Trust Management III

An auction platform is a dynamic environment where a rich variety of social effects can be observed. Most of those effects remain unnoticed or even hidden to ordinary users. The in-depth studies of such effects should allow us to identify and understand the key factors influencing users’ behaviour. The material collected from the biggest Polish auction house has been analyzed. NLP algorithms were applied to extract sentiment-related content from collected comments. Emotional distance between negative, neutral and positive comments has been calculated. The obtained results confirm the existence of the spiral-of-hatred effect but also indicate that much more complex patterns of mutual relations between sellers and buyers exist. The last section contains a several suggestions which can prove useful to improve trustworthiness of users’ reports and security of an auction platform in general.

Today, most Internet applications still establish user authentication with traditional text based passwords. Designing a secure as well as a user-friendly password-based method has been on the agenda of security researchers for a long time. On one hand, there are password manager programs which facilitate generating site-specific strong passwords from a single user password to eliminate the memory burden due to multiple passwords. On the other hand, there are studies exploring the viability of graphical passwords as a more secure and user-friendly alternative. In this paper, we present GPEX, a password manager program implemented as a web browser plug-in to enable using graphical passwords to secure Internet applications without any need to change their authentication interface. Experimental results show that GPEX has security and usability advantages over other password manager plug-ins. specifically; we find that with the visual interface of GPEX, users have a more complete and accurate mental model of the system and incorrect login attempts causing security exposures can easily be avoided.

Trust has been explored by many researchers in the past as a solution for assisting the process of recommendation production. In this work we are examining the feasibility of building networks of trusted users using the existing evidence that would be provided by a standard recommender system. As there is lack of models today that could help in finding the relationship between trust and similarity we build our own that uses a set of empirical equations to map similarity metrics into Subjective Logic trust. In this paper we perform evaluation of the proposed model as being a part of a complete recommender system. Finally, we present the interesting results from this evaluation that shows the performance and benefits of our trust modeling technique as well as its impact on the user community as it evolves over time.

Reputation-management, as proposed for dynamic and open systems aims to provide mechanism for analysing the behaviour of agents, and to distribute this information so that the impact of the actions of those acting against the interests of a community can be limited. We study the assumptions that underpin this decision-making role for reputation-management and highlight its limitations with regard to the incentives required to realise the benefits that are claimed for it. Moreover, we show that the benefits claimed for it may not be realisable without enforcing tight constraints on the behaviour and the expectations of agents with respect to the definition of the interaction model and the incentives it presents.

In many distributed applications, a party who wishes to make a transaction requires that it has a certain level of trust in the other party. It is frequently the case that the parties are unknown to each other and thus share no pre-existing trust. Trust-based systems enable users to establish trust in unknown users through trust recommendation from known users. For example, Bob may choose to trust an unknown user Carol when he receives a recommendation from his friend Alice that Carol’s trustworthiness is 0.8 on the interval [0,1].

In this paper we highlight the problem that when a trust value is recommended by one user to another it may lose its real meaning due to subjectivity. Bob may regard 0.8 as a very high value of trust but it is possible that Alice perceived this same value as only average. We present a solution for the elimination of subjectivity from trust recommendation. We run experiments to compare our subjectivity-eliminated trust recommendation method with the unmodified method. In a random graph based web of trust with high subjectivity, it is observed that the novel method can give better results up to 95% of the time.

During the past decade, online collaboration has grown from a practice primarily associated with the workplace to a social phenomenon, where ordinary people share information about their life, hobbies, interests, politics etc. In particular, social software, such as open collaborative authoring systems like wikis, has become increasingly popular. This is probably best illustrated through the immense popularity of the Wikipedia, which is a free encyclopedia collaboratively edited by thousands of Internet users with a minimum of administration.

As more and more people come to rely on the information stored in open collaborative authoring systems, security is becoming an important concern for such systems. Inaccuracies in the Wikipedia have been rumoured to cause students to fail courses, innocent people have been associated with the murder of John F. Kennedy, etc. Improving the correctness, completeness and integrity of information in collaboratively authored documents is therefore of vital importance to the continued success of such systems.

It has previously been observed that integrity is the most important security property in open collaborative authoring systems. In this paper we propose a general security model for open collaborative authoring systems based on a combination of classic integrity mechanisms from computer security and reputation systems. The model is able to accommodate a number of different integrity policies and three different policies are presented in the paper. While the model provides a reputation based assessment of the trustworthiness of the information contained in a document, the primary objective is to prevent untrustworthy authors from compromising the integrity of the document. In order to determine the effectiveness of the proposed integrity model, we present an attacker model for open collaborative authoring systems, which allows us to calculate the vulnerability of a given document based on the fraction of malicious authors in the system.

This paper reasons on usage control in Data Grids. We adapt the UCON _abc usage control framework for the case of distributed systems with multiple authoritative points. We call it the distributed usage control model. Then, we present an architecture implementing such model. In doing so, we use the functional components of the current Grids. Finally, we show a simple way for controlling the policy granularity using Semantic Grid technologies for the specification of policy subjects and objects.

In this paper, we take the first step to address the gap between the security needs in outsourced hosting services and the protection provided in the current practice. We consider both insider and outsider attacks in the third-party web hosting scenarios. We present SafeWS, a modular solution that is inserted between server side scripts and databases in order to prevent and detect website hijacking and unauthorized access to stored data. To achieve the required security, SafeWS utilizes a combination of lightweight cryptographic integrity and encryption tools, software engineering techniques, and security data management principles. We also describe our implementation of SafeWS and its evaluation. The performance analysis of our prototype shows the overhead introduced by security verification is small. SafeWS will allow business owners to significantly reduce the security risks and vulnerabilities of outsourcing their sensitive customer data to third-party providers.

A network of people having established trust relations and a model for propagation of related trust scores are fundamental building blocks in many of today’s most successful e-commerce and recommendation systems. However, the web of trust is often too sparse to predict trust values between non-familiar people with high accuracy. Trust inferences are transitive associations among users in the context of an underlying social network and may provide additional information to alleviate the consequences of the sparsity and possible cold-start problems. Such approaches are helpful, provided that a complete trust path exists between the two users. An alternative approach to the problem is advocated in this paper. Based on collaborative filtering one can exploit the like-mindedness resp. similarity of individuals to infer trust to yet unknown parties which increases the trust relations in the web. For instance, if one knows that with respect to a specific property, two parties are trusted alike by a large number of different trusters, one can assume that they are similar. Thus, if one has a certain degree of trust to the one party, one can safely assume a very similar trustworthiness of the other one. In an attempt to provide high quality recommendations and proper initial trust values even when no complete trust propagation path or user profile exists, we propose TILLIT — a model based on combination of trust inferences and user similarity. The similarity is derived from the structure of the trust graph and users’ trust behavior as opposed to other collaborative-filtering based approaches which use ratings of items or user’s profile. We describe an algorithm realizing the approach based on a combination of trust inferences and user similarity, and validate the algorithm using a real large-scale data-set.

Trust is situation-specific and the trust judgment problem with which the truster is confronted might be, in some ways, similar but not identical to some problems the truster has previously encountered. The truster then may draw information from these past experiences useful for the current situation. We present a knowledge-intensive and model-based case-based reasoning framework that supports the truster to infer such information. The suggested method augments the typically sparse trust information by inferring the missing information from other situational conditions, and can better support situation-aware trust management. Our framework can be coupled with existing trust management models to make them situation-aware. It uses the underlying model of trust management to transfer trust information between situations. We validate the proposed framework for Subjective Logic trust management model and evaluate it by conducting experiments on a large real dataset.

Information is essential to decision making. Nowadays, decision makers are often overwhelmed with large volumes of information, some of which may be inaccurate, incorrect, inappropriate, misleading, or maliciously introduced. With the advocated shift of information sharing paradigm from “need to know” to “need to share” this problem will be further compounded. This poses the challenge of achieving assured information sharing so that decision makers can always get and utilize the up-to-date information for making the right decisions, despite the existence of malicious attacks and without breaching privacy of honest participants. As a first step towards answering this challenge this paper proposes a systematic framework we call TIUPAM, which stands for “Trustworthiness-centric Identity, Usage, Provenance, and Attack Management.” The framework is centered at the need of trustworthiness and risk management for decision makers, and supported by four key components: identity management, usage management, provenance management and attack management. We explore the characterization of both the core functions and the supporting components in the TIUPAM framework, which may guide the design and realization of concrete schemes in the future.

To date, research in trust negotiation has focused mainly on the theoretical aspects of the trust negotiation process, and the development of proof of concept implementations. These theoretical works and proofs of concept have been quite successful from a research perspective, and thus researchers must now begin to address the systems constraints that act as barriers to the deployment of these systems. To this end, we present TrustBuilder2, a fully-configurable and extensible framework for prototyping and evaluating trust negotiation systems. TrustBuilder2 leverages a plug-in based architecture, extensible data type hierarchy, and flexible communication protocol to provide a framework within which numerous trust negotiation protocols and system configurations can be quantitatively analyzed. In this paper, we discuss the design and implementation of TrustBuilder2, study its performance, examine the costs associated with flexible authorization systems, and leverage this knowledge to identify potential topics for future research, as well as a novel method for attacking trust negotiation systems.

The importance of provenance information as a means to trust and validate the authenticity of available data cannot be stressed enough in today’s web-enabled world. The abundance of data now accessible due to the Internet explosion brings with it the related issue of determining how much of it is trustworthy. Provenance information, such as who is responsible for the data or how the data came to be, assists in the process of verifying the authenticity of the data. Semantic web technologies such as Resource Description Framework (RDF) include the ability to record such provenance information through the process of reification. RDF’s popularity has resulted in a demand for modeling and visualization tools. The work presented in this paper, called R2D, attempts to address this demand by innovatively integrating existing, stable technologies such as relational systems with the newer web technologies such as RDF. The work in this paper extends our earlier work by adding support for the RDF concept of reification. Reification enables the association of a level of trust and confidence with RDF triples, thereby enabling the ranking/validation of the authenticity of the triples. Details of the algorithmic enhancements to the various components of R2D that were made to support RDF reification are presented along with performance graphs for queries executed on a database containing crime records data from a police department.

A security risk analysis will only serve its purpose if we can trust that the risk levels obtained from the analysis are correct. However, obtaining correct risk levels requires that we find correct likelihood and consequence values for the unwanted incidents identified during the analysis. This is often very hard. Moreover, the values may soon be outdated as the system under consideration or its environment changes. It is therefore desirable to be able to base estimates of risk levels on measurable indicators that are dynamically updated. In this paper we present an approach for exploiting measurable indicators in order to obtain a risk picture that is continuously or periodically updated. We also suggest dynamic notions of confidence aiming to capture to what extent we may trust the current risk picture.

Effective defense against Internet threats requires data on global real time network status. Internet sensor networks provide such real time network data. However, an organization that participates in a sensor network risks providing a covert channel to attackers if that organization’s sensor can be identified. While there is benefit for every party when any individual participates in such sensor deployments, there are perverse incentives against individual participation. As a result, Internet sensor networks currently provide limited data. Ensuring anonymity of individual sensors can decrease the risk of participating in a sensor network without limiting data provision.

Two contributions are made in this paper. The first is an anonymity mechanism to defeat injection attacks. This defense mechanism is based on economics rather than classic cryptographic protocols. The second builds on the foundations created by the first. It is the a proposal for randomized sampling of correlated sensory inputs to asymmetrically increase the cost of sensor identification for attackers without significantly reducing the quality of the published data.

To date, trust and reputation systems have often been evaluated using methods of their designers’ own devising. Recently, we demonstrated that a number of noteworthy trust and reputation systems could be readily defeated, revealing limitations in their original evaluations. Efforts in the trust and reputation community to develop a testbed have yielded a successful competition platform, ART. This testbed, however, is less suited to general experimentation and evaluation of individual trust and reputation technologies. In this paper, we propose an experimentation and evaluation testbed based directly on that used in our investigations into security vulnerabilities in trust and reputation systems for marketplaces. We demonstrate the advantages of this design, towards the development of more thorough, objective evaluations of trust and reputation systems.

In recent global business environments, collaborations among organisations raise an increased demand for swift establishment. Such collaborations are formed between organisations entering Virtual Organizations (VOs), crossing geographic borders and frequently without prior experience of the other partner’s previous performance. In VOs, every participant risks engaging with partners who may exhibit unexpected fraudulent or otherwise untrusted behaviour. In order to cope with this risk, the STochastic REputation system (STORE) was designed to provide swift, automated decision support for selecting partner organisations in the early stages of the VO’s formation. The contribution of this paper first consists of a multi-agent simulation framework design and implementation to evaluate the STORE reputation system. This framework is able to simulate dynamic agent behaviour, agents hereby representing organisations, and to capture the business context of different VO application scenarios. A configuration of agent classes is a powerful tool to obtain not only well or badly performing agents for simulation scenarios, but also agents which are specialized in particular VO application domains or even malicious agents, attacking the VO community. The second contribution comprises of STORE’s evaluation in two simulation scenarios, set in the VO application domains of Collaborative Engineering and Ad-hoc Service provisioning. Besides the ability to clearly distinguish between agents of different classes according to their reputation, the results prove STORE’s ability to take an agent’s dynamic behaviour into account. The simulation results show, that STORE solves the difficult task of selecting the most trustworthy partner for a particular VO application domain from a set of honest agents that are specialized in a wide spread of VO application domains.

Computational trust and reputation models are used to aid the decision-making process in complex dynamic environments, where we are unable to obtain perfect information about the interaction partners. In this paper we present a comparison of our proposed hidden Markov trust model to the Beta reputation system. The hidden Markov trust model takes the time between observations into account, it also distinguishes between system states and uses methods previously applied to intrusion detection for the prediction of which state an agent is in. We show that the hidden Markov trust model performs better when it comes to the detection of changes in behavior of agents, due to its larger richness in model features. This means that our trust model may be more realistic in dynamic environments. However, the increased model complexity also leads to bigger challenges in estimating parameter values for the model. We also show that the hidden Markov trust model can be parameterized so that it responds similarly to the Beta reputation system.

In 2005, the Wikipedia became the most popular reference website on the Internet and it has continued to grow in size and popularity ever since. With the increasing reliance on the Wikipedia comes issues of the credibility and provenance of content. In order to address these issues, we have developed a Recommender System for the Wikipedia, which allows the users of the Wikipedia to rate articles in order to guide other users about the quality of articles. This rating system provides both an incentive for authors to improve articles and a quantifiable measure of the perceived quality of articles.

The aim of this demonstration is to show how a governed composition of security related services, provided through the Security as a Service (SaaS) paradigm, can be leveraged on in order to provide a more flexible and usable approach to security in distributed and complex systems.

The demonstration will feature the presentation of a security governance gateway that allows manipulating the security configuration of resources exposed through it in a more dynamic way compared to existing techniques. An additional key aspect of the governance gateway is to improve the visibility of the different parameters to take in account when securing the access to a resource in order to make the decision process more adequate. Through this presentation, the demonstrators hope to show the practicability and interest of governed, composable and adaptable security.

The GridTrust Security Framework (GSF) offers security and trust management for the next generation Grids (NGG). It follows a vertical approach for Grid security from requirements level right down to application and middleware levels. New access control models for collaborative computing, such as the usage control model (UCON), are implemented for securing the Grid systems. The GSF is composed of security and trust services and tools provided at the middleware and Grid foundation middleware layers. GSF addresses three layers of the NGG architecture: the Grid application layer, the Grid service middleware layer, and the Grid foundation layer. The framework is composed of security and trust services and tools provided at the middleware and Grid foundation middleware layers. GSF provides policy-driven autonomic access control solutions that provide a continuous monitoring of the usage of resources by users.

In order to achieve agility of the enterprise and shorter concept-to-market timescales for new services, IT and communication providers and their customers increasingly use technologies and concepts which come together under the banner of the Service Oriented Infrastructure (SOI) approach. In this paper we focus on the challenges relating to SOI security. The solutions presented cover the following areas: i) identity federation, ii) distributed usage & access management, and iii) context-aware secure messaging, routing & transformation. We use a scenario from the collaborative engineering space to illustrate the challenges and the solutions.

With enterprise boundaries becoming fuzzier, it’s become clear that businesses need to share resources, expose services, and interact in many different ways. In order to achieve such a distribution in a dynamic, flexible, and secure way, we have designed and implemented a virtual hosting environment (VHE) which aims at integrating business services across enterprise boundaries and virtualising the ICT environment within which these services operate in order to exploit economies of scale for the businesses as well as achieve shorter concept-to-market time scales. To illustrate the relevance of the VHE, we have applied it to the online gaming world. Online gaming is an early adopter of distributed computing and more than 30% of gaming developer companies, being aware of the shift, are focusing on developing high performance platforms for the new online trend.