A Formal Notion of Trust - Enabling Reasoning about Security Properties

Historically, various different notions of trust can be found, each addressing particular aspects of ICT systems, e.g. trust in electronic commerce systems based on reputation and recommendation, or trust in public key infrastructures. While these notions support the understanding of trust establishment and degrees of trustworthiness in their respective application domains, they are insufficient for the more general notion of trust needed when reasoning about security in ICT systems. In this paper we present a formal definition of trust to be able to exactly express trust requirements from the view of different entities involved in the system and to support formal reasoning such that security requirements, security and trust mechanisms and underlying trust assumptions can be formally linked and made explicit. Integrated in our Security Modeling Framework this formal definition of trust can support security engineering processes and formal validation and verification by enabling reasoning about security properties w.r.t. trust.

[1]  Sigrid Gürgens SG Logic- A Formal Analysis Technique for Authentication Protocols , 1997, Security Protocols Workshop.

[2]  Morris Sloman,et al.  A survey of trust in internet applications , 2000, IEEE Communications Surveys & Tutorials.

[3]  Paul F. Syverson,et al.  On unifying some cryptographic protocol logics , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  N. L. Chervany,et al.  THE MEANINGS OF TRUST , 2000 .

[5]  Carsten Rudolph,et al.  On a formal framework for security properties , 2005, Comput. Stand. Interfaces.

[6]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[7]  Thomas Sudkamp,et al.  Languages and Machines , 1988 .

[8]  Robert Demolombe,et al.  Reasoning About Trust: A Formal Logical Framework , 2004, iTrust.

[9]  Vladimiro Sassone,et al.  A formal model for trust in dynamic networks , 2003, First International Conference onSoftware Engineering and Formal Methods, 2003.Proceedings..

[10]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  Ahmed Patel Formal methods, techniques and tools for secure and reliable applications , 2005, Comput. Stand. Interfaces.

[12]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[13]  Samuel Eilenberg,et al.  Automata, languages, and machines. A , 1974, Pure and applied mathematics.

[14]  Aaron Weiss Trusted computing , 2006, NTWK.

[15]  Martín Abadi,et al.  A semantics for a logic of authentication (extended abstract) , 1991, PODC '91.

[16]  Mark R. Tuttle,et al.  A Semantics for a Logic of Authentication , 1991, PODC 1991.

[17]  Ahmad-Reza Sadeghi,et al.  Trusted Computing , 2010, Handbook of Financial Cryptography and Security.

[18]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..