A Trust Management Framework for ServiceOriented Environments

1
A Trust Management Framework for Service-Oriented
Environments

• William Conner, Arun Iyengar, Thomas Mikalsen,
  Isabelle Rouvellou, and Klara Nahrstedt
• wconner_at_uiuc.edu
• 18th International World Wide Web Conference

2
Outline

• Background and motivation
• Trust management framework
• Performance evaluation
• Related work
• Conclusion

3
Distributed Computing Platforms

• Many options available for deploying distributed
  applications
• P2P systems
• Gnutella for file sharing
• PPLive for media streaming
• Computational grids
• Open Science Grid for scientific research
• Computing clouds
• IBM Blue Cloud, Google App Engine, and Amazon Web
  Services for web applications

4
Trust Management

• Parties in distributed transactions often
  concerned with trust
• Client perspective server selection
• Server perspective access control

Client
Server
Buying / Selling (eBay)
Download / Upload (P2P)
Request / Response (Web)
INVITE / OK (SIP)
5
Trust Management

• Credential-based trust management
• Exchange credentials prior to transaction
• Suitable when parties are known directly or
  indirectly
• Not our focus
• Reputation-based trust management
• Gather feedback ratings on prior transactions
• Suitable for open environments when parties are
  unknown to each other

6
Trust Management Service (TMS)

• Reputation-based
• Server-side access control for distributed
  infrastructures
• Enable sharing of reputation feedback from many
  sources
• Enable simultaneous use of different reputation
  metrics

7
Target Environment

• Service-hosting infrastructure
• Computing cloud would be an example
• Many external clients sending requests
• Many different services fulfilling requests

8
Security Assumptions

• No Sybil attacks
• XRep and PeerTrust share this assumption
• Secure communications within infrastructure
• Public key cryptography
• Attacks characterized by negative feedback
• Other Web-based attacks outside scope
• Bad feedback implicitly handled by reputation
  metrics

9
Collecting Reputation Feedback
TMS Records (C,S,Fdbk1,Attrs1)
TMS Records (C,S,Fdbk1,Attrs1) (C,S,Fdbk2,Attrs2)
External Client C
Hosted Service S
TMS
H service invocation history record C client
invoking service S invoked service Fdbk
feedback value between -1 and 1 Attrs
trust-related attributes
10
Feedback Example
11
Assessing Trust
External Client C
Hosted Service S
TMS
TMS Records H1 (C,S,Fdbk1,Attrs1) H2
(C,S,Fdbk2,Attrs2)
GRANT if RepC,S TS DENY, otherwise
C client invoking service S invoked
service FS reputation scoring function for
S RepC,S reputation of C according to S TS
minimum trust threshold for S
12
Custom Reputation Metrics

• TMS supports flexible reputation metrics
• Select from library of available scoring
  functions
• Define user-specific scoring function
• eBay reputation metric
• Summation of feedback ratings
• PeerTrust reputation metric

satisfaction
credibility
transaction context
community context
13
Distributed TMS

• Multiple TMS nodes organized into DHT
• Consistent hashing used for load balancing
• Replication on successor nodes for availability

TMS 0
TMS 1
Hosted Service S
TMS 2
14
Consistent Hashing

• Apply cryptographic hash function to client
  identifier to get hash value hashC
• Example hash functions SHA-1, MD5
• Assign hashC to numerically closest TMS
  identifier hashC
• Similar to Chord DHT

14
0
2
4
12
10
8
6
node
hashC
15
Replication

• TMS nodes might crash
• Stored records unavailable
• Reports reassigned based on consistent hash
• Enhance availability of TMS records
• Replicate TMS records on up to k nodes where k
  0,,N-1
• Similar to successor replication on Chord

16
Replication

• Probability of losing record
• Assume nodes fail independently with probability
  p
• Assume replication factor k
• Prob pk

0
4
4
12
8
0
node
successor
8
12
17
Trust Value Caching
External Client C
Hosted Service S
TMS
Additional processing and round trip
18
Trust Value Caching

• Observation
• Q Is it necessary to re-evaluate trust each
  time?
• A Depends on scoring function and client
  activity since last evaluation
• Example
• eBay is scoring function used
• Client has 5 transactions since last evaluation
• If RepC 100, then always grant
• If RepC -100, then always deny

19
Trust Value Caching

• TMS periodically updates services on client
  activity levels
• Maintain frequency count for each client
• Create Bloom histogram to approximate frequency
  count
• Services estimate upper and lower bound on client
  reputation
• TMS only contacted if re-evaluation necessary

20
Trust Value Caching
21
Performance Evaluation

• Integrated TMS into Supply Chain Management
  application
• Retailers
• Warehouses
• Manufacturers
• Measured latency and throughput through
  experiments
• Trusted ILLIAC (LAN environment)
• PlanetLab (WAN environment)

22
Performance Evaluation
23
Latency
24
Throughput
25
Related Work

• Online auctions
• Buyers and sellers rate each other
• eBay is best known example
• P2P file sharing
• Avoid bogus or malicious content
• XRep Damiani et al. 02, EigenTrust Kamvar et
  al. 03, and PeerTrust Xiong and Liu 04
• Web service selection
• Clients send requests to most reputable services
• Examples include Zeng et al. 03, Kalepu et al.
  04, Park et al. 05

26
Conclusion

• Trust management framework
• Reputation-based
• Server-side access control
• Enable sharing of feedback
• Enable flexible trust assessments
• Reasonable latency and throughput overhead