Abstract
A Trust Management model that provides a measure of the degree to which a principal is trusted for some action is proposed. At the heart of the model is the notion that triangular norms and conorms provide a natural and consistent interpretation for trust aggregation across delegation chains. It is argued that specifying how trust is aggregated is as important as specifying a degree of trust value in an attribute certificate and, therefore, in stating the degree to which a principal trusts another, the principal should also state how that trust may aggregate across delegation chains. The model is illustrated and has been implemented using a modified, but backwards-compatible, version of the KeyNote Trust Management system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Becker, M., Fournet, C., Gordon, A.: Design and semantics of a decentralized authorization language. In: 20th IEEE Computer Security Foundations Symposium (January 2007)
Bistarelli, S., Martinelli, F., Santini, F.: A semantic foundation for trust management languages with weights: An application to the RT family. In: Rong, C., Jaatun, M.G., Sandnes, F.E., Yang, L.T., Ma, J. (eds.) ATC 2008. LNCS, vol. 5060, pp. 481–495. Springer, Heidelberg (2008)
Bistarelli, S., Santini, F.: Propagating multitrust within trust networks. In: SAC 2008: Proceedings of the 2008 ACM symposium on Applied computing, pp. 1990–1994. ACM, New York (2008)
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The Keynote trust-management system, version 2, IETF RFC2704 (September 1999)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 164–173. IEEE Computer Society Press, Oakland (1996)
Buchanan, B., Shortliffe, E.: Ruled Based Expert Systems, The MYCIN Experiment of the Stanford Heuristic Programming Project. Addison-Wesley, Reading (1984)
Colbourn, C.: The Combinatorics of Network Reliability. Oxford University Press, Oxford (1987)
Dubois, D., Prade, H.: A review of fuzzy sets aggregation connectives. Information Sciences 36, 85–121 (1985)
Ellison, C., Frantz, B., Lampson, B., Rivest, R.L., Thomas, B., Ylonen, T.: SPKI certificate theory, IETF RFC2693 (September 1999)
Fagin, R.: Fuzzy queries in multimedia database systems. In: PODS 1998: Proceedings of the seventeenth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems, pp. 1–10. ACM, New York (1998)
Foley, S.N.: Security risk management using internal controls. In: WISG 2009: Proceedings of the first ACM workshop on Information security governance, pp. 59–64. ACM, New York (2009)
Foley, S.N.: Using trust management to support transferable hash-based micropayments. In: Proceedings of the 7th International Financial Cryptography Conference, FWI, Gosier (January 2003)
Foley, S.N., Rooney, V.: Qualitative analysis for trust management: Towards a model of photograph sharing indiscretion. In: Seventeenth International Security Protocols Workshop. LNCS. Springer, Heidelberg (April 2009) (post-proceedings forthcoming)
Gilbert, E., Karahalios, K.: Predicting tie strength with social media. In: Proceedings of the 27th international conference computer-human interaction (January 2009)
Haenni, R., Jonczy, J.: A new approach to PGP’s web of trust. In: EEMA 2007: European e-Identity Conference, Paris, France (2007)
Jøsang, A., Bhuiyan, T.: Optimal trust network analysis with subjective logic. In: Second International Conference on Emerging Security Information, Systems and Technologies (SECURWARE), pp. 179–184 (2008)
Jøsang, A., Hayward, R., Pope, S.: Trust network analysis with subjective logic. In: ACSC: Proceedings of the 29th Australasian Computer Science Conference, pp. 85–94 (2006)
Jøsang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43(2), 618–644 (2007)
Klement, E.P., Mesiar, R., Pap, E.: On the relationship of associative compensatory operators to triangular norms and conorms. International Journal of Uncertainty, Fuzziness and Knowledge based Systems 4(2) (1996)
Li, J., Li, N., Winsborough, W.: Automated trust negotiation using cryptographic credentials. In: Proceedings of the 12th ACM conference on Computer and Communications Security (January 2005)
Mackworth, A.: Constraint satisfaction. In: Shapiro, S. (ed.) Encyclopedia of AI, 2nd edn, pp. 285–293. John Wiley & Sons, Chichester (1992)
Mahoney, G., Myrvold, W., Shoja, G.: Generic reliability trust model. In: Proceedings of the 3rd Annual Conference on Privacy, Security and Trust (PST), 3rd edn, vol. 5 (2005)
Montanari, U.: Networks of constraints: Fundamental properties and applications to picture processing. Information Science 7, 95–132 (1974)
Reiter, M., Stubblebine, S.: Authentication metric analysis and design. ACM Trans. Inf. Syst. Secur. 2(2), 138–158 (1999)
Riegelsberger, J., Sasse, M., McCarthy, J.: The mechanics of trust: A framework for research and design. Int. J. Hum.-Comput. Stud. 62(3), 381–422 (2005)
Schweizer, B., Sklar, A.: Probabilistic metric spaces. North Holland, New York (1983)
Team Choco: choco: an open source java constraint programming library. In: Third International CSP Solver Competition, Website, http://www.choco.emn.fr (2008)
Zimmermann, H.J., Zysno, P.: Latent connectives in human decision making. Fuzzy Sets and Systems 4, 37–51 (1980)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Foley, S.N., Mac Adams, W., O’Sullivan, B. (2011). Aggregating Trust Using Triangular Norms in the KeyNote Trust Management System. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds) Security and Trust Management. STM 2010. Lecture Notes in Computer Science, vol 6710. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22444-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-22444-7_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22443-0
Online ISBN: 978-3-642-22444-7
eBook Packages: Computer ScienceComputer Science (R0)