Using trust and risk for access control in global computing

Global Computing is a vision of a massively networked infrastructure supporting a large population of diverse but cooperating entities. Similar to ubiquitous computing, entities of global computing will operate in environments that are dynamic and unpredictable, requiring them to be capable of dealing with unexpected interactions and previously unknown principals using an unreliable infrastructure. These properties will pose new security challenges that are not adequately addressed by existing security models and mechanisms. Traditionally privileges are statically encoded as security policy, and while role-based access control introduces a layer of abstraction between privilege and identity, roles, privileges and context must still be known in advance of any interaction taking place. Human society has developed the mechanism of trust to overcome initial suspicion and gradually evolve privileges. Trust successfully enables collaboration amongst human agents — a computational model of trust ought to be able to enable the same in computational agents. Existing research in this area has concentrated on developing trust management systems that permit the encoding of, and reasoning about, trust beliefs, but the relationship between these and privilege is still hard coded. These systems also omit any explicit reasoning about risk, and its relationship to privilege, nor do they permit the automated evolution of trust over time. This thesis examines the relationship between trust, risk and privilege in an access control system. An outcome-based approach is taken to risk modelling, using explicit costs and benefits to model the relationship between risk and privilege. This is used to develop a novel model of access control — trustbased access control (TBAC) — firstly for the limited domain of collaboration between Personal Digital Assistants (PDAs), and later for more general global computing applications using the SECURE computational trust framework. This general access control model is also used to extend an existing rolebased access control system to explicitly reason about trust and risk. A further refinement is the incorporation of the economic theory of decision-making under

[1]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[2]  Vladimiro Sassone,et al.  A Formal Model for Trust in Dynamic Networks , 2003 .

[3]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[4]  Thomas Beth,et al.  Valuation of Trust in Open Networks , 1994, ESORICS.

[5]  Martín Abadi,et al.  Bankable Postage for Network Services , 2003, ASIAN.

[6]  Walt Yao,et al.  Fidelis: A Policy-Driven Trust Management Framework , 2003, iTrust.

[7]  A. Copeland Review: John von Neumann and Oskar Morgenstern, Theory of games and economic behavior , 1945 .

[8]  David W. Chadwick,et al.  Persistent versus Dynamic Role Membership , 2003, DBSec.

[9]  James H. Aylor,et al.  Computer for the 21st Century , 1999, Computer.

[10]  H. Simon,et al.  Models of Bounded Rationality: Empirically Grounded Economic Reason , 1997 .

[11]  Ling Liu,et al.  Building Trust in Decentralized Peer-to-Peer Electronic Communities , 2002 .

[12]  Nicola Mezzetti,et al.  A Socially Inspired Reputation Model , 2004, EuroPKI.

[13]  David Ingram,et al.  An Evidence Based Architecture for Efficient, Attack-Resistant Computational Trust Dissemination in Peer-to-Peer Networks , 2005, iTrust.

[14]  Norman L. Chervany,et al.  Conceptualizing trust: a typology and e-commerce customer relationships model , 2001, Proceedings of the 34th Annual Hawaii International Conference on System Sciences.

[15]  Antony I. T. Rowstron,et al.  Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.

[16]  Timothy W. Finin,et al.  A policy language for a pervasive computing environment , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[17]  Nathan Dimmock,et al.  Peer-to-peer collaborative spam detection , 2004, CROS.

[18]  Adrian Friday,et al.  Leveraging the Grid to Provide a Global Platform for Ubiquitous Computing Research , 2003 .

[19]  Benefits for Environmental Decisions,et al.  Choice Under Uncertainty: Problems Solved And Unsolved , 1990 .

[20]  Walt Yao,et al.  Trust management for widely distributed systems , 2003 .

[21]  Julita Vassileva,et al.  Trust and reputation model in peer-to-peer networks , 2003, Proceedings Third International Conference on Peer-to-Peer Computing (P2P2003).

[22]  Richard Ford,et al.  How to think about security , 2006, IEEE Security & Privacy.

[23]  S Hailes,et al.  Using Recommendations for Managing Trust in Distributed Systems , 1997 .

[24]  Ravi S. Sandhu,et al.  The ARBAC97 model for role-based administration of roles: preliminary description and outline , 1997, RBAC '97.

[25]  David Ingram Trust-Based Filtering for Augmented Reality , 2003, iTrust.

[26]  Angelos D. Keromytis,et al.  Key note: Trust management for public-key infrastructures , 1999 .

[27]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[28]  Maarten Marx,et al.  Specifying access control policies for XML documents with XPath , 2004, SACMAT '04.

[29]  Stephen Weeks,et al.  Understanding trust management systems , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[30]  Christian Damsgaard Jensen,et al.  The Claim Tool Kit for ad hoc recognition of peer entities , 2005, Sci. Comput. Program..

[31]  Wolfgang Leiniger,et al.  Games and information: An introduction to game theory: Eric Rasmusen, (Basil Blackwell, Oxford, 1989) , 1991 .

[32]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[33]  Eytan Adar,et al.  Free Riding on Gnutella , 2000, First Monday.

[34]  F. Knight The economic nature of the firm: From Risk, Uncertainty, and Profit , 2009 .

[35]  Diego Gambetta Can We Trust Trust , 2000 .

[36]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[37]  David Ingram,et al.  Risk Models for Trust-Based Access Control(TBAC) , 2005, iTrust.

[38]  Joseph Y. Halpern,et al.  A Logic for Reasoning about Evidence , 2002, UAI.

[39]  J. Neumann,et al.  Theory of games and economic behavior , 1945, 100 Years of Math Milestones.

[40]  David Michael Eyers,et al.  Active privilege management for distributed access control systems , 2005 .

[41]  Audun Jsang,et al.  Analysing topologies of transitive trust , 2003 .

[42]  Steven Hand,et al.  Managing Trust and Reputation in the XenoServer Open Platform , 2003, iTrust.

[43]  F. Ramsey The Foundations of Mathematics and Other Logical Essays , 2001 .

[44]  David W. Chadwick,et al.  An Authorisation Interface for the GRID , 2003 .

[45]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2001, TSEC.

[46]  S. Buchegger,et al.  A Robust Reputation System for Mobile Ad-hoc Networks , 2003 .

[47]  Ken Moody,et al.  Combining Trust and Risk to Reduce the Cost of Attacks , 2005, iTrust.

[48]  Evangelos Kotsovinos,et al.  Pinocchio: Incentives for Honest Participation in Distributed Trust Management , 2004, iTrust.

[49]  Ben Y. Zhao,et al.  Approximate Object Location and Spam Filtering on Peer-to-Peer Systems , 2003, Middleware.

[50]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[51]  Naftaly H. Minsky,et al.  On the role of roles: from role-based to role-sensitive access control , 2004, SACMAT '04.

[52]  Mark Richard Greene,et al.  Risk and Insurance , 2013, International Construction Contract Law.

[53]  Peter R. Pietzuch,et al.  XenoTrust: event-based distributed trust management , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[54]  David W. Chadwick,et al.  The PERMIS X.509 role based privilege management infrastructure , 2002, SACMAT '02.

[55]  Jean Thilmany Getting on the Grid , 2003 .

[56]  Audun Jøsang,et al.  A Logic for Uncertain Probabilities , 2001, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[57]  David Garlan,et al.  Project Aura: Toward Distraction-Free Pervasive Computing , 2002, IEEE Pervasive Comput..

[58]  H. Simon,et al.  Models of Bounded Rationality, Volume 1: Economic Analysis and Public Policy , 1982 .

[59]  Stephen Farrell,et al.  End-to-end trust in pervasive computing starts with recognition , 2003 .

[60]  David A. Maltz,et al.  Dynamic Source Routing in Ad Hoc Wireless Networks , 1994, Mobidata.

[61]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[62]  M. Machina Choice under Uncertainty: Problems Solved and Unsolved , 1987 .

[63]  Morris Sloman,et al.  Trust Management Tools for Internet Applications , 2003, iTrust.

[64]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[65]  Anne-Marie Kermarrec,et al.  The many faces of publish/subscribe , 2003, CSUR.

[66]  Ashton Applewhite News: Getting the Grid , 2002, IEEE Distributed Syst. Online.

[67]  Christian Damsgaard Jensen,et al.  Towards a Framework for Assessing Trust-Based Admission Control in Collaborative Ad Hoc Applications , 2002 .

[68]  Ben Y. Zhao,et al.  Towards a Common API for Structured Peer-to-Peer Overlays , 2003, IPTPS.

[69]  L. J. Savage,et al.  The Foundations of Statistics , 1955 .

[70]  Audun Jøsang,et al.  The right type of trust for distributed systems , 1996, NSPW '96.

[71]  Guido Rossum,et al.  Python Reference Manual , 2000 .

[72]  Sylvia L. Osborn,et al.  A role-based approach to access control for XML databases , 2004, SACMAT '04.

[73]  Andrew Twigg,et al.  Attack-resistance of computational trust models , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[74]  E. Rowland Theory of Games and Economic Behavior , 1946, Nature.

[75]  Peter Sewell,et al.  Cassandra: distributed access control policies with tunable expressiveness , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[76]  J. Riley,et al.  The analytics of uncertainty and information: Long-run relationships and the credibility of threats and promises , 1992 .

[77]  Karl Aberer,et al.  Managing trust in a peer-2-peer information system , 2001, CIKM '01.

[78]  Ueli Maurer,et al.  Modelling a Public-Key Infrastructure , 1996, ESORICS.

[79]  Nathan Dimmock How much is "enough"? Risk in trust-based access control , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[80]  E. Rasmusen Games and Information: An Introduction to Game Theory , 2006 .

[81]  Harry Chen,et al.  Information Agents for Mobile and Embedded Devices , 2001, CIA.

[82]  E. Friedman,et al.  The Social Cost of Cheap Pseudonyms , 2001 .

[83]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2002, ACM Trans. Inf. Syst. Secur..

[84]  Andrei Serjantov,et al.  Puzzles in P2P systems , 2004 .

[85]  Bruce Schneier We are all security consumers , 2003, IEEE Security & Privacy Magazine.

[86]  Vinny Cahill,et al.  Towards an Evaluation Methodology for Computational Trust Systems , 2005, iTrust.

[87]  Jean Bacon,et al.  Trust for Ubiquitous, Transparent Collaboration , 2004, Wirel. Networks.

[88]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[89]  Stephen Hailes,et al.  Supporting trust in virtual communities , 2000, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.

[90]  David R. Karger,et al.  Building peer-to-peer systems with chord, a distributed lookup service , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[91]  Yong Chen,et al.  Using Trust for Secure Collaboration in Uncertain Environments , 2003, IEEE Pervasive Comput..

[92]  Peter Sewell,et al.  Cassandra: flexible trust management, applied to electronic health records , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[93]  S. Buchegger,et al.  A Robust Reputation System for P2P and Mobile Ad-hoc Networks , 2004 .

[94]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[95]  Dan S. Wallach,et al.  Enforcing Fair Sharing of Peer-to-Peer Resources , 2003, IPTPS.

[96]  Peter Druschel,et al.  Pastry: Scalable, distributed object location and routing for large-scale peer-to- , 2001 .

[97]  Sandy Murphy,et al.  Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted , 1995, RFC.

[98]  Alessandra Russo,et al.  A goal-based approach to policy refinement , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[99]  Marc Langheinrich,et al.  When Trust Does Not Compute - The Role of Trust in Ubiquitous Computing , 2003 .

[100]  Munindar P. Singh,et al.  An evidential model of distributed reputation management , 2002, AAMAS '02.

[101]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[102]  Jean Bacon,et al.  Access control and trust in the use of widely distributed services , 2001, Softw. Pract. Exp..

[103]  B. Shand,et al.  Trust for resource control: self-enforcing automatic rational contracts between computers , 2004 .

[104]  Tao Gu,et al.  Ontology based context modeling and reasoning using OWL , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[105]  Vladimiro Sassone,et al.  A formal model for trust in dynamic networks , 2003, First International Conference onSoftware Engineering and Formal Methods, 2003.Proceedings..

[106]  David M. Eyers,et al.  Using trust and risk in role-based access control policies , 2004, SACMAT '04.

[107]  Ninghui Li,et al.  Towards practical automated trust negotiation , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.