust": enabling P2P e-commerce , 2003, EEE International Conference on E-Commerce, 2003. CEC 2003..

[72]  Karl Aberer,et al.  Autonomous Gossiping: A Self-Organizing Epidemic Algorithm for Selective Information Dissemination in Wireless Mobile Ad-Hoc Networks , 2004, ICSNW.

[73]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[74]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[75]  Jean-Yves Le Boudec,et al.  The Effect of Rumor Spreading in Reputation Systems for Mobile Ad-hoc Networks , 2003 .

[76]  John E. Laird,et al.  Variability in Human Behavior Modeling for Military Simulations , 2003 .

[77]  David W. Chadwick,et al.  A Comparison of the Akenti and PERMIS Authorization Infrastructures , 2003 .

[78]  N. Luhmann Trust and Power , 1979 .

[79]  Jean-Yves Le Boudec,et al.  Performance analysis of the CONFIDANT protocol , 2002, MobiHoc '02.

[80]  W. J. Adams,et al.  Calculating a node's reputation in a mobile ad hoc network , 2005, PCCC 2005. 24th IEEE International Performance, Computing, and Communications Conference, 2005..

[81]  D. M. Powazek Gaming the System: How Moderation Tools Can Backfire , 2002 .

[82]  Sangrae Cho,et al.  ROLE-BASED EAM USING X.509 ATTRIBUTE CERTIFICATE∗ , 2003 .

[83]  S. Buchegger,et al.  A Robust Reputation System for Mobile Ad-hoc Networks , 2003 .

[84]  Lyn Bartram,et al.  Designing Portable Collaborative Networks , 2003, ACM Queue.

[85]  Jean-Yves Le Boudec,et al.  Nodes bearing grudges: towards routing security, fairness, and robustness in mobile ad hoc networks , 2002, Proceedings 10th Euromicro Workshop on Parallel, Distributed and Network-based Processing.

[86]  Srilekha Mudumbai,et al.  Certificate-based authorization policy in a PKI environment , 2003, TSEC.

[87]  David Abramson,et al.  Economic models for management of resources in peer-to-peer and grid computing , 2001, SPIE ITCom.

[88]  Andrew Twigg,et al.  Trading in Trust, Tokens, and Stamps , 2003 .

[89]  Marianne Winslett,et al.  Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation , 2003, TSEC.