MATE: Mobility and Adaptation with Trust and Expected-utility

Mobility is one of the defining charact eristics of many pervasive environments. As pervasive devices move, they experience new contexts (e.g., new network boundaries or new peering devices) to which they may adapt by loading new software components or by updating existing ones. Unfortunately, loading and updating code introduces security problems, particularly because components may be from untrusted sources with which devices happen to be networked at the time of need. Thus, a pervasive device must be able to distinguish between trustworthy and untrustworthy peering devices so that they load software components only from trustworthy ones. To achieve this, the device may run a software agent that comprises a trust mode l and a decision-making model: the former manages information about peering devices' tr ustworthiness upon which the latter decides appropriate actions, e.g., whether to load software or ask the user for further guidance. We here propose a decision-making model named MATE, which works as follows. It lists potential risks depending on the device's context and running application. When it has to decide whether to load software from another device, MATE assigns occurrence probabilities to those risks in two ways. In the first approach, the probabilities depend on the peering device's trustworthiness (i.e., the output of the trust model). In the second approach, MATE computes the probabilities using a Bayesian formalization that works without an additional (trust) model. After computing those probabilities, MATE applies the expected-utility decision rule to decide whether or not it is in its node interests to load a particular component.

[1]  Stephen Hailes,et al.  Supporting trust in virtual communities , 2000, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.

[2]  Dan Forsberg,et al.  Protocol for Carrying Authentication for Network Access (PANA) , 2008, RFC.

[3]  E. Friedman,et al.  The Social Cost of Cheap Pseudonyms , 2001 .

[4]  Christian Damsgaard Jensen,et al.  Trading Privacy for Trust , 2004, iTrust.

[5]  F. Knight The economic nature of the firm: From Risk, Uncertainty, and Profit , 2009 .

[6]  Joseph J. Giglierano,et al.  Missing the Boat and Sinking the Boat: A Conceptual Model of Entrepreneurial Risk , 1986 .

[7]  Richard S. Hall,et al.  Beanome: A Component Model for the OSGi Framework , 2002 .

[8]  L. Mui,et al.  A computational model of trust and reputation , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[9]  S. Hailes,et al.  Risk Aware Decision Framework for Trusted Mobile Interactions , 2005 .

[10]  Cecilia Mascolo,et al.  Adaptive resource discovery for ubiquitous computing , 2004, MPAC '04.

[11]  D. Bernoulli Exposition of a New Theory on the Measurement of Risk , 1954 .

[12]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[13]  Angelos D. Keromytis,et al.  Key note: Trust management for public-key infrastructures , 1999 .

[14]  Gordon S. Blair,et al.  An Efficient Component Model for the Construction of Adaptive Middleware , 2001, Middleware.

[15]  David Ingram,et al.  Risk Models for Trust-Based Access Control(TBAC) , 2005, iTrust.

[16]  Daniele Quercia,et al.  TATA: Towards Anonymous Trusted Authentication , 2006, iTrust.

[17]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[18]  George E. Rejda Principles of insurance , 1982 .

[19]  Richard S. Hall,et al.  Autonomous adaptation to dynamic availability using a service-oriented component model , 2004, Proceedings. 26th International Conference on Software Engineering.

[20]  Wayne Jansen,et al.  NIST Special Publication 800-19 – Mobile Agent Security , 2000 .

[21]  Paddy Nixon,et al.  A formal model of trust lifecycle management , 2003 .

[22]  T. Yamagishi,et al.  Trust and commitment in the United States and Japan , 1994 .

[23]  E. Rowland Theory of Games and Economic Behavior , 1946, Nature.

[24]  Daniele Quercia,et al.  STRUDEL: supporting trust in the dynamic establishment of peering coalitions , 2006, SAC '06.

[25]  Sotirios Terzis,et al.  Engineering Trust Based Collaborations in a Global Computing Environment , 2004, iTrust.

[26]  Licia Capra,et al.  Engineering human trust in mobile system collaborations , 2004, SIGSOFT '04/FSE-12.

[27]  Yong Chen,et al.  Risk probability estimating based on clustering , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[28]  Andrew S. Patrick,et al.  Building Trustworthy Software Agents , 2002, IEEE Internet Comput..

[29]  Nathan Dimmock How much is "enough"? Risk in trust-based access control , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[30]  Daniele Quercia,et al.  B-Trust: Bayesian Trust Framework for Pervasive Computing , 2006, iTrust.

[31]  Vladimiro Sassone,et al.  A formal model for trust in dynamic networks , 2003, First International Conference onSoftware Engineering and Formal Methods, 2003.Proceedings..

[32]  寺岡 文男,et al.  Protocol for carrying Authentication for Network Access (PANA) を利用したネットワークアクセス認証システムの実装と検証 , 2007 .

[33]  J. Riley,et al.  The analytics of uncertainty and information: Long-run relationships and the credibility of threats and promises , 1992 .

[34]  D. G. Rees,et al.  Foundations of Statistics , 1989 .

[35]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[36]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[37]  Yong Chen,et al.  Using Trust for Secure Collaboration in Uncertain Environments , 2003, IEEE Pervasive Comput..

[38]  Mark Richard Greene,et al.  Risk and insurance , 1973 .

[39]  Stephen Marsh,et al.  Formalising Trust as a Computational Concept , 1994 .

[40]  Cecilia Mascolo,et al.  Satin: A Component Model for Mobile Self Organisation , 2004, CoopIS/DOA/ODBASE.

[41]  Audun Jøsang,et al.  Analysing the Relationship between Risk and Trust , 2004, iTrust.

[42]  Wayne A. Jansen,et al.  Mobile Agent Security , 1999 .