Bayesian Trust Models and Information Security Mozhgan Tavakolifard Trial Lecture 30 August 2012 Centre for Quantifiable Quality of Service in Communication Systems Centre of Excellence NTNU, Norway www.q2s.ntnu.no Bayesian Trust Models and Information Security
Introduction (The need for trust) www.q2s.ntnu.no Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
1/42 - Introduction The Need • Local Computing • Global Computing – Entities exist in a single administrative domain – Entities may roam between multiple domains – Interactions governed by common rules – No common rules • Common understanding of “correct” behavior – No authority is able to enforce “correct” – Single authority defines and enforces the rules behavior • National laws, company policies, – No common infrastructure can be assumed social/religious codes – Common infrastructure (software, services, …) www.q2s.ntnu.no Bayesian Trust Models and Information Security Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
2/42 - Introduction • Example 1: Difficulties in adopting security evaluation standards and importance of quantifications – Common Criteria Drawbacks • The result is biased as the evaluation is done by one or a few evaluators • Result is not a security level statement, but rather is an assurance level hard to rely on for decision making • Evaluations are time and resource demanding – E.g., we need 1.5 million NOK (about $250,000) and 2-3 working days for EAL 4/4+ in Norway • Required documentation and tests may not be suitable for a particular system or deployment environment • Example 2: Access control as one of important security services – Existing models are suited for centralized and relatively static environments www.q2s.ntnu.no Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
3/42 - Introduction New Security Properties • Large number of (previously unknown) entities – No permanent and global connectivity can be assumed • No centralized/unique/legitimate authority – Infrastructure administered by multiple authorities • Increased uncertainty arising from lack of control • No knowledgeable system administrator can be assumed – Not economically viable • All of the above properties implies increased risk www.q2s.ntnu.no Bayesian Trust Models and Information Security Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
4/42 - Introduction Mitigating Risks • Take out insurance – Requires risks to be well understood • Not currently the case in global computing • Establish legal contract – Resolve conflicts according to local rules – Single authority to enforce rules • Establish common authority to mediate interactions – Trusted third parties (e.g., PKI, Kerberos) – Poor scalability, effectively equivalent to local computing • Restrict interactions to a few “local” domains to avoid risks • Develop trust to allow risk to be assessed and accepted – Allows interactions with unknown peers – Takes advantage of new services www.q2s.ntnu.no Bayesian Trust Models and Information Security Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
5/42 - Introduction One of the proposed approaches is to use a notion of computational trust, resembling the concept of trust among human beings www.q2s.ntnu.no Bayesian Trust Models and Information Security Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
3/ - Introduction 6/42 - Introduction www.q2s.ntnu.no Bayesian Trust Models and Information Security Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
Computational Trust Models Reputation-based Trust Models Probabilistic Trust Models Bayesian Trust Models www.q2s.ntnu.no Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
7/42 - Introduction Need for formal models of trust www.q2s.ntnu.no Bayesian Trust Models and Information Security Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
8/42 - Introduction Evaluation trust Definition Examples Decision trust • Gambetta: Is Trust Only About Predictability? – ‘Trust is the subjective probability by which an individual, A, expects that another individual, B, performs a given action on which its welfare depends ’[Gambetta,1988 ] • Focusing only on the mental aspect • Evaluation trust • Mayer, Davis, & Schoorman: Is Trust Only Willingness, for Any Kind of Vulnerability? – ‘The willingness of a party to be vulnerable to the actions of another party based on the expectation that the other party will perform a particular action important to the trustor , irrespective of the ability to monitor or control that other party’ [Mayer, 1995] • Focusing only on the action aspect – ‘I trust John but not enough’. • Decision trust www.q2s.ntnu.no Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
9/42 • McKnight: The Black Boxes of Trust – Only correlations and mutual influences, precise nature and ‘mechanics’ of the process need to be defined (McKnight and Chervany, 2001) • Trust as Based on Reciprocity – ‘the willingness to take some risk in relation to other individuals on the expectation that the others will reciprocate ’ (Omstrom and Walker, 2003) • What about those cases that are not based at all on some exchange or cooperation? • Then trust with Technology is meaningless www.q2s.ntnu.no Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
10/42 • Giddens: Is Trust Based on Norms? – Trust prediction is based on inference based on some “ rules ” • However not all expectations are rule-based! • Normality and regularity are not sufficient or necessary for trust • Luhmann: risk, vulnerability and dependability – “Trust begins where knowledge ends: trust provides a basis dealing with uncertain, complex, and threatening images of the future.” (Luhmann,1979 ) • O’Hara: Degrees of trust – Implies that trust is not uniform, but can be described in terms of degree (O’Hara, 2004) www.q2s.ntnu.no Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
11/42 - Introduction Properties • Trust can be a disposition, but also an 'evaluation', and also a 'prediction' or better an 'expectation'; • It is a 'decision' and an 'action', and 'counting on' (relying) and 'depending on' somebody; • and which is the link with uncertainty and risk taking (fear and hope); • It creates social relationships; • It is a dynamic phenomenon with loop-effects; • It derives from several sources. www.q2s.ntnu.no Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
12/42 - Introduction Sources of Trust • Previous Direct Experience • Inference from a class or category • Analogy • Pseudo-transitivity • Reputation • Norms & Policies • Generalized Trust; Trust atmosphere; Trust by Default • … www.q2s.ntnu.no Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
Computational Trust Models Reputation-based Trust Models Probabilistic Trust Models Bayesian Trust Models www.q2s.ntnu.no Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
13/42 - Introduction Reputation • Behavioral – “The estimation of the consistency over time of an attribute or entity” [Herbig et al.] – Perception that an agent creates through past actions about its intentions and norms of behavior • Social – “ Information that individuals receive about the behavior of their partners from third parties and that they use to decide how to behave themselves” [Buskens, Coleman...] – Calculated on the basis of observations made by others • An agent’s reputation may affect the evaluation trust that others have toward it www.q2s.ntnu.no Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
14/42 - Introduction What is a good trust model? • A good trust model should be [Fullam et al, 05]: • Accurate – provide good previsions • Adaptive – evolve according to behaviour of others • Multi-dimensional – Consider different agent characteristics • Efficient – Compute in reasonable time and cost www.q2s.ntnu.no Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
15/42 - Introduction Reputation-based Trust Models • Rank ordering • Simple summation or average of ratings • Probabilistic models • Fuzzy models • Flow models • Game theoretical models • Stochastic models • Belief models • Semantic web and ontologies • Spread activation networks • Social network measures • Custom-desinged models www.q2s.ntnu.no Bayesian Trust Models and Information Security Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
Computational Trust Models Reputation-based Trust Models Probabilistic Trust Models Bayesian Trust Models www.q2s.ntnu.no Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
Probabilistic Trust Models (A short overview) www.q2s.ntnu.no Bayesian Trust Models and Information Security www.q2s.ntnu.no www.q2s.ntnu.no
Recommend
More recommend
