1 / 8

Medina: Combining Evidence to Build Trust

Medina: Combining Evidence to Build Trust. Reasoning about trust without onions. Johannes Helander Ben Zorn Microsoft Research May 23, 2007 Oakland, WSP07. A Second Look at Passwords. Not as strong as encryption would suggest Ad-hoc methodology Back-channels (e.g. password reset)

willoughby-roland
Download Presentation

Medina: Combining Evidence to Build Trust

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Medina: Combining Evidence to Build Trust Reasoning about trust without onions. Johannes Helander Ben Zorn Microsoft Research May 23, 2007 Oakland, WSP07

  2. A Second Look at Passwords • Not as strong as encryption would suggest • Ad-hoc methodology • Back-channels (e.g. password reset) • Reuse of passwords • Inconvenient to store • They just don’t work (14) front door (16) side door

  3. Our Formalism and Passwords • allow = P(e1,e2,e3) = e1 | (e2 & e3) • e1 = knows password • e2 = has an email address registered with the account • e3 = can read email sent to that address • Stricter policy: allow = P2(e1,e2,e3,e4) = e4 & P1(e1,e2,e3) • e4 = is human • Boolean operation  will generalize • Interpretation of policies that combine evidence

  4. Non-onion Time decay & integration Multiple sources of evidence Imprecise data Framework for reasoning about trust HIP, puzzle, biometric, proximity peer rating, knowledge quiz

  5. Difficult with current mechanisms USB stick, web page, email, IM, wireless Virtual USB stick Proximity, humanity, spoken word Reflection of inter-human trust Scenario: Sharing soccer picture @café

  6. Scenario: Wiki access control • Quizzes • Ratings • edit1 = ((quiz1>70% & peer>50%) | passwdA) & HIP • edit2 = ((quiz2>90% & peer>75%) | passwdB) & HIP • read1 = anybody • read2 = (peer>20%) & HIP

  7. Adaptive Trust Evaluation • Stochastic process? • Decay • Filters • Credit history • Suspicious activity

  8. Status & Conclusions • Take mechanisms that are now ad hoc & bring into formal system • Currently implementing prototype • Allows evolution of evaluation engine & underlying math

More Related