Extracting trust information from security system of a service

The issue of trust is a research problem in emerging open environments, such as ubiquitous networks. Such environments are highly dynamic and they contain diverse number of services and autonomous entities. Entities in open environments have different security needs from services. Trust computations related to the security systems of services necessitate information that meets needs of each entity. Obtaining such information is a challenging issue for entities. In this paper, we propose a model for extracting trust information from the security system of a service based on the needs of an entity. We formally represent security policies and security systems to extract trust information according to needs of an entity. The formal representation ensures an entity to extract trust information about a security property of a service and trust information about whole security system of the service. The proposed model is applied to Dental Clinic Patient Service as a case study with two scenarios. The scenarios are analyzed experimentally with simulations. The experimental evaluation shows that the proposed model provides trust information related to the security system of a service based on the needs of an entity and it is applicable in emerging open environments.     

Web服务中主观信任和客观声誉的研究

随着Web服务的出现,对软件服务和服务组合的安全可靠的运行使得服务提供方、服务请求方以及代理之间的相互信任变得尤为重要。首先给出信任和声誉的定义以及它们之间的区别和联系,由此提出一个用于度量软件服务间信任关系的信誉评估模型——WSTR。给出了更加灵活的计算直接信任度方法,并且将声誉引入推荐信任的合成中,利用现有的节点作为声誉存储实体,更加能够体现信任的主观性和客观性的结合。仿真结果表明声誉度能够客观地反映出真实的实际情况。     

Collaboration through computation: incorporating trust model into service-based software systems

The open and dynamic nature of service-based software systems necessitates spontaneous and trustworthy interactions between collaborating entities. Service providers are exposed to users spanned across multiple organizational domains, so can be exploited by potentially untrustworthy service requestors. Given that, service providers need to trust requestors before granting them with services. Trust encompasses a number of quality attributes (e.g., security, competence, honesty) and helps in dynamic decision making. In this paper, we present a trust-based service collaboration approach, facilitated by the analysis of service-based interactions between service providers and requestors, and recommendations between service providers. Service providers exchange recommendations to convey their trust on requestors. This collaboration is quantified using our proposed trust model, called CAT, a Context-Aware Trust model based on service-based interactions by considering services as contexts. We identify a number of collaboration-based trust properties including risk and context-awareness and incorporate them in CAT. A context-similarity parameter is introduced to decide on similar services. A time-based ageing parameter is proposed to decrease trust values over time without any further interactions. Direct and indirect recommendations from other service providers are included in total trust calculation, with a path-based ageing parameter applying over indirect recommendations. A mechanism to calculate the accuracy of recommendations is proposed to differentiate between reliable and unreliable recommendations. These calculation schemes are employed in a trust-based service collaboration algorithm to automatically decide on granting services to requestors. The approach is elaborated using examples from file sharing applications, and successfully evaluated by implementing a prototype service-based file sharing grid. This research is partially funded by the Natural Sciences and Engineering Research Council of Canada (NSERC).     

基于证据理论的云计算信任模型研究

信任模型是研究云计算中信任机制的重要问题,其研究结果可应用于云计算数据安全、服务安全,平台安全等研究.为了解决信任的量化和不确定问题,利用证据理论对信任及信任行为进行建模,并认为信任由直接的服务行为结果和间接的第三方推荐组成.提出信任的传递和聚合方式,并将建立的信任模型通过传递方式和聚合方式进行实验;结果显示该信任模型在聚合和信任行为结果纪录情况下,有利于抑制信任的不确定.     

基于信任的云服务系统多目标任务分配模型

云计算等新兴信息技术推动了服务产业的转型升级,然而云服务在带来远程服务和按需使用等便捷的同时,也拓展了原有信息安全的边界,引发了新的安全问题.基于信任机制的安全管理给云安全问题提供了全新的思路.在云服务中引入信任机制,用以衡量多云环境下不同云服务资源的可信程度,建立了基于信任的业务流程驱动云服务选择和任务分配模型,梳理总结了6种典型的任务结构关于时间、成本和信任的函数关系式,在高效率和低成本基础上保障安全可信性;提出了一种改进SPGA2算法,引入了局部搜索策略,以提高混合云环境下可信的多目标任务分配问题解空间的搜索效率;并最终通过仿真实验,验证了模型可用性和算法优越性.     

一个软件服务协同中的信任管理框架设计

Internet-based Web application systems are gradually built as software service coordination systems. In an open, dynamic and collaborative application environment, traditional methods assumed with closeness, centralization and independence are not able to cope with these security problems efficiently. Trust management is a new method for dealing with security issues of open, distributed network application system. However, the traditional policy-based trust management systems have some shortcomings, i.e. complex in policy making, unable to deal with negative se-curity credentials, etc. So, we design a trust management framework in combination with subjective trust model for software service coordination and security decision in Internet environment. This trust management framework has characteristics of operability, reasonability, and flexibility in policy setting.     

Model-driven trust negotiation for Web services

Trust negotiation is an approach to access control whereby access is granted based on trust established in a negotiation between the service requester and the service provider. Trust negotiation systems avoid several problems facing traditional access control models such as DAC (discretionary access control) and MAC (mandatory access control). Another problem is that Web service providers often do not know requesters identities in advance because of the ubiquitousness of services. We describe Trust-Serv, a trust negotiation framework for Web services, which features a policy language based on state machines. It is supported by lifecycle management and automated runtime enforcement tools. Credential retrieval and validation in Trust-Serv rely on predefined Web services that provide interactions with attribute assertion authorities and public key infrastructure.     

Behavior-based reputation management in P2P file-sharing networks

Trust research has become a key issue in the last few years as a novel and valid solution to ensure the security and application in peer-to-peer (P2P) file-sharing networks. The accurate measure of trust and reputation is a hard problem, most of the existing trust mechanisms adopt the historical behavior feedback to compute trust and reputation. Thus exploring the appropriate transaction behavior becomes a fundamental challenge. In P2P system, each peer plays two roles: server and client with responsibility for providing resource service and trust recommending respectively. Considering the resource service behavior and trust recommending behavior of each peer, in this paper, we propose a new trust model adopting the technology to calculate eigenvectors of trust rating and recommending matrices. In our model, we define recommended reputation value to evaluate the resource service behavior, and recommending reputation value to evaluate the trust recommendation behavior. Our algorithm would make these two reputation values established an interrelated relation of reinforcing mutually. The normal peers provide authentic file uploading services, as well as give correct trust recommendation, so they can form a trusted and cooperative transaction community via the mutual reinforcement of recommended and recommending reputation values. In this way, the transaction behaviors of those malicious peers are isolated and confined effectively. Extensive experimental results also confirm the efficiency of our trust model against the threats of exaggeration, collusion, disguise, sybil and single-behavior.     

开放多Agent系统信任管理中的信任获取方法研究

信任管理是解决开放多agent系统安全性问题最有前途的思路,而其基础之一就是信任获取。该文在Demp-ster-Shafer证据理论框架内,提出了一种新的证据获取方法,文章认为agent之间一次交互的服务质量提供了关于服务提供者可信任程度的一个证据,多次的服务提供了多个独立的证据,这些证据的合成构成了更准确的证据信任评价。与目前常用的多次服务质量直方图加门限的信任获取方法相比,该方法具有评价结果对门限参数敏感度低,以及对个别a-gent之间交互次数要求少的优点。     

一种基于实体行为风险评估的信任模型

信任是人们在各种交易活动中的一个基本要素,其与风险密切相关,并成为系统安全决策的两个关键因素.现有的信任研究大多将风险看作信任的一种补充,甚至忽略了风险的影响,这将导致系统安全决策的片面性和主观性.针对该问题,文中提出了一种基于实体行为风险评估的信任模型.该模型通过对系统的资产识别、脆弱性识别和威胁识别.建立了用于实体行为特征匹配的规则,提出一种加权复合函数计算实体行为中潜在的风险,并给出一种基于风险的实体信任计算方法.应用实例及测试结果表明该模型能够有效地识别实体行为中潜在的风险,并随着实体行为的变化正确地计算出实体风险与信任的变化,为系统安全决策提供了客观、可靠的信息支持.     

Web服务中的信任和声誉评估模型

对主观逻辑存在的一些问题进行分析和改进,并进一步提出一个基于主观逻辑的自适应Web服务信任模型iWSTrust。通过利用iWSTrust对Web服务环境的交易过程所涉及的实体间的各种信任关系进行详细的建模和推理,并区分不同类型的服务请求者,iWSTrust能够使实体的信任度和声誉随着交易经验的增加而自适应地改变,预测实体的未来行为,并对恶意欺骗的实体进行惩罚,从而更好地保护服务请求者和服务提供者的利益。模拟实验表明改进的主观逻辑能更好地建模信任关系和改善Web服务环境的安全性。     

Understanding Perceived Trust to Reduce Regret

Trust is fundamental for promoting the use of online services, such as e‐commerce or e‐health. Understanding how users perceive trust online is a precondition to create trustworthy marketplaces. In this article, we present a domain‐independent general trust perception model that helps us to understand how users make online trust decisions and how we can help them in making the right decisions, which minimize future regret. We also present the results of a user study describing the weight that different factors in the model (e.g., security, look&feel, and privacy) have on perceived trust. The study identifies the existence of a positive correlation between the user's knowledge and the importance placed on factors such as security and privacy. This indicates that the impact factors as security and privacy have on perceived trust is higher in users with higher knowledge.     

基于模糊理论的信任度评估模型

信任管理是当前网络安全研究的热点.信任问题,主要存在于访问控制过程中,不仅是电子商务系统中,而且也是目前兴起的分布式计算中所需要面对的重要问题.在分析了传统安全授权机制的特点,以及介绍信任管理概念和简述信任度评估模型的基础上,根据第三方的推荐信任,提出了基于模糊理论的信任度评估模型,使得用户信任度的评估更加灵活可靠.     

Design, analysis, and deployment of omnipresent Formal Trust Model (FTM) with trust bootstrapping for pervasive environments

The rapid decrease in the size of mobile devices, coupled with an increase in capability, has enabled a swift proliferation of small and very capable devices into our daily lives. With such a prevalence of pervasive computing, the interaction among portable devices needs to be continuous and invisible to device users. As these devices become better connected, collaboration among them will play a vital role in sharing resources in an ad-hoc manner. The sharing of resources works as a facilitator for pervasive devices. However, this ad hoc interaction among devices provides the potential for security breaches. Trust can fight against such security violations by restricting malicious nodes from participating in interactions. Therefore, we need a unified trust relationship model between entities, which captures both the needs of the traditional computing world and the world of pervasive computing where the continuum of trust is based on identity, physical context or a combination of both. Here, we present a context specific and reputation-based trust model along with a brief survey of trust models suitable for peer-to-peer and ad-hoc environments. This paper presents a multi-hop recommendation protocol and a flexible behavioral model to handle interactions. One other contribution of this paper is the integration of an initial trust model; this model categorizes services or contexts in different security levels based on their security needs, and these security needs are considered in trust bootstrapping. The other major contribution of this paper is a simple method of handling malicious recommendations. This paper also illustrates the implementation and evaluation of our proposed formal trust model.     

应用可信传递模型研究

应用、服务等操作是终端用户日常工作的基础,如何保证它们能够是安全、可信的行为,是当前信息安全研究的一个热点和难点。文章利用可信计算的观点建立终端的应用可信传递模型,能够保证信任在应用环境中的传递。该模型能够不依赖于对病毒特征的检测,彻底地防止恶意代码在应用环境中的感染和传播,从根本上保障应用、服务的可信,保障终端应用环境的可信。     

Trustworthy assurance of service interoperation in cloud environment

Cloud computing can be realized by service interoperation and its essence is to provide cloud services through network. The development of effective methods to assure the trustworthiness of service interoperation in cloud environment is a very important problem. The essence of cloud security is trust and trust management. Combining quality of service (QoS) with trust model, this paper constructs a QoS-aware and quantitative trust-model that consists of initial trust value, direct trust value, and recommendatory trust value of service, making the provision, discovery, and aggregation of cloud services trustworthy. Hence, it can assure trustworthiness of service interoperation between users and services or among services in cloud environment. At the same time, based on this model, service discovery method based on QoS-aware and quantitative trust-model (TQoS-WSD) is proposed, which makes a solid trust relationship among service requestor, service provider and service recommender, and users can find trustworthy service whose total evaluation value is higher. Compared to QoS-based service discovery (QoS-WSD) method, it is proved by the experiment for TQoS-WSD method that more accurate result of service discovery will be achieved by service requestor, while reasonable time cost is increased. Meanwhile, TQoS-WSD method strongly resists the effect of service discovery by untrustworthy QoS values and improves service invocation success-rate and thus assures trustworthiness of services interoperation.     

Trust assessment of security for e-health systems

The expansive connectivity of emerging information systems has set the stage for pervasive access to healthcare services via e-health systems for selecting the best possible healthcare services. Emerging systems are expected to be highly dynamic open environments connecting diverse number of healthcare services and autonomous entities that are autonomous agents or software applications representing patients. Entities in such dynamic environments may have different security needs from e-health systems raising the challenge of trust computations regarding security. In this research, we proposed a trust assessment model of an e-health service from the viewpoint of an entity. The model contains a comprehensive architecture applicable to different types of entities, and a novel set of trust assessment metrics may be used to assess a specific property of a security system (i.e. partial metrics) or all properties (i.e. total metrics). The simulation based evaluation of proposed model in the context of a Hospital Online Appointment Service has shown that the proposed model provides better trust computation results than existing trust models for e-health systems. Furthermore, the entities are also able to assess the trust even with incomplete security information.     

可信网络中用户行为可信的研究

目前网络安全受到严重的挑战,国际研究表明网络安全正向着网络可信方向发展,未来网络安全是增加行为可信的可信网络,它主要包括服务提供者的可信、网络信息传输的可信和终端用户的可信.通过研究用户的行为信任,不仅可以减少或避免与恶意用户交往,而且因为服务提供者与用户之间建立了互信,从而提高了它们合作完成任务的可能性,降低了因不信任带来的监控和防范等额外开销,所以对用户行为可信的研究不仅可以提高网络的安全性而且也可以提高网络的性能.以可信网络中用户行为可信研究为核心,提出了面向可信网络的用户行为信任的评估、预测与控制架构,包括行为信任的可靠评估;满足不同安全与性能需求的灵活的信任预测;基于信任与风险、利益得失的系统访问博弈决策;基于信任的动态的资源访问控制和以信任预防为主,实时监控为辅的异常行为的监控与防范等.并把这些用户行为可信管理机制进行有效组合,实现了动态控制与静态控制,信任与风险的统一,为可信网络的进一步研究提供基础.     

网格环境下基于信任机制的资源调度研究

信任是网格资源调度中一个很重要的因素,也是影响网格计算有效性和性能的关键技术之一。将信任机制引入到网格资源调度中,提出了网格环境下的信任模型和基于信任机制的资源调度模型,在调度策略上对传统的Min-Min算法进行了改进,提出了基于信任机制的Trust-Min-Min算法。仿真结果表明,算法不仅可以缩短任务的总执行时间,而且可以有效地平衡负载,是网格环境下一种有效的资源调度方法。     

基于信任域的网格安全研究

信任已成为网格安全的重要因素.信任一般具有模糊性,网格信任的模糊性是随时间和空间变化而变化的.本文基于动态和复杂的VOs信任域环境来研究解决网格系统的安全问题,设计了网格信任管理模式的安全体系结构,并提出了基于模糊逻辑的动态信任域作为安全的实施方案,以保证网格系统环境的安全性.