服务计算环境下的信任评估模型

分析了传统信任评估模型,论述了基于信任的扩展SOA模型和信任建模方法,根据第三方代理的推荐信誉看法和团体信誉看法,提出了一种新的服务计算信任评估安全模型(SOC-TrustSM)。SOC-TrustSM在传统信任评估模型的基础上,引入了第一手、第二手、第三手的推荐信誉看法及团体信誉看法,能够较准确地获得服务计算环境下获信代理的信任值,可以有效地抵御代理间的恶意推荐行为。     

Propagation Models for Trust and Distrust in Social Networks

Semantic Web endeavors have mainly focused on issues pertaining to knowledge representation and ontology design. However, besides understanding information metadata stated by subjects, knowing about their credibility becomes equally crucial. Hence, trust and trust metrics, conceived as computational means to evaluate trust relationships between individuals, come into play. Our major contribution to Semantic Web trust management through this work is twofold. First, we introduce a classification scheme for trust metrics along various axes and discuss advantages and drawbacks of existing approaches for Semantic Web scenarios. Hereby, we devise an advocacy for local group trust metrics, guiding us to the second part which presents Appleseed, our novel proposal for local group trust computation. Compelling in its simplicity, Appleseed borrows many ideas from spreading activation models in psychology and relates their concepts to trust evaluation in an intuitive fashion. Moreover, we provide extensions for the Appleseed nucleus that make our trust metric handle distrust statements. Cai-Nicolas Ziegler is a post-doctoral researcher at DBIS, the Databases and Information Systems group of the University of Freiburg, Germany. He studied Computer Science at the University of Passau, Germany, and Université Laval, Québec, receiving his Diploma (equivalent to MSc) in 2003. Cai-Nicolas obtained his PhD in Computer Science from the University of Freiburg in 2005. His primary research interests cover collaborative filtering applications and recommender systems, as well as computational trust models on the verge of human-computer interaction. Georg Lausen is head of the research group on Databases and Information Systems (DBIS) at the University of Freiburg, Germany. He received his Diploma in Industrial Engineering in 1978, PhD in 1982, and his postdoctoral lecture qualification (Habilitation) in 1985 from the University of Karlsruhe (TH). He was associate professor for Information Technology and Integration Problems at the Technical University of Darmstadt from 1986 to 1987. From 1987 to 1994 he was full professor for databases and informations systems at the University of Mannheim, and since 1994 at the University of Freiburg. His current research interests comprise information integration, internet technologies, and Web services.     

基于信任度的Web服务跨域访问控制

针对当前存在的访问控制模型不能很好地应用主体历史操作记录的问题,本文结合信任管理技术提出了一种基于信任度的访问控制模型,体现了主体实际操作对于授权的影响,并将该模型扩展到多域环境下解决Web服务环境中的跨域访问控制问题。     

Windows环境下信任链传递及其性能分析

动态多路径信任链(DMPTC)是一个基于软件类型特点的系统可信验证和保证机制. DMPTC对静态的系统软件和动态的应用软件加以区分,并采用不同的方式和策略对软件的装载运行加以控制,使得计算平台只运行那些有可信来源的可执行代码,从而确保平台的可信和安全. DMPTC可以用来防范各种已知和未知的恶意代码,并可以用来加强对生产信息系统中应用软件的管理和控制. DMPTC可以克服传统的静态单路径信任传递在系统灵活性和实用性层面的缺陷,并且在系统性能方面进行了深入的考虑和深层的优化.系统性能分析和实际测试结果都表明,在Windows系统平台上实现的DMPTC对系统运行带来的性能损失小于1%.     

多域间安全互操作的信任传播策略

多域环境下的访问控制是域间进行协作必须要解决的问题之一。本文对域间互操作的信任传播问题进行了分析,给出了自主策略、深度策略和角色策略。通过角色委托和角色映射,使角色的管理权和使用权分别传递。并对实现方案进行了讨论。     

Web服务中的信任评估模型

针对当前信任评估模型系统性能低的问题,对Web服务环境中采用的评估模型进行改进,提高系统的整体性能。同时对模型中计算各独立信任度综合信任度的合意运算进行改进,体现各信任度对综合信任度的不同影响程度。模拟实验证明,对模型以及合意运算的改进达到了预期效果。     

Behavior‐Based Propagation of Trust in Social Networks with Restricted and Anonymous Participation

Increasing interactions and engagements in social networks through monetary and material incentives is not always feasible. Some social networks, specifically those that are built on the basis of fairness, cannot incentivize members using tangible things and thus require an intangible way to do so. In such networks, a personalized recommender could provide an incentive for members to interact with other members in the community. Behavior‐based trust models that generally compute social trust values using the interactions of a member with other members in the community have proven to be good for this. These models, however, largely ignore the interactions of those members with whom a member has interacted, referred to as “friendship effects.” Results from social studies and behavioral science show that friends have a significant influence on the behavior of the members in the community. Following the famous Spanish proverb on friendship “Tell Me Your Friends and I Will Tell You Who You Are,” we extend our behavior‐based trust model by incorporating the “friendship effect” with the aim of improving the accuracy of the recommender system. In this article, we describe a trust propagation model based on associations that combines the behavior of both individual members and their friends. The propagation of trust in our model depends on three key factors: the density of interactions, the degree of separation, and the decay of friendship effect. We evaluate our model using a real data set and make observations on what happens in a social network with and without trust propagation to understand the expected impact of trust propagation on the ranking of the members in the recommended list. We present the model and the results of its evaluation. This work is in the context of moderated networks for which participation is by invitation only and in which members are anonymous and do not know each other outside the community. Copyright © 2014 John Wiley & Sons, Ltd.     

Web安全中的信任管理研究与进展

信任管理是当前Web安全研究的热点.介绍了信任管理思想的出现,给出了信任管理的概念和模型,并概述了几个典型的信任管理系统和信任度评估模型.讨论了当前研究存在的问题以及今后的研究方向.     

一种能力属性增强的Web服务信任评估模型

Web服务环境的开放性、欺骗性和不确定性等特征,导致服务交易双方风险增大,因而构建有效的信任管理机制是降低交易双方风险的至关重要的因素.但是,当前基于安全凭证和反馈信息的信任评估方法均存在缺陷,因而,作者参考社会学的信任模型,利用量化主体能力属性提升信任评估的准确度.在此基础上,设计了Web服务信任评估模型(ServTrust),且提出了ServTrust的一种基于多代理器的解决策略.仿真实验结果表明:该方法与基于反馈信息的方法相比能有效地改善信任评估的准确度.     

电子商务中Web服务社区的动态信任启动模型

为对新Web服务的信任值做出公平的评估,提出一种基于Web服务社区的动态信任启动模型。通过Web服务的QoS获得担保信任值,使用愿意共享交易评价的记录求得经验信任值,对这2种信任值进行动态线性组合得到实际信任值,且担保信任值所占的比重随着交易次数的增加而动态减少。实验结果表明,该模型不仅使新Web服务能与长期存在的Web服务竞争,而且使用户免受欺诈。     

TRBAC:基于信任的访问控制模型

访问控制是根据网络用户的身份或属性,对该用户执行某些操作或访问某些网络资源进行控制的过程.对现有访问控制模型进行分析,并针对其不足对RBAC模型进行了扩展,提出了基于信任的访问控制模型TRBAC(trust based access control model).该模型可以提供更加安全、灵活以及细粒度的动态访问授权机制,从而提高授权机制的安全性与可靠性.     

一个集成的Web Services安全模型

现有Web Services安全技术相对独立,而在一个完整的应用集成方案中,需要全面的安全设计.提出了一个集成的Web Services安全模型,形式化定义了模型并给出了主要实现技术.模型实现了基于证书的统一身份认证、基于角色的访问控制以及安全的SOAP消息传输,具有开放性及动态适应性.基于提出的安全模型开发了一个原型系统,运行结果表明,能够达到上述三种安全目标,使整个系统相对单一的安全技术应用更加安全.     

服务计算安全问题分析

服务计算是一种新的计算模式,是下一代分布式计算的发展方向,由于不同的企业或个人对服务计算有不同的理解,所以,目前服务计算还没有一个公认的统一定义。随着服务计算近年来的迅猛发展,在互联网上可用的服务数量激增的同时,新的问题也逐渐凸显,尤其是安全问题。安全问题逐渐成为影响和限制服务计算应用的重要因素。文中首先对服务计算的发展背景、基本概念及其支撑技术进行了阐述;然后根据服务计算本身的特性进一步分析了其所面临的主要安全问题;最后指出下一步工作的研究方向。     

COTN:基于契约的信任协商系统

基于改进的信任管理和协商技术,通过属性信任证实现多种类型的权限委托,设计并实现了一个基于契约的信任协商（COntract-based Trust Negotiation,COTN）系统．在该系统中,引入了基于契约的信任协商方法,既在契约确立过程中预先终止无法进行的协商请求,又在契约约定下的协商过程中研究了对信任证和访问控制策略中隐私信息的保护,以高效、可靠地自动建立信任关系．目前,COTN系统已在网格中间件平台CROWN中得以应用,并采用信任票据和策略缓冲机制提高系统运行性能．通过相关实验表明该系统具有较好的稳定性和可用性．     

自动信任协商研究

在Internet日益孕育新技术和新应用的同时,交互主体间的生疏性以及共享资源的敏感性成为跨安全域信任建立的屏障.自动信任协商是通过协作主体间信任证、访问控制策略的交互披露,逐渐为各方建立信任关系的过程.系统介绍了这一崭新研究领域的理论研究和应用进展情况,并对信任协商中的协商模型、协商体系结构、访问控制策略规范、信任证描述及发现收集、协商策略及协商协议等多项关键技术的研究现状进行分析和点评,最后针对目前研究工作中存在的一些问题,对未来的研究方向及工作进行展望.通过对自动信任协商的研究及其进展的介绍,希望有助于在维护开放网络中主体自治性和隐私性的同时,研究更高效、实用的信任自动建立技术.     

融合标签传播和信任扩散的个性化推荐方法

信任网络能模拟现实社会,因此其用户间的信任数据可用于推荐算法,但同时也面临数据稀疏的问题,推荐效果较差。针对该问题,提出融合标签传播和信任扩散的个性化推荐方法。设计基于标签传播的大社区发现算法,得到独属于每个用户的大社区。根据各用户所属大社区内用户间的信任网络,给出信任预处理算法,预测用户新的信任关系,从而扩展用户的信任网络,并利用混合信任扩散算法,使用户及其所在大社区内其他用户之间的信任度更趋差异化。使用Epinions.com上的数据集进行实验,结果表明,与普通信任网络推荐方法相比,该方法的推荐准确度有明显提高。     

Trust Evolution Policies for Security in Collaborative Ad Hoc Applications

The vision of pervasive computing has introduced the notion of a vast, networked infrastructure of heterogeneous entities interact through collaborative applications, e.g., playing a multi-player online game on the way to work. This will require interactions between users who may be marginally known or completely unknown to each other, or in situations where complete information is unavailable. This introduces the problem of assigning access rights to such marginally known or unknown entities.Explicit trust management has emerged as a solution to the problem of dealing with partial information about other users and the context in which the interaction takes place. We have implemented an access control mechanism based on the human notion of trust, where recommendations or initial participation in low risk interactions will allow entities to slowly build trust in each other. As the trust between two entities grows, interactions that entail a higher degree of risk may be allowed to proceed. We have used this mechanism in a simple role-based access control mechanism that uses trust to assign roles to users in a distributed blackjack card game application. This application allows us to experiment with different policies for trust-based admission control and trust evolution. In this paper we present an evaluation of policies specifying trust dynamics, which shows that our prototype reacts appropriately to the behaviour of other users and that the system updates trust values and implements admission policies in a manner similar to what would be expected from human trust assessment. This indicates that trust evolution policies can replace explicit human intervention in application scenarios that are similar to the evaluated prototype.     

结合重要节点信任传播的社会化推荐算法

融合社交信息的推荐算法有效缓解了推荐算法中的数据稀疏性问题和冷启动问题,近年来受到极大的关注。但社交信息依然存在数据稀疏性问题,而且社交网络提供的二值数据无法衡量不同用户间的信任程度。针对这些问题,利用重启随机游走算法获取社交网络中的重要节点。提出重要节点信任传播算法建立重要节点和其他用户节点之间的信任关系,同时利用节点的结构信息进一步量化用户间的信任权重,以得到更精确的推荐结果。在三个公开数据集上的实验表明,结合重要节点信任传播的社会化推荐算法（INTP-Rec）丰富了社交信息,有效地提高了推荐算法的准确率和召回率。     

两个降低PKG信任级的基于身份的门限密码体制

在基于身份的公钥密码体制中PKG负责生成用户密钥,对PKG的信任级别过高,存在密钥托管问题.人们为解决此问题提出了很多方案但均有一定缺陷.Goyal提出了一种解决这类问题的新思路.基于该思路,提出了两种降低对私钥生成中心的信任级别的门限密码体制.在这两个体制中,利用了Goyal提出的基于身份的可追踪公钥加密体制的思想与公开可验证加密技术,有效解决了在基于身份的门限加密体制中,PKG对同一用户恶意生成多个私钥的追踪问题.对降低PKG信任级的基于身份的门限密码体制进行了形式化定义,并在所定义的形式化安全模型下证明了这两个方案可以对抗门限自适应选择密文攻击、密钥寻找攻击以及计算新密钥攻击.     

Web服务中的信任评估模型

改进了主观信任评估模型中存在的问题,提高了整个模型的性能。引入权重因子体现了不同信任度的重要程度。最后通过模拟试验证明了改进的模型能更好的描述Web服务间的信任关系提高整个系统的安全性。