Article

Trust Specification and Analysis for Internet Applications

Authors:
To read the full-text of this research, you can request a copy directly from the author.

Abstract

The specification and analysis of trust relationships in Internet applications are important contributors to the advancement of E-Commerce. For Internet commerce to be accepted by both consumers and companies, a trust management framework must be formulated. It is assumed that trust management entails trust specification and trust analysis. This document looks at the theoretical foundation of trust and trust management and seeks to find more realistic and flexible solutions.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the author.

... Shand and Bacon 2004], a aplicação tem como principal objetivo o uso de agendas compartilhadas em PDA. O modelo SULTAN desenvolvido por [Grandison 2003], teve como base o modelo visto (num total 4 modelo que fortemente o influenciaram). ...
... Desta forma o modelo tenta não repetir o mesmo erro do modelo proposto em [Capra 2003] que tenta modelar a confiança humana em qualquer situação. O nosso modelo tenta gerenciar a confiança que uma pessoa tem em um serviço, assim como modelo descrito em [Grandison 2003] que se limita a falar de aplicações para internet. O nosso modelo tenta de forma simples descrever um modelo para o gerenciamento da confiança, desta forma espero que o modelo seja de fácil entendimento para a maioria das pessoas já que não foram usadas ferramentas matemáticas extremamente pesadas como é feito no trabalho de [M. ...
Article
The advancements of the technology of Wireless Network have been considerable in the last years and the facilities in the obtaining of equipment have become more and more near to the reality the computation ubiquitous. In the future will be possible see persons selling or buying his car through of his mobile device, businessmen negotiating of purchase and sell of actions amid the traffic. Certainly available technology for this exists. What do we must ask is ourselves itself in the present state is possible initi-ate a dependable interaction between users. The efforts in become possible a trustworthy collaborations dependable between users that need interact, has not walked in the same speed of the advancements of the technology of Wireless Network. In this article we are going to discuss models proposed by researchers of highlight in the trust management area, discuss the advantages and disad-vantage of the models proposed by these researchers and on the basis of this reflection propose a new trust management model in mobile devices for specific scenario. Resumo. Os avanços da tecnologia de redes sem fio têm sido consideráveis nos últimos anos e as facilidades na obtenção de equipamentos têm tornado cada vez mais próxima da realidade a computação ubíqua.
... The trust management system also provides trust establishment, trust evaluation, trust monitoring and trust analysis service. Traditionally, trust managment has always focused on how one can make authorization and access control more efficiently [3]. Blaze, et al. first introduced the trust management problem as a distinct and important component of security in network services [4]. ...
... KeyNote has a built-in credential verification system and a simple notation to express authorization predicates. Grandison [3] proposes SULTAN (Simple Universal Logicoriented Trust Analysis Notation), an abstract, logic-oriented framework designed to facilitate the specification, analysis and management of trust relationships. The IBM Trust Management System [6] implements trust management on top of the Role Based Access Control model. ...
Conference Paper
Full-text available
Trust can be used to measure our confidence that a secure syste m be- haves as expected. We had previously proposed a vector model of trust (1). In this work we address the problem of trust management using the vector model. We develop a new trust management engine which we call VTrust (from Vector Trust). The trust management engine stores and manages current as well as his- torical information about different parameters that define a trust relation between a truster and a trustee. We propose an SQL like language called TrustQL to in- teract with the trust management engine. TrustQL consists of a Trust Definition Language (TDL) that is used to define a trust relationship and a Trust Manipu- lation Language (TML) that is used to query and update information about trust relationships.
... This view of trust is from a business management perspective and offers an interesting analysis of what must be done to embed trust in e-Procurement. Grandison (2001) defines trust as the firm belief in the competence of an entity to act dependably, securely and reliably within a specified context. The e-Procurement environment is obviously an environment characterised with risk, for a variety of reasons. ...
... Trust is a cosmic topic that incorporates trust establishment, trust management and risk concerns. Grandison (2001) survey of trust on internet protocol portrayed trust as an important aspect of decision making for internet applications which particularly influences the specification of security and risk policies. The survey provides a working definition of trust for Internet applications and it also explains the properties of trust relationships. ...
Article
Full-text available
The efficiency of e-Procurement is based on the imperatives, trust and perceived risk. Trust is established as a major factor moderating transaction processes on the internet. It has implicit relational properties and therefore needs the context of a relationship to develop. Previous works have suggested that lack of trust is a major impediment to e-Procurement. Trust and perceived risk exhibits inverse relationships and, paradoxically have causative effect on e-Procurement. EProcurement organisations are in continuous search on how their consumer’s trust can be evaluated. In this study, based on a synthesis of literature, we offer an integrative model of consumer trust in e- Procurement. It is a mathematical model that not only maps trust behaviour, but also sensitive and accommodative of an acceptable risk threshold in electronic transaction environments. It also proffers solution to the exploration of consumer’s trust evaluation. Published (publisher's copy) Peer Reviewed
... One possible approach is to develop a trust management framework that includes a generic set of trust negotiation parameters, is integrated with service, and is bidirectional. Trust management (Grandison, 2001;Krishna and Maarof, 2003) is defined as "the activity of collecting, codifying, analysing and presenting evidence relating to competence, honesty, security or dependability with the purpose of making assessments and decisions regarding trust relationships for internet applications". As the service composition dynamics in the digital computing environment are very complex, trust management control frameworks should include all the possible primitives trust issues. ...
Article
Full-text available
Public cloud offerings are gaining a lot of popularity as they offer consistent savings to the users by their pay-as-you-go model. Parties involved in public cloud transactions may be unknown to each other, however the users need to access the services of unknown cloud providers or third parties and even handover their significant data. Then the genuineness of the service providers or users becomes the most important concern. An established trust between the parties can help in creating sustainable transactions as well as long lasting business relations. To manage and build the trust, there is a strong need of trust management mechanism, which can fulfil the requirements from both the customer and provider perspective. Present work proposes a three-layer trust management model in public cloud environment, which can accomplish the expectations from both the viewpoints and can also support in building a long-term trustworthy relationships between them.
... One possible approach is to develop a trust management framework that includes a generic set of trust negotiation parameters, is integrated with service, and is bidirectional. Trust management (Grandison, 2001;Krishna and Maarof, 2003) is defined as "the activity of collecting, codifying, analysing and presenting evidence relating to competence, honesty, security or dependability with the purpose of making assessments and decisions regarding trust relationships for internet applications". As the service composition dynamics in the digital computing environment are very complex, trust management control frameworks should include all the possible primitives trust issues. ...
Article
Full-text available
Public cloud offerings are gaining a lot of popularity as they offer consistent savings to the users by their pay-as-you-go model. Parties involved in public cloud transactions may be unknown to each other, however the users need to access the services of unknown cloud providers or third parties and even handover their significant data. Then the genuineness of the service providers or users becomes the most important concern. An established trust between the parties can help in creating sustainable transactions as well as long lasting business relations. To manage and build the trust, there is a strong need of trust management mechanism, which can fulfil the requirements from both the customer and provider perspective. Present work proposes a three-layer trust management model in public cloud environment, which can accomplish the expectations from both the viewpoints and can also support in building a long-term trustworthy relationships between them.
... An attempt to design an abstract, comprehensive framework to analyse and manage trust relationships was made by Grandison [1], resulting in the Simple Universal Logic-oriented Trust Analysis Notation (SULTAN). SULTAN was developed to simplify the specification of trust relationships and their management. ...
Article
This paper outlines a conceptual architecture for an autonomic middleware component designed to provide application-independent access control for use in large-scale highly-dynamic computing environments. In such environments, most notably ambient/pervasive computing environments, centralised access control policy determination is impossible or inadvisable because of the complexity of trust relationships. In the absence of centralisation, network resources are forced to make trusting decisions locally, in the light of information that they themselves can gather. Thus the architecture that is described in this paper is founded around an automatic knowledge acquisition and processing mechanism, acting as the foundations of a semi-autonomous multi-agent system (MAS). The agents dynamically organise themselves into cooperating distributed communities that mediate between users and devices (collectively known as trustees) and network resources (principals). Once activated by their owners, agents maintain user credentials, negotiate amongst themselves to establish the credibility of prospective trustees identities and cooperate to gather evidence about the likelihood of trustees adhering to the policies of principals.
Chapter
Full-text available
Trust is an essential requirement to transact in the digital environment. Digital identity proves a user’s presence, whereas the trust proves the standing and worthiness. Trust management can establish and verify the trust to give rise to new outcomes for online transactions such as increased perception towards buying and selling the goods and services, increased retention and loyalty, increased reputation and so on. This paper presents the need and significance of trust management in the digital environment, along with the various models and techniques available to manage the trust. A comparative analysis has been presented for the available models. The work has a lot of importance, considering the large scale proliferation of the digital environment as well as the electronic businesses.
Article
Full-text available
Trust is an essential requirement to transact in the digital environment. Digital identity proves a user's presence, whereas the trust proves the standing and worthiness. Trust management can establish and verify the trust to give rise to new outcomes for online transactions such as increased perception towards buying and selling the goods and services, increased retention and loyalty, increased reputation and so on. This paper presents the need and significance of trust management in the digital environment, along with the various models and techniques available to manage the trust. A comparative analysis has been presented for the available models. The work has a lot of importance, considering the large scale proliferation of the digital environment as well as the electronic businesses.
Article
An early understanding of the trust concerns while composing a distributed system from independently developed software services saves time and effort. It also allows the developer of such distributed systems to reason about the trust-related properties of these systems. Although there are prevalent approaches for evaluating the trust of such systems, it is not clear which approach, if any, is the most comprehensive and best suited for a given situation. Moreover, there is no agreement about a unified approach, for quantifying trust, which can be applied to the entire software life-cycle of distributed systems. This article, first, motivates the need for such a quantification of trust via a case study from the domain of indoor tracking. It then provides a comprehensive survey of current approaches that define trust, in general domains, and then focuses on the relevant approaches from the domain of software-oriented distributed systems. These prevalent efforts are categorized into groups using existing clustering tools and then are further analyzed for their comprehensiveness. The analysis depicts: (1) many trust-related efforts and associated models have their own constrained views of trust; (2) different trust models focus on different aspects of trust and life-cycle details; and (3) it is difficult to interoperate across different trust models. Hence, the paper identifies a set of principles that can assist in quantifying and evaluating the trust throughout the software life-cycle of distributed systems. These principles, then, are applied to the aforementioned case study to provide an outline of how trustworthy distributed systems can be composed from independent software services. Copyright © 2015 John Wiley & Sons, Ltd.
Chapter
Mark Weiser had a vision of ubiquitous computing that was motivated by his belief that profound technologies disappear into the physical environment that surrounds us [1]. This vision has become a reality. Fewer than 2% of all microprocessors sold go into conventional PCs, the vast majority of the remainder becoming part of embedded systems, although few of these are currently networked. It is not, however, difficult to foresee that the efforts aimed at overcoming the inherent complexities in producing truly ubiquitous networked systems are most likely to bear fruit in the short to medium term.
Conference Paper
If the hype is to be believed, we have come very close to the realisation of a ubiquitous computing environment. There are already a wide variety of devices, networking technolo- gies and bespoke services; and yet the vision of anywhere anytime computing is proving somewhat elusive. Software abstractions and metaphors that were developed for desk- top applications do not extend to ubiquitous computing. Because of the frequency of contextual changes and the paucity of resources, new distributed applications require much more flexible support for controlled reconfiguration, self-adaptation, and recovery of components. We present a lightweight component management Mid- dleware that provides flexibility by allowing design, deploy- ment, and run-time reconfigurability. At design and deploy- ment time, the developer can design a system by structuring software components according to a specific scenario. Then, at run-time, she can dynamically reconfigure the system, ad- just to new environments, or dynamically add mechanisms that enables self-adaptation.
Conference Paper
Communication is essential in multi-agent systems, since it allows agents to share knowledge and to coordinate. However, in open multi-agent systems, autonomous and heterogeneous agents can dynamically enter or leave the system. It is then important to take into account that some agents may not respect – voluntarily or not – the rules that make the system function properly. In this paper, we propose a trust model for the reliability of agent communications. We define inconsistencies in the communications (represented as social commitments) in order to enable agents to detect lies and update their trust model of other agents. Agents can also use their trust model to decide whether to trust or not a new message sent by another agent.
Conference Paper
Full-text available
Trust management has received a lot of attention recently as it is an important component of decision making for electronic commerce, Internet interactions and electronic contract negotiation. However, appropriate tools are needed to effectively specify and manage trust relationships. They should facilitate the analysis of trust specification for conflicts and should enable information on risk and experience information to be used to help in decision- making. High-level trust specifications may also be refined to lower-level implementation policies about access control, authentication and encryption. In this paper, we present the SULTAN trust management toolkit for the specification, analysis and monitoring of trust specifications. This paper will present the following components of the toolkit: the Specification Editor, the Analysis Tool, the Risk Service and the Monitoring Service.
Conference Paper
The diversity of the kinds of interactions between principals in distributed computing systems, especially critical infrastructures, has expanded rapidly in recent years. However, the state of the art in trust management is not yet sufficient to support this diversity of interactions. This paper presents a rationale and design for much richer trust management than is possible today. It presents a set of requirements for more generalized trust management and an analysis of their necessity. A new trust management framework is presented that supports dynamic and composable trust.
Article
Full-text available
Tese (doutorado)—Universidade de Brasília, Faculdade de Tecnologia, Departamento de Engenharia Elétrica, 2008. A tese apresenta um modelo de confiança aplicado aos processos de gestão da tecnologia da informação. Discorre sobre definições de confiança explicitando alguns tipos da confiança e apresenta modelos de confiança aplicados em áreas distintas. Focaliza a governança de TI, enfatizando a necessidade do alinhamento com as estratégias organizacionais e a harmonização com a atividade-fim das empresas. Para isso aborda os impactos da confiança na governança de TI, onde estudos recentes identificam que organizações com uma governança de TI ajustada ao negócio obtêm vantagens em relação às demais. Nesse contexto aborda o entendimento de que o rumo seguro está vinculado à confiança que contribui para o alcance dos resultados objetivados pela gestão, desde que seja controlada e medida, levando a que as organizações de TI adquiram maior eficácia no alinhamento da TI com a estratégia organizacional. A validação do Modelo proposto foi realizada por intermédio de um estudo de caso em uma organização real onde foi elaborado um diagnóstico da situação, empregando requisitos consagrados de confiança associados aos processos pertinentes de gestão de TI. Em tal processo foram cumpridas todas as fases previstas na elaboração do Modelo, desde o planejamento até a tabulação dos resultados obtidos após a implantação das respostas às questões formuladas o que foi feito de modo a permitir a verificação dos impactos da confiança, atividade na qual se contou com o auxílio de um sistema eletrônico desenvolvido para essa finalidade. ___________________________________________________________________________________ ABSTRACT This dissertation presents a model of trust in the management of the information technology. It presents relevant aspects on the use of trust on the Information Technology (IT) Management. It comments on the definitions of trust relates the contemporary business environment to crescent risks, as far as trust is concerned, based on the complexity deriving from globalized relationships. It focuses IT management, emphasizing the necessity of alignment with the organizational strategies and the harmonization with the end-activity of the companies. To do so it approaches the impacts of the trust in IT management where recent studies identify that organizations whose IT management is business-focused run less risks and get advantages in relation to others. In this context, it approaches the understanding that the safe route is tied to the trust, which may provide highly desirable results to management, as long as they are controlled and measured, making IT organizations to acquire greater effectiveness in their alignment to the organizational strategy. The application of the model consisted of a case study in the DMB Organization which was drafted a result and a diagnosis of the situation, employing requirements enshrined in trust associated with the relevant procedures of management. In this application have been completed all stages in developing the model, from planning to the tabulation of results after the deployment of the questions raised what was done to enable the verification of the impacts of trust, an activity which had the aid of an electronic system designed for that purpose.
Conference Paper
The conceptual architecture of the access control system described here is based on automatic distributed acquisition and processing of knowledge about users and devices in computer networks. It uses autonomous agents for distributed knowledge management. Agents grouped into distributed communities act as mediators between users/devices and network resources. Communicating with each other, they make decisions about whether a certain user or device can be given access to a requested resource. In other words, agents in our system perform user/device authentication, authorisation, and maintenance of user credentials.
Conference Paper
Full-text available
Traditional security tools and infrastructures have proven to be inadequate, inflexible, and difficult to apply in the incredibly large Internet of today. Existing security systems deal mainly with authentication and access control and are not suitable for the increasingly demanding trust requirements in today's network-based applications. In this paper, a general-purpose, application-independent dynamic distributed trust model (DDTM) that is suitable for access control in the Internet applications is proposed. The core of this model is the recommendation trust model organized as a trust delegation tree and authorization delegation realized by a delegation certificate. DDTM provides a distributed key-oriented certificate issuing mechanism with no centralized global authority. The service authorities can create their own trust policy and control access to the services owned by them. In this paper, we first point out the insufficiency of the existing access control mechanisms and review several method for expressing trust. We then propose the dynamic distributed trust model that works over the Internet. Finally, we focus on the detail operations of trust delegation tree.
ResearchGate has not been able to resolve any references for this publication.