Validation of a Trust Approach in Multi-Organization Environments

A Multi-Organization Environment is composed of several players that depend on each other for resources and services. In order to manage the security of the exchange process the authors introduce the concept of trust. The authors show how adding this aspect of the cooperative work. In particular, the authors provide a framework where the concepts of trust requirement and trust evaluation play important roles for defining trust vectors. These vectors evaluate a set of requirements, under some conditions, and provide a degree of confidence. In the authors' framework they consider two different types of vectors. On the one hand a vector that relates a user to an organization and on the other hand a vector that links two organizations. Different simulations are presented in this paper in order to show this approach. Moreover, the authors show how these vectors are evaluated and shared among the different organizations. Finally, the authors propose a possible architecture to explain how to integrate their trust module in MOE in order to enhance the security.

[1]  Donald M. Needham,et al.  Experiences in Project-Based Software Engineering: What Works, What Doesn't , 2009 .

[2]  Ana R. Cavalli,et al.  Trust-orBAC: A Trust Access Control Model in Multi-Organization Environments , 2012, ICISS.

[3]  Sebastian Mödersheim,et al.  The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures , 2012, TACAS.

[4]  Javier López,et al.  A Task Ordering Approach for Automatic Trust Establishment , 2012, ESSoS.

[5]  Romain Laborde,et al.  A best practices-oriented approach for establishing trust chains within Virtual Organisations , 2008, 2008 12th Enterprise Distributed Object Computing Conference Workshops.

[6]  Mauro Iacono,et al.  Theory and Application of Multi-Formalism Modeling , 2013 .

[7]  Tao Yu,et al.  A reputation and trust management broker framework for Web applications , 2005, 2005 IEEE International Conference on e-Technology, e-Commerce and e-Service.

[8]  Fabio Martinelli,et al.  Usage Control, Risk and Trust , 2010, TrustBus.

[9]  Nora Cuppens-Boulahia,et al.  O2O: Virtual Private Organizations to Manage Security Policy Interoperability , 2006, ICISS.

[10]  Valérie Issarny,et al.  Security and Trust , 2011, SFM.

[11]  Anas Abou El Kalam,et al.  PolyOrBAC: A security framework for Critical Infrastructures , 2009, Int. J. Crit. Infrastructure Prot..

[12]  Alexander H. Levis,et al.  Multi-Modeling, Meta-Modeling, and Workflow Languages , 2014 .

[13]  Lei Li,et al.  Two-dimensional trust rating aggregations in service-oriented applications , 2011, IEEE Transactions on Services Computing.

[14]  Félix Gómez Mármol,et al.  Security threats scenarios in trust and reputation models for distributed systems , 2009, Comput. Secur..

[15]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[16]  Javier López,et al.  A scale based trust model for multi-context environments , 2010, Comput. Math. Appl..

[17]  Stephen Seidman An International Perspective on Professional Software Engineering Credentials , 2009 .

[18]  Indrajit Ray,et al.  TrustBAC: integrating trust relationships into the RBAC model for access control in open systems , 2006, SACMAT '06.

[19]  Heidi Ellis Software engineering: effective teaching and learning approaches and practices , 2007, SOEN.

[20]  Anas Abou El Kalam,et al.  Access control for cooperative systems: A comparative analysis , 2008, 2008 Third International Conference on Risks and Security of Internet and Systems.

[21]  Nora Cuppens-Boulahia,et al.  XeNA: an access negotiation framework using XACML , 2009, Ann. des Télécommunications.

[22]  Paul Resnick,et al.  Reputation systems , 2000, CACM.

[23]  Indrajit Ray,et al.  A Vector Model of Trust for Developing Trustworthy Systems , 2004, ESORICS.

[24]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..

[25]  John S. Baras,et al.  Trust Credential Distribution in Autonomic Networks , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.