A formal distributed network monitoring approach for enhancing trust management systems

As the Digital Ecosystems are growing in use and in popularity, the need to boost the methods concerned by their interoperability is growing as well; making thus trustworthy interactions of the different agents (e.g., network systems) a priority. In our work, we focus on "soft trust", that is trust management systems that can be based on experience and reputation. Each trust system defines how they evaluate the trustee experience. The observations of the trustee behaviors are added to the trustee experience. Furthermore, most of the works dedicated to trust estimations in different kinds of ecosystems are based on local observations through monitored entities. No formal approaches have been defined for distributed monitored elements by considering several points of observations. This is what we intend in this work. We propose to use distributed network monitoring techniques to analyze the packets that the truster and trustee exchange in order to prove the trustee is acting in a trustworthy manner. A formal approach is defined to express trust properties and to evaluate them on real execution traces. Our approach is applied on DNS traces for assessing the trust among the entities.

[1]  Ana R. Cavalli,et al.  FSM-Based Test Derivation Strategies for Systems with Time-Outs , 2011, 2011 11th International Conference on Quality Software.

[2]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[3]  Robert A. Kowalski,et al.  The Semantics of Predicate Logic as a Programming Language , 1976, JACM.

[4]  Ana R. Cavalli,et al.  Trust-orBAC: A Trust Access Control Model in Multi-Organization Environments , 2012, ICISS.

[5]  Hassan Takabi,et al.  DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments , 2011, 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[6]  Stéphane Maag,et al.  A Formal Data-Centric Approach for Passive Testing of Communication Protocols , 2013, IEEE/ACM Transactions on Networking.

[7]  Fatiha Zaïdi,et al.  Testing methodology for an ad hoc routing protocol , 2006, PM2HW2N '06.

[8]  H. Boley,et al.  Digital Ecosystems: Principles and Semantics , 2007, 2007 Inaugural IEEE-IES Digital EcoSystems and Technologies Conference.

[9]  Ana R. Cavalli,et al.  A vector based model approach for defining trust in Multi-Organization Environments , 2012, 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS).

[10]  Marianne Winslett,et al.  TrustBuilder2: A Reconfigurable Framework for Trust Negotiation , 2009, IFIPTM.

[11]  Guy Pujolle,et al.  An autonomic knowledge monitoring scheme for trust management on mobile ad hoc networks , 2012, 2012 IEEE Wireless Communications and Networking Conference (WCNC).

[12]  Stephen Marsh,et al.  Formalising Trust as a Computational Concept , 1994 .

[13]  Christoph Meinel,et al.  A Flexible and Efficient Alert Correlation Platform for Distributed IDS , 2010, 2010 Fourth International Conference on Network and System Security.

[14]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[15]  Scott Rose,et al.  DNS Security Introduction and Requirements , 2005, RFC.

[16]  Stéphane Maag,et al.  A Logic-based Passive Testing Approach for the Validation of Communicating Protocols , 2012, ENASE.

[17]  Nora Cuppens-Boulahia,et al.  XeNA: an access negotiation framework using XACML , 2009, Ann. des Télécommunications.

[18]  Joan Feigenbaum,et al.  REFEREE: Trust Management for Web Applications , 1997, Comput. Networks.

[19]  Stephen Deering,et al.  Internet Protocol Version 6(IPv6) , 1998 .

[20]  Niels Provos,et al.  Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority , 2008, NDSS.

[21]  Morris Sloman,et al.  A survey of trust in internet applications , 2000, IEEE Communications Surveys & Tutorials.

[22]  Indrajit Ray,et al.  A Vector Model of Trust for Developing Trustworthy Systems , 2004, ESORICS.

[23]  Yuanzhuo Wang,et al.  Prevent DNS Cache Poisoning Using Security Proxy , 2011, 2011 12th International Conference on Parallel and Distributed Computing, Applications and Technologies.

[24]  Morris Sloman,et al.  Trust Management Tools for Internet Applications , 2003, iTrust.

[25]  Chi-Chun Lo,et al.  A Cooperative Intrusion Detection System Framework for Cloud Computing Networks , 2010, 2010 39th International Conference on Parallel Processing Workshops.

[26]  David L. Mills,et al.  Internet time synchronization: the network time protocol , 1991, IEEE Trans. Commun..

[27]  Ana R. Cavalli,et al.  A formal validation methodology for MANET routing protocols based on nodes' self similarity , 2008, Comput. Commun..

[28]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[29]  Joan Feigenbaum,et al.  KeyNote : Trust management for public-key infrastructures. Discussion , 1999 .