An architectural approach for assessing system trust based on security policy specifications and security mechanisms

We investigate trust relationships between and within a security policy and a security mechanism to assess system trust of software application. It has been recognized that trust assessment of security systems in dynamic environments with multiple entities, each with its own changing needs from the security mechanisms, is a complex task. In this paper, we propose a novel architectural approach to assess system trust of service oriented environments. The primary goal of this architecture is to show a way for constructing an automated system for trust assessment of web services. Particularly, we consider beliefs of an entity about a specific security mechanism of a service and the behavior of the service. In addition, we present new trust metrics for assessing system trust of a web service. Furthermore, trust and trust related issues in literature are reviewed to make clear the pros of our approach for trust assessment.

[1]  Panagiotis Papadimitratos,et al.  On Data-Centric Trust Establishment in Ephemeral Ad Hoc Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[2]  Denis Trcek,et al.  A formal apparatus for modeling trust in computing environments , 2009, Math. Comput. Model..

[3]  Elisa Bertino,et al.  Secure knowledge management: confidentiality, trust, and privacy , 2006, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[4]  Ronggong Song,et al.  Trust in E-services: Technologies, Practices and Challenges , 2007 .

[5]  Donna Andert,et al.  Trust Modeling for Security Architecture Development , 2002 .

[6]  Morris Sloman,et al.  A survey of trust in internet applications , 2000, IEEE Communications Surveys & Tutorials.

[7]  Karl Krukow,et al.  Towards a Theory of Trust for the Global Ubiquitous Computer , 2006 .

[8]  Zheng Yan,et al.  Trust management for mobile computing platforms , 2007 .

[9]  Jianxin Li,et al.  PEACE-VO: A Secure Policy-Enabled Collaboration Framework for Virtual Organizations , 2007, 2007 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007).

[10]  Tatyana Ryutov,et al.  A Socio-cognitive Approach to Modeling Policies in Open Environments , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).

[11]  Angelos D. Keromytis,et al.  Dynamic Trust Management , 2009, Computer.

[12]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..

[13]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[14]  M. Condell,et al.  Multidimensional security policy management for dynamic coalitions , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[15]  Timothy W. Finin,et al.  Trust-Based Security in Pervasive Computing Environments , 2022 .

[16]  Jennifer Golbeck,et al.  SUNNY: A New Algorithm for Trust Inference in Social Networks Using Probabilistic Confidence Models , 2007, AAAI.

[17]  Paolo Massa,et al.  A Survey of Trust Use and Modeling in Real Online Systems , 2007 .

[18]  Ji Ma,et al.  IEEE TRANSACTIONS ON SYSTEMS , MAN , AND CYBERNETICS — PART A : SYSTEMS AND HUMANS , 2006 .

[19]  Zhu Han,et al.  Defense of trust management vulnerabilities in distributed networks , 2008, IEEE Communications Magazine.