Trust and Trustworthiness
 
SoS Logo

Trust and Trustworthiness

Trust is created in information security through cryptography to assure the identity of external parties. The works cited here have a strong emphasis on Bayesian methods and cloud environments. In addition, the new ISO/IEEE standard for security device identification, has been released as ISO/IEC/IEEE International Standard for Information technology -- Telecommunications and information exchange between systems -- Local and metropolitan area networks -- Part 1AR: Secure device identity," ISO/IEC/IEEE 8802-1AR:2014(E), vol., no., pp.1,82, Feb. 15 2014. It is available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6739984&isnumber=6739983

  • Shuai Ding, Shanlin Yang, Youtao Zhang, Changyong Liang, Chenyi Xia, “Combining QoS Prediction And Customer Satisfaction Estimation To Solve Cloud Service Trustworthiness Evaluation Problems,” Knowledge-Based Systems, Volume 56, January, 2014 ( Pages 216-225). (ID#:14-1476) Available at: http://dl.acm.org/citation.cfm?id=2574576.2574680&coll=DL&dl=GUIDE&CFID=460496431&CFTOKEN=10468024 The collection and combination of assessment data in trustworthiness evaluation of cloud service is challenging, notably because QoS value may be missing in offline evaluation situation due to the time-consuming and costly cloud service invocation. Considering the fact that many trustworthiness evaluation problems require not only objective measurement but also subjective perception, this paper designs a novel framework named CSTrust for conducting cloud service trustworthiness evaluation by combining QoS prediction and customer satisfaction estimation. The proposed framework considers how to improve the accuracy of QoS value prediction on quantitative trustworthy attributes, as well as how to estimate the customer satisfaction of target cloud service by taking advantages of the perception ratings on qualitative attributes. The proposed methods are validated through simulations, demonstrating that CSTrust can effectively predict assessment data and release evaluation results of trustworthiness.

    Keywords: Cloud computing, Customer satisfaction, Multi-attribute evaluation, QoS prediction, Service trustworthiness
  • Iman Keivanloo, Juergen Rilling, “Software Trustworthiness 2.0-A Semantic Web Enabled Global Source Code Analysis Approach,” Journal of Systems and Software, Volume 89, March, 2014, (Pages 33-50). (ID#:14-1477) Available at: http://dl.acm.org/citation.cfm?id=2576249.2576483&coll=DL&dl=GUIDE&CFID=460496431&CFTOKEN=10468024 There has been an ongoing trend toward collaborative software development using open and shared source code published in large software repositories on the Internet. While traditional source code analysis techniques perform well in single project contexts, new types of source code analysis techniques are emerging, which focus on global source code analysis challenges. In this article, we discuss how the Semantic Web, can become an enabling technology to provide a standardized, formal, and semantic rich representations for modeling and analyzing large global source code corpora. Furthermore, inference services and other services provided by Semantic Web technologies can be used to support a variety of core source code analysis techniques, such as semantic code search, call graph construction, and clone detection. In this paper, we introduce SeCold, the first publicly available online linked data source code dataset for software engineering researchers and practitioners. Along with its dataset, SeCold also provides some Semantic Web enabled core services to support the analysis of Internet-scale source code repositories. We illustrated through several examples how this linked data combined with Semantic Web technologies can be harvested for different source code analysis tasks to support software trustworthiness. For the case studies, we combine both our linked-data set and Semantic Web enabled source code analysis services with knowledge extracted from StackOverflow, a crowdsourcing website. These case studies, we demonstrate that our approach is not only capable of crawling, processing, and scaling to traditional types of structured data (e.g., source code), but also supports emerging non-structured data sources, such as crowdsourced information (e.g., StackOverflow.com) to support a global source code analysis context.

    Keywords: Global source code analysis, Linked data, Semantic Web, Source code analysis, trustworthiness
  •  Guannan Si, Jing Xu, Jufeng Yang, Shuo Wen, “An Evaluation Model For Dependability Of Internet-Scale Software On Basis Of Bayesian Networks And Trustworthiness,” Journal of Systems and Software, Volume 89, March, 2014, (Pages 63-75). (ID#:14-1478) Available at: http://dl.acm.org/citation.cfm?id=2576249.2576485&coll=DL&dl=GUIDE&CFID=460496431&CFTOKEN=10468024 Internet-scale software becomes more and more important as a mode to construct software systems when Internet is developing rapidly. Internet-scale software comprises a set of widely distributed software entities which are running in open, dynamic and uncontrollable Internet environment. There are several aspects impacting dependability of Internet-scale software, such as technical, organizational, decisional and human aspects. It is very important to evaluate dependability of Internet-scale software by integrating all the aspects and analyzing system architecture from the most foundational elements. However, it is lack of such an evaluation model. An evaluation model of dependability for Internet-scale software on the basis of Bayesian Networks is proposed in this paper. The structure of Internet-scale software is analyzed. An evaluating system of dependability for Internet-scale software is established. It includes static metrics, dynamic metrics, prior metrics and correction metrics. A process of trust attenuation based on assessment is proposed to integrate subjective trust factors and objective dependability factors which impact on system quality. In this paper, a Bayesian Network is build according to the structure analysis. A bottom-up method that use Bayesian reasoning to analyses and calculate entity dependability and integration dependability layer by layer is described. A unified dependability of the whole system is worked out and is corrected by objective data. The analysis of experiment in a real system proves that the model in this paper is capable of evaluating the dependability of Internet-scale software clearly and objectively. Moreover, it offers effective help to the design, development, deployment and assessment of Internet-scale software.

    Keywords: Bayesian Network, Dependability, Internet-scale software, trustworthiness
  • Krishnaprasad Thirunarayan, Pramod Anantharam, Cory Henson, Amit Sheth, “Comparative Trust Management with Applications: Bayesian Approaches Emphasis,” Future Generation Computer Systems, Volume 31, February, 2014, (Pages 182-199). (ID#:14-1479) Available at: http://dl.acm.org/citation.cfm?id=2564944.2565289&coll=DL&dl=GUIDE&CFID=460496431&CFTOKEN=10468024 Trust relationships occur naturally in many diverse contexts such as collaborative systems, e-commerce, interpersonal interactions, social networks, and semantic sensor web. As agents providing content and services become increasingly removed from the agents that consume them, the issue of robust trust inference and update becomes critical. There is a need to find online substitutes for traditional (direct or face-to-face) cues to derive measures of trust, and create efficient and robust systems for managing trust in order to support decision-making. Unfortunately, there is neither a universal notion of trust that is applicable to all domains nor a clear explication of its semantics or computation in many situations. We motivate the trust problem, explain the relevant concepts, summarize research in modeling trust and gleaning trustworthiness, and discuss challenges confronting us. The goal is to provide a comprehensive broad overview of the trust landscape, with the nitty-gritties of a handful of approaches. We also provide details of the theoretical underpinnings and comparative analysis of Bayesian approaches to binary and multi-level trust, to automatically determine trustworthiness in a variety of reputation systems including those used in sensor networks, e-commerce, and collaborative environments. Ultimately, we need to develop expressive trust networks that can be assigned objective semantics.

    Keywords: Beta-PDF, Binary and multi-level trust, Collaborative systems, Dirichlet distribution, Gleaning trustworthiness, Social and sensor networks, Trust metrics and models (propagation: chaining and aggregation), Trust ontology, Trust system attacks, Trust vs. reputation
  • Ayesha Kanwal, Rahat Masood, Muhammad Awais Shibli, “Evaluation and Establishment of Trust in Cloud Federation,” ICUIMC '14 Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication. January 2014, Article No. 12. (ID#:14-1480) Available at: http://dl.acm.org/citation.cfm?id=2557977.2558023&coll=DL&dl=GUIDE&CFID=460496431&CFTOKEN=10468024 Cloud federation is a future evolution of Cloud computing, where Cloud Service Providers (CSP) collaborate dynamically to share their virtual infrastructure for load balancing and meeting the Quality of Service during the demand spikes. Today, one of the major obstacles in adoption of federation is the lack of trust between Cloud providers participating in federation. In order to ensure the security of critical and sensitive data of customers, it is important to evaluate and establish the trust between Cloud providers, before redirecting the customer's requests from one provider to other provider. We are proposing a trust evaluation model and underlying protocol that will facilitate the cloud providers to evaluate the trustworthiness of each other and hence participate in federation to share their infrastructure in a trusted and reliable way.

    Keywords: cloud federation, trust evaluation model, trust in cloud federation, trust protocol
  • Yier Jin, “EDA Tools Trust Evaluation Through Security Property Proofs,” DATE '14 Proceedings of the Conference on Design, Automation & Test in Europe, March 2014, Article No. 247. (ID#:14-1481) Available at: http://dl.acm.org/citation.cfm?id=2616606.2616908&coll=DL&dl=GUIDE&CFID=460496431&CFTOKEN=10468024 The security concerns of EDA tools have long been ignored because IC designers and integrators only focus on their functionality and performance. This lack of trusted EDA tools hampers hardware security researchers' efforts to design trusted integrated circuits. To address this concern, a novel EDA tools trust evaluation framework has been proposed to ensure the trustworthiness of EDA tools through its functional operation, rather than scrutinizing the software code. As a result, the newly proposed framework lowers the evaluation cost and is a better fit for hardware security researchers. To support the EDA tools evaluation framework, a new gate-level information assurance scheme is developed for security property checking on any gate-level netlist. Helped by the gate-level scheme, we expand the territory of proof-carrying based IP protection from RT-level designs to gate-level netlist, so that most of the commercially trading third-party IP cores are under the protection of proof-carrying based security properties. Using a sample AES encryption core, we successfully prove the trustworthiness of Synopsys Design Compiler in generating a synthesized netlist.

    Keywords: (Not available)
  • Naima Iltaf, Abdul Ghafoor, Usman Zia, Mukhtar Hussain, “An Effective Model for Indirect Trust Computation in Pervasive Computing Environment,” Wireless Personal Communications: An International Journal, Volume 75 Issue 3, April 2014, (Pages 1689-1713). (ID#:14-1482) Available at: http://dl.acm.org/citation.cfm?id=2598716.2598733&coll=DL&dl=GUIDE&CFID=460496431&CFTOKEN=10468024 The performance of indirect trust computation models (based on recommendations) can be easily compromised due to the subjective and social-based prejudice of the provided recommendations. Eradicating the influence of such recommendation remains an important and challenging issue in indirect trust computation models. An effective model for indirect trust computation is proposed which is capable of identifying dishonest recommendations. Dishonest recommendations are identified by using deviation based detecting technique. The concept of measuring the credibility of recommendation (rather than credibility of recommender) using fuzzy inference engine is also proposed to determine the influence of each honest recommendation. The proposed model has been compared with other existing evolutionary recommendation models in this field, and it is shown that the model is more accurate in measuring the trustworthiness of unknown entity.

    Keywords: Malicious recommendation detection, Pervasive computing, Recommendation model
  • Mohamad Mehdi, Nizar Bouguila, Jamal Bentahar, “Correlated Multi-Dimensional QoS Metrics For Trust Evaluation Within Web Services,” AAMAS '14 Proceedings of the 2014 International Conference On Autonomous Agents And Multi-Agent Systems , May 2014, (Pages 1605-1606). (ID#:14-1483) Available at: http://dl.acm.org/citation.cfm?id=2615731.2616084&coll=DL&dl=GUIDE&CFID=460496431&CFTOKEN=10468024 Trust and reputation techniques have offered favorable solutions to the web service selection problem. In distributed systems, service consumers identify pools of service providers that offer similar functionalities. Therefore, the selection task is mostly influenced by the non-functional requirements of the consumers captured by a varied number of QoS metrics. In this paper, we present a QoS-aware trust model that leverages the correlation information among various QoS metrics. We compute the trustworthiness of web services based on probability theory by exploiting two statistical distributions, namely, Dirichlet and generalized Dirichlet, which represent the distributions of the outcomes of multi-dimensional correlated QoS metrics. We employ the Dirichlet and generalized Dirichlet when the QoS metrics are positively or negatively correlated, respectively. Experimental results endorse the advantageous capability of our model in capturing the correlation among QoS metrics and estimating the trustworthiness and reputation of service providers.

    Keywords: generalized dirichlet, probabilistic models, QoS-based trust, reputation
  • Dongyan Xu, “Virtualization and Security: Happily Ever After?,” CODASPY '14 Proceedings of the 4th ACM conference on Data and Application Security And Privacy, March 2014, (Pages 73-74). (ID#:14-1484) Available at: http://dl.acm.org/citation.cfm?id=2557547.2557590&coll=DL&dl=GUIDE&CFID=460496431&CFTOKEN=10468024 Virtualization has been a major enabling technology for improving trustworthiness and tamper-resistance of computer security functions. In the past decade, we have witnessed the development of virtualization-based techniques for attack/malware monitoring, detection, prevention, and profiling. Virtual platforms have been widely adopted for system security experimentation and evaluation, because of their strong isolation, maneuverability, and scalability properties. Conversely, the demand from security research has led to significant advances in virtualization technology itself, for example, in the aspects of virtual machine introspection, check-pointing, and replay. In this talk, I will present an overview of research efforts (including our own) in virtualization-based security and security-driven virtualization. I will also discuss a number of challenges and opportunities in maintaining and elevating the synergies between virtualization and security.

    Keywords: system and network security, trusted computing, virtualization
  • Ning Zhang, Jon W. Mark, Security-aware Cooperation in Cognitive Radio Networks, February 2014. (ID#:14-1485) Available at: http://dl.acm.org/citation.cfm?id=2597620&coll=DL&dl=GUIDE&CFID=460496431&CFTOKEN=10468024 This brief investigates spectrum efficient and energy efficient strategies, known as cognitive radio networks (CRNs), to ensure secure cooperation between licensed and unlicensed users. The authors address issues of spectrum scarcity, spectrum sensing, transmission performance, trust-aware cooperation, and secure communications. Two security-aware cooperation based spectrum access schemes are presented. The first is a trust-aware cooperative framework for CRNs to improve the throughput or energy efficiency of licensed users and offer transmission opportunities to unlicensed users, taking into consideration the trustworthiness of unlicensed users. The second scheme is a cooperative framework to enhance secure communications of licensed users. An introduction to CRNs and literature survey enhance the discussion while numerical results are provided to demonstrate the viability of the proposed schemes. The brief is designed for researchers and professionals working with cognitive radio networks or interested in cooperation based access. Advanced-level students studying computer communication networks and communications engineering will also find this brief useful.

    Keywords: (Not available)
  • Konstantinos Pelechrinis, Prashant Krishnamurthy, Christos Gkantsidis, “Trustworthy Operations in Cellular Networks: The Case of PF Scheduler,” IEEE Transactions on Parallel and Distributed Systems, Volume 25 Issue 2, February 2014, (Pages 292-300). (ID#:14-1486) Available at: http://dl.acm.org/citation.cfm?id=2574228.2574534&coll=DL&dl=GUIDE&CFID=460496431&CFTOKEN=10468024 Cellular data networks are proliferating to address the need for ubiquitous connectivity. To cope with the increasing number of subscribers and with the spatiotemporal variations of the wireless signals, current cellular networks use opportunistic schedulers, such as the Proportional Fairness scheduler (PF), to maximize network throughput while maintaining fairness among users. Such scheduling decisions are based on channel quality metrics and Automatic Repeat reQuest (ARQ) feedback reports provided by the User's Equipment (UE). Implicit in current networks is the a priori trust on every UE's feedback. Malicious UEs can, thus, exploit this trust to disrupt service by intelligently faking their reports. This work proposes a trustworthy version of the PF scheduler (called TPF) to mitigate the effects of such Denial-of-Service (DoS) attacks. In brief, based on the channel quality reported by the UE, we assign a probability to possible ARQ feedbacks. We then use the probability associated with the actual ARQ report to assess the UE's reporting trustworthiness. We adapt the scheduling mechanism to give higher priority to more trusted users. Our evaluations show that TPF 1) does not induce any performance degradation under benign settings, and 2) it completely mitigates the effects of the activity of malicious UEs. In particular, while colluding attackers can obtain up to 77 percent of the time slots with the most sophisticated attack, TPF is able to contain this percentage to as low as 6 percent.

    Keywords: Cellular networks, PF scheduler, trust, misreporting attack
  • Noel Sardana, Robin Cohen, “Modeling Agent Trustworthiness With Credibility For Message Recommendation In Social Networks,” AAMAS '14 Proceedings of the 2014 International Conference On Autonomous Agents And Multi-Agent Systems, May 2014, (Pages 1423-1424). (ID#:14-1487) Available at: http://dl.acm.org/citation.cfm?id=2615731.2617504&coll=DL&dl=GUIDE&CFID=460496431&CFTOKEN=10468024 This paper presents a framework for multiagent systems trust modeling that reasons about both user credibility and user similarity. Through simulation, we are able to show that our approach works well in social networking environments by presenting messages to users with high predicted benefit.

    Keywords: credibility, recommending messages, trust modeling
  • S.M. Iftekharul Alam, Sonia Fahmy, “A Practical Approach For Provenance Transmission In Wireless Sensor Networks,” Ad Hoc Networks, Volume 16, May, 2014 (Pages 28-45). (ID#:14-1488) Available at: http://dl.acm.org/citation.cfm?id=2583132.2583349&coll=DL&dl=GUIDE&CFID=460496431&CFTOKEN=10468024 Assessing the trustworthiness of sensor data and transmitters of this data is critical for quality assurance. Trust evaluation frameworks utilize data provenance along with the sensed data values to compute the trustworthiness of each data item. However, in a sizeable multi-hop sensor network, provenance information requires a large and variable number of bits in each packet, resulting in high energy dissipation due to the extended period of radio communication. In this paper, we design energy-efficient provenance encoding and construction schemes, which we refer to as Probabilistic Provenance Flow (PPF). Our work demonstrates the feasibility of adapting the Probabilistic Packet Marking (PPM) technique in IP traceback to wireless sensor networks. We design two bit-efficient provenance encoding schemes along with a complementary vanilla scheme. Depending on the network size and bit budget, we select the best method based on mathematical approximations and numerical analysis. We integrate PPF with provenance-based trust frameworks and investigate the trade-off between trustworthiness of data items and transmission overhead. We conduct TOSSIM simulations with realistic wireless links, and perform testbed experiments on 15-20TelosB motes to demonstrate the effectiveness of PPF. Our results show that the encoding schemes of PPF have identical performance with a low bit budget (~32-bit), requiring 33% fewer packets and 30% less energy than PPM variants to construct provenance. With a twofold increase in bit budget, PPF with the selected encoding scheme reduces energy consumption by 46-60%.

    Keywords: Energy-efficiency, Provenance, Sensor networks, Trust framework
  • ISO/IEC/IEEE International Standard for Information technology -- Telecommunications and information exchange between systems -- Local and metropolitan area networks -- Part 1AR: Secure device identity," ISO/IEC/IEEE 8802-1AR:2014(E), vol., no., pp.1,82, Feb. 15 2014. (ID#:14-1490) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6739984&isnumber=6739983 A secure device identifier (DevID) is cryptographically bound to a device and supports authentication of the devices identity. Locally significant identities can be securely associated with an initial manufacturer-provisioned DevID and used in provisioning and authentication protocols to allow a network administrator to establish the trustworthiness of a device and select appropriate policies for transmission and reception of data and control protocols to and from the device.

    Keywords: Access controls; Authentication; IEC standards; IEEE standards; ISO standards; Information technology; Local area networks; Metropolitan area networks; Network security; LANs; MAC security; MANs; PKI; X. 509;access control; authentication; authorization; certificate; local area networks; metropolitan area networks; port-based network access control; secure association; secure device identifier; security

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.