1 / 31

Formalizing End-to-End Context-Aware Trust Relationships in Collaborative Activities

Dr Dave Bakken Dr Carl Hauser Department of Computer Science Washington State University Pullman, WA, USA Dr Deborah Frincke CyberSecurity Group Pacific Northwest National Laboratory Richland, WA, USA. Formalizing End-to-End Context-Aware Trust Relationships in Collaborative Activities.

iris-morris
Download Presentation

Formalizing End-to-End Context-Aware Trust Relationships in Collaborative Activities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dr Dave Bakken Dr Carl Hauser Department of Computer Science Washington State University Pullman, WA, USA Dr Deborah Frincke CyberSecurity Group Pacific Northwest National Laboratory Richland, WA, USA Formalizing End-to-End Context-Aware Trust Relationships in Collaborative Activities Dr Ioanna Dionysiou Department of Computer Science School of Sciences University of Nicosia, Cyprus International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  2. Talk Outline • Motivation • Activity-Oriented Trust Relationships • Trust Model Ontology • Trust Model Functionality Example • Conclusions International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  3. Motivating Scenario • Consider the North American electric power grid • Operations in a geographical region controlled by a single entity • Electric Market Deregulation • Competition! • Choose among electricity providers, open bidding • Impact on stability and security of the grid itself • 3500 utility organizations (public, private, federal), many points of interaction, share data • Trustworthy Data exchange among these organizations and end-users • Producer of information, consumer of information International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  4. Motivating Scenario (2) U1 is the consumer of State Estimation data PMU Aggregation is the producer of State Estimation data What U1 can say about the quality of the data? International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  5. Motivating Scenario (3) • How can we answer the question? • Security mechanisms are not adequate • Encrypted digitally signed message • Guarantee that not tampered with and no unauthorized person read it • What about the content itself? Reliable producer, unsecure medium OR unreliable producer, secure medium? • Trust and its management • Abstraction of beliefs that an entity has for specific situations and interactions • Not static but change over time • Need to make decisions based on current beliefs International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  6. Generalized Scenario International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  7. Contributions of our work… • A notation for specifying trust relationships tied to • a narrow context and • a broad activity • An intuitive and practical way to manage trust assessment for an activity • multiple trust relationships must be examined and composed • Expectations, violations, etc International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  8. Talk Outline • Motivation • Activity-Oriented Trust Relationships • Trust Model Ontology • Trust Model Functionality Example • Conclusions International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  9. Activity-Oriented Trust Relationships International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  10. Activity-Oriented Trust Relationships (2) International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  11. Talk Outline • Motivation • Activity-Oriented Trust Relationships • Trust Model Ontology • Trust Model Functionality Example • Conclusions International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  12. Trust Level λ Context c Trust Relationship Attributes Trustee δ Interval ι Trust Relationship τ(γ, δ, c, λ, ι, ε, id , s) Expectations ε Trustor γ Status s Interaction identifier id International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  13. Trust is… • Trustor γ, based on its current trusting attitude, • believes that the extent that trustee δ • will act as expected for context c during time interval ι • is λ , • and this belief • is subject to the satisfaction of expectation set ε . • This relationship is valid for a specific interaction id and its status is indicated by s. International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  14. Trust Level Attribute λ • Trust is subjective • Trustee trustworthiness • Trustor’s requirements are not met by trustees at the same degree • Extent to which trustee honors trust, if trust is placed • Trustor trustfulness • Trustor’s willingness to trust • Trusting attitude • How do we capture this subjectivity? • Trust level, value, degree • Continuous values • Discrete values International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  15. Expectation Attribute ε • Expectation • Requirement and its allowed values that a trustor has for a particular interaction with the trustee • Expectation tuple • π is a trust requirement • o is a standard relational operator • νo is the observed/actual value for the requirement • νa is the allowed value for the requirement • ev are the evaluation criteria for the specific requirement • Covering algorithm, triggering algorithm, aggregating algorithm ε(π,o,νo,νa,ev) International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  16. Expectation Attribute (2) Trust requirement : facet (coarse-grained), properties (fine-grained) Observed values: evidence (either internal or external) International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  17. Expectation Attribute (3) • Observed value • When? • Triggering method: at fixed intervals, on arrival? • How? • Aggregating method: average, weighted average? • For what? • Allowed value vs. Observed value • VIOLATIONS!!! • Covering method: strict, relaxed International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  18. Expectation Attribute (4) • Expectation set describes all the requirements a trustor has for a trustee in a particular relationship • Not interesting by itself • BUT, operations on the set ARE interesting! • Define primitive comparison relationships between elements • Equal expectations • Relaxed expectations • Define comparison relationships between expectation sets • Strictly equal expectation sets • Relaxed equal expectation sets • Define operation on sets • Merging International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  19. Expectation Attribute (5) • Equal Expectations (=) • Expectation (π1 , o1 , νo1, νa1, ev1 ) is equal with expectation (π2 , o2 , νo2 , νa2 , ev2 ) if and only if (π1 = π2)∧ (o1 = o2)∧ (νo1 = νo2)∧ (νa1 = νa2 )∧ (covering1∈ ev1 = covering2∈ ev2) • Relaxed Equal Expectations (≈) • Expectation (π1 , o1 , νo1, νa1, ev1 ) is relaxed equal with expectation (π2 , o2 , νo2 , νa2 , ev2 ) if and only if ( (π1 = π2)∧ (o1 = o2)∧ (νo1 ≠ νo2)∧ (νa1 ≠ νa2 )∧ (covering1∈ ev1 = covering2∈ ev2) ) or if ( (π1 = π2)∧ (o1 = o2)∧ (νo1 ≠ νo2)∧ (νa1 = νa2 )∧ (covering1∈ ev1 = covering2∈ ev2) ) International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  20. Expectation Attribute (6) • What is the expectation set for a path as a single entity? • Merging of expectation sets! fπ function for aggregating values • Initialize εmerge ← • If ε1 = ε2 then εmerge ← ε1 • If ε1 ≈ ε2 then • ∀ i:(π1 , o1 , νo1, νa1, ev1 ) ∈ ε1 , j:(π2 , o2 , νo2 , νa2 , ev2 ) ∈ ε2 such that i ≈ j do • εmerge ← εmerge ∪ {((π1 , o1 , f π (νo1 , νo2 ), f π (νa1 , νa2 ), ev1 ) )}. International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  21. Trust Relation Properties and Operations • Trust relation is a set of trust relationships • Properties • Standard properties of any n-ary relation do not hold due to the non-absolute characteristics of trust • Dynamic and composable nature • Operations • Changing the state of the trust relation • Using the current state of the trust relation International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  22. Operations changing the trust relation state • Expiration of valid time • A trust relationship (γ, δ, c, λ, ι, ε, id , s) does not hold in relation τ if its valid interval time expires. Thus, a trust relationship τ(γ, δ, c, λ, ι, ε, id , s) is not valid in τ if the current time t1 > te, te∈ ι • Expectation Violation • Whenever new evidence arrives, the observed value changes according to the aggregation scheme for the specific requirement. An update in the observed value may lead into expectation violation. In this case, the respective trust relationship’s status is set to ALERT • Arrival of New Evidence • Suppose that new evidence arrives at trustor γ for trustee δ regarding context c. The new evidence includes the trust requirement πr and the recommended value νr . All trust relationships (γ , δ , c , λi , ιi , εi , idi , si ) are updated to reflect the application of the new evidence on observed value νo International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  23. Operations using the trust relation state • Trust Assessment for context c in interaction id • Trustor γ1 may synthesize the two tuples to derive an aggregated trust assessment for context c during interval ιi (the intersection of ι1 and ι2 ) by applying expectation set operations on the expectation sets ε1 and ε2 to derive the aggregated expectation set εi . Expectation set εi has to be checked against the various trust level specifications in order to assign the trustworthiness level λi for the new tuple (γ, δ1,2, c, λi, ιi, εi, id, s) . • End-to-end Trust Assessment for interaction id • Suppose there are aggregated trust assessments for contexts c1 and c2 , which are the only contexts belonging to interaction id1 : these are tuples (γ1 , δ1 , c1 , λ1 , ι1 , ε1 , id1 , s1 ) and (γ1 , δ2 , c2 , λ1 , ι2 , ε2 , id1 , s1 ) . Trustor γ1 may compose the two tuples to derive an end-to-end trust assessment for interaction id during interval ιi (the intersection of ι1 and ι2 ) by applying expectation set operations on the expectation sets ε1 and ε2 to derive the aggregated expectation set εi . Expectation set εi has to be checked against the various level specifications in order to assign the trustworthiness level λi for the new tuple (γ, δ1,2, c, λi, ιi, εi, id, s) . International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  24. Talk Outline • Motivation • Activity-Oriented Trust Relationships • Trust Model Ontology • Trust Model Functionality Example • Conclusions International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  25. Revisit Original Scenario Network Trust Relation Graph International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  26. Revisit Original Scenario (2) • Trust Assessment for context c1 in interaction id • τ(γC , δS1, c1 , λ1 , ι1 , ε1 , id , s ) and τ(γC , δS2, c1 , λ1 , ι2 , ε2 , id , s ) • τ(γC , δS1,S2 , c1 , λ1 , ιk , εk , id , s ) • εk={(authentication, =, certificate, certificate, ev1), • (reliability,>=,average(0.97,0.95), average(0.95,0.95), ev2)} • ιk = [1,10] International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  27. Revisit Original Scenario (3) • End-to-end Trust Assessment for interaction id • τ(γC , δS1,S2 , c1 , λ1 , ιk , εk , id , s ) and τ(γC , δP , c2 , λ1 , ι3 , ε3 , id , s ) • τ(γC , δP,S1,S2 , c1,2 , λ1 , ιm , εm , id , s ) • εm= {(authentication, =,certificate, certificate, ev1), • (reliability, >=, average(0.90,0.96), average(0.80,0.95), ev2)} • ιm = [1,8] Trust Relation Graph International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  28. Talk Outline • Motivation • Activity-Oriented Trust Relationships • Trust Model Ontology • Trust Model Functionality Example • Conclusions International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  29. Conclusions • A intuitive notation to specify trust relationships tied to an activity • Allows dynamic and composable trust operations • Allows a rich set of attributes to capture the trust semantics • Current and future work,…. International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  30. International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

  31. Σας ευχαριστω!!! Thanks for your attention!! Questions? International Conference on Security and Cryptography (SECRYPT 2008), Special Session on Trust, July 26 - 29, 2008, Porto, Portugal

More Related