Trust Models for Distributed Information Systems

1
Trust Models for Distributed Information Systems

• Brian Toone
• December 3, 2003
• Advisors Premkumar Devanbu and Michael Gertz

2
Outline

• Motivation
• Survey of surveys
• Quantitative completeness trust model
• Challenges/open issues
• Concluding remarks

3
Motivation

• Trust research is a hot topic
• Dec 2, 2003 NSF Cyber Trust Solicitation
  (30,000,000)
• November 16-19, 2003 CRA Grand Research
  Challenge
• Many research agendas
• Survivability
• Scalable security
• Security, privacy and trust
• Why? Awareness of dependence

4
Distributed Information Systems

• Critical infrastructure
• Gas, water
• Power
• Banking
• Healthcare
• Workgroup for Electronic Data Interchange
  http//www.wedi.org
• News
• Stock servers
• Slashdot (karma, moderation, meta-moderation)
• Other
• Free Haven Project http//www.freehaven.net
• Freenet http//freenet.sourceforge.net/
• Hivecache http//www.mojonation.net/
• P2P Filesharing (gnapster, gnutella, kazaa, etc)

5
Vulnerabilities

• Availability
• Denial of service (the Slashdot effect)
• Integrity
• Corruption of good information
• Production of bad information
• Authentication and Authorization
• Spoofing
• Poorly designed access control logic
• Accountability

6
Outline

• Motivation
• Survey of Surveys
• Presti et. al, Trust Issues in Pervasive
  Environments, Deliverable WP2-01 version 1.1,
  September 2003
• Josang, A. and Grandison, T., Research Proposals
  on Trust Modeling, Technical Report, Imperial
  College of Science, Medicine and Technology.
  August 2002
• Klyne, G. Framework for Security and Trust
  Standards, SWAD-Europe, December 2002
• Trust in Cyber-societies, Integrating the Human
  and Artificial Perspectives, Springer 2001.
  Available online at http//www.informatik.uni-trie
  r.de/ley/db/conf/agents/trust2000.html
• Grandison, T. and Sloman, M., A Survey of Trust
  in Internet Applications, IEEE Communications
  Surveys. Fourth Quarter 2000
• Quantitative completeness trust model
• Challenges/open issues
• Concluding remarks

7
Trusting Information

• Trust is a relationship
• trustor the subject that trusts a target entity
• trustee the entity that is trusted
• For a distributed information system
• trustor the consumer of information (and/or)
  the supplier of information
• trustee the information being consumed (or
  supplied)

8
Outline

• Motivation
• Survey
• Quantitative completeness trust model
• Challenges/open issues
• Concluding remarks

9
Context

• Willow survivability architecture
• The green block is all about trust

10
Context, contd

• Establish trust requirements
• Assign trust ratings
• Enhanced mediation algorithm
• Trust model

11
Context, one last slide

• Completeness as the trust metric
• Other metrics exist accuracy, timeliness, hybrid
  combinations
• Artifacts objects uniquely identified by a
  global object identifier

12
The Challenge
13
Trust Ratings

• Trustor expectations
• Authority (expert) evaluation

Complete
14
More Trust Ratings

• Qualitative model stops here SEC and Coopis
  2003 papers
• Quantitative model goes farther answers the
  question how much

15
Quantitative completeness ratings

• Two parts (c, e)
• completeness
• excessiveness
• Correlation
• Complete (100,0)
• Incomplete (
• Excessive (100, 0)
• Overlapping (0)
• Wrong (0, 0)

Overlapping(80,20)
16
Now what?

• Enhance mediation to produce trustworthy
  integrated information
• Determine the trustworthiness of a query result
  statically
• This trust model works almost!
• Probability distribution of the trustworthiness
  of the integrated result

(.80,.20)
(.80,.20)
(?,?)

17
How?

• Short answer combinatorics
• Long answer

18
Trust-Enhanced Mediation Algorithm

• Generate set of potential query plans
• Two strategies

• 2. Most trustworthy plan
• highest 0 result 0
• For each q in Q
• If P(q) highest Then
• highest P(q) result q
• End If
• Next
• If req.satisfies(highest) And result 0 Then
• return q
• Else
• Beep() Exit Application
• End If

• 1. First query plan that satisfies req.
• For each q in Q
• If req.satisfies(P(q)) Then Return q
• End If
• Next

• req.satisfies ?
• P(q)

19
Calculating P(q)

• Query expression tree
• Leaves source ratings
• Nodes operations to perform
• Example
• q a ? b ? c
• ratinga (.99,0)
• ratingb (1.0,0)
• ratingc (.95,0)
• ratingq ?

20
You may be wondering

• Did you leave out something? Dont you need some
  more information such as to? Wait a minute,
  what is to?
• Who assigns ratings? Who/what is an authority?
• Tell me again, did you say this relates to trust?

21
Outline

• Motivation
• Survey
• Quantitative completeness trust model
• Challenges/open issues
• Concluding remarks

22
Challenges, Brians short list

• Relevancy i.e., how useful is the model for
  emulating the underlying real world principles in
  the context of the distributed information system
  to which the model applies. Recall getting from
  the system diagrams to the Venn diagrams on slide
  12
• Scalability
• Anonymity

23
From the surveys, Brian agrees

• Survey 11 says
• Mathematical properties of trust
• Distribution and mobility
• Intentionality
• Initial trust
• Dynamics of trust
• The legal dimension

• Survey 22 says
• Determing trust values
• Trust transitivity
• Intentionality
• Ranking of trust levels
• Dynamics of trust
• Domain size ignorance
• Dependent evidence
• The role of insurance

1. Presti et. al, Trust Issues in Pervasive
Environments, Deliverable WP2-01 version 1.1,
September 2003
2. Josang, A. and Grandison, T., Research
Proposals on Trust Modeling, Technical Report,
Imperial College of Science, Medicine and
Technology. August 2002
24
Concluding remarks

• Hot topic, lots of research underway and lots of
  research potential (i.e., the NSF solicitation
  for proposals)
• Building a trust model for a distributed
  information system requires stitching together
  the necessary facets of a multi-faceted large
  concept

25
Thank you

• Questions?
• http//alive.cs.ucdavis.edu/research/trustmed.php
• slides from this talk available now
• coming soon resources, links to references used
  in this talk

26
Resources

• Will update with websites, urls, references

27
Outline

• Motivation
• Hot topic
• NSF cyber trust proposal
• Homeland security, critical infrastructure
  protection in the wake of 9/11 terrorist attacks
• Citeceer top most cited papers have to do with
  distributed information systems
• Distributed information systems
• Lots of them!
• Healthcare
• Filesharing
• Other
• Backup solutions
• Anonymous publication of information
• Vulnerabilities in distributed information
  systems
• Denial of service
• Corruption of good information
• Production of bad information
• Survey (survey by grandisone and the other guy,
  the trust issues survey)
• Trust in internet apps
• Trust models

28
Trust Models

• What is the purpose of a trust model?
• What are the features/requirements of a trust
  model?

29
A Taxonomy of Trust Models

• What are the categories of trust models?
• What are examples of models that fit each
  category?