You are previewing Trust Modeling and Management in Digital Environments: From Social Concept to System Development.
O'Reilly logo
Trust Modeling and Management in Digital Environments: From Social Concept to System Development

Book Description

Trust Modeling and Management in Digital Environments: From Social Concept to System Development examines how reliance is transferred from a social to a digital concept, enabling digital system users to build up confidence in their system. A defining body of sought after research, this innovative publication provides an understanding of the current challenges, solutions, and their limitations to those interested in this advancing field.

Table of Contents

  1. Copyright
  2. Editorial Advisory Board
  3. List of Reviewers
  4. Foreword
  5. Preface
    1. ORGANIZATION OF THE BOOK
  6. Acknowledgment
  7. 1. Security Enhanced Trust Management Solutions
    1. 1. Remote Platform Attestation: The Testimony for Trust Management
      1. ABSTRACT
      2. INTRODUCTION
        1. Motivation
        2. Remote Attestation
      3. BACKGROUND OF TRUSTED COMPUTING
        1. Memory Curtaining
        2. Secure Storage and Sealed Storage
        3. Platform Measurement
        4. Platform Attestation
        5. A Conceptual Model of Remote Attestation
        6. The Conceptual Model of Remote Attestation
      4. ROOT OF TRUST
        1. Hardware-Based Root of Trust
        2. Software-Based Root of Trust
        3. Hybrid Root of Trust
        4. Trust Chain of Remote Attestation
        5. Attestation Objective
        6. Object Measurement
        7. Objects to Measure
        8. Measurement Methods
        9. Measurement Timing
        10. Attestation Process
      5. SUMMARY: DESIGN PRINCIPLES FOR ATTESTATION SCHEMES
        1. Existing Remote Attestation Schemes
        2. Integrity-Based Attestation
          1. TCG Attestation
          2. Data Attestation
          3. Program Integrity Attestation
        3. Quality-Based Attestation
          1. Security Property Attestation
          2. Execution Correctness Attestation
          3. Policy Conformance Attestation
        4. Applying Attestation in Trust Management
      6. CONCLUSiON
      7. ACKNOWLEDGMENT
      8. REFERENCES
    2. 2. Scaling Concepts between Trust and Enforcement
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
        1. Enforcement Technology
        2. Trust Technology
        3. Trusted Systems
        4. Trusted Functional Building Blocks
        5. Concepts Between Trust and Enforcement
        6. Establishment of Trust
        7. Verification
        8. Validation
          1. Validation Identities
          2. Autonomous Validation
          3. Remote Validation
          4. Semi-Autonomous Validation
          5. Validation and Enforcement
        9. Remote Take Ownership
        10. Applications
        11. Trust in Identity Management Systems
        12. Trust for Transactions in Workflows
        13. Home NodeBs and Machine-to-Machine Communication
      4. FUTURE RESEARCH DIRECTIONS
      5. CONCLUSION
      6. ACKNOWLEDGMENT
      7. REFERENCES
      8. ENDNOTES
    3. 3. Mobile Trusted Computing Based on MTM
      1. ABSTRACT
      2. INTRODUCTION
      3. LEGACY PLATFORM SECURITY SOLUTIONS
        1. Secure Boot
        2. Secure Boot with Embedded Key
        3. Dedicated platform Security Architecture in Hardware
        4. Security Threats
        5. Security Processors
      4. THE TRUSTED PLATFORM MODULE (TPM)
      5. MOBILE USE-CASES FOR A TRUSTED MODULE
      6. MTM: THE MOBILE TRUSTED MODULE
        1. MTM Secure Boot
        2. MTM Example in the Context of Secure Boot
        3. MTM Security Analysis
        4. MTM Ecosystem Trust Management
        5. Transitive and Logically Parallel MTMs
        6. MTM Extensions and Other Architectural Developments
        7. Stakeholder Separation in MTM
        8. More General-Purpose Trusted Execution Environments
        9. Towards Application-Level Access
      7. CONCLUSION
      8. REFERENCES
      9. KEY TERMS AND DEFINITIONS
    4. 4. Establishing Software Integrity Trust: A Survey and Lightweight Authentication System for Windows
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
        1. Binary Authentication and Operating System Security
        2. Binary Authentication Goals
        3. Security Assumptions and Scope of Discussion
      4. A SURVEY OF EXISTING AUTHENTICATION SYSTEMS
        1. System Design Options
        2. Comparison
      5. AUTHENTICATION ISSUES IN MICROSOFT WINDOWS
      6. BINAUTH AND SOFTWARE-ID
        1. Software-ID Scheme
        2. BinAuth Architecture
          1. Signature ToMac
          2. Verifier
          3. Security Analysis
      7. BINAUTH OVERHEADS
      8. FUTURE RESEARCH DIRECTIONS
      9. CONCLUSION
      10. ACKNOWLEDGMENT
      11. REFERENCES
      12. ENDNOTES
    5. 5. Trust Issues and Solutions in Multimedia Content Distribution
      1. ABSTRACT
      2. INTRODUCTION
      3. RELATED WORK
        1. Trusted Computing
        2. Web of Trust
        3. Trust in Electronic Commerce
        4. Trust Issues in Multimedia Content Distribution
      4. SOLUTIONS FOR TRUSTED MULTIMEDIA CONTENT DISTRIBUTION
        1. Authorization, Authentication and Secure Payment
          1. Encryption for Confidentiality Protection
        2. Lightweight Schemes for Secure Preview
          1. Perceptual Encryption
          2. Removable Visible Watermarking
      5. TRUSTED HARDWARE RESISTING THE RELEASE OF CLEAR CONTENT
        1. Watermarking Techniques for Ownership Identification
        2. Digital Fingerprinting for Traitor Tracing
        3. Multimedia Forensics for Forgery Detection
        4. Open Issues and Promising Research Topics
      6. CONCLUSION
      7. ACKNOWLEDGMENT
      8. REFERENCES
    6. 6. Certificate-Based Trust Establishment in eEnabled Airplane Applications: Challenges and Approaches
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
        1. Network-Enabled (eEnabled) Airplanes
          1. Major Security Issues of eEnabled Airplanes
          2. Emerging Standards and Research on eEnabled Airplanes
        2. Airplane Asset Distribution System (AADS)
        3. Airplane Multi-Purpose RFID System (AMRS)
        4. Major Constraints on Secure eEnabled Airplane Solutions
        5. Public Key Infrastructure (PKI)
        6. Secure AADS: Challenges and Approaches
          1. Challenges in Realizing Secure AADS
        7. Approaches in AADS Certificate Management
          1. Whitelist Solution: Preloading Trusted Certificates
          2. Structured Solutions: Use of PKI
          3. Certificate Revocation
            1. Online Certificate Status Protocol (OCSP)
            2. Certificate Revocation Lists (CRL)
          4. Multiple Certificate Authorities (CA) Based Solution
        8. Secure AMRS: Challenges and Approaches
        9. Challenges in Realizing Secure AMRS
        10. Approaches in Certificate Management in AMRS
          1. Whitelist with Bloom Filter
          2. Hash Chain Based Certificate Revocation
          3. Server-Based Authentication
          4. Comparisons of Resource-Efficient Certificate Management
      4. FUTURE RESEARCH DIRECTIONS
      5. CONCLUSION
      6. ACKNOWLEDGMENT
      7. REFERENCES
  8. 2. Evaluation Based Trust Management Solutions
    1. 7. Trust Management for Grid Systems
      1. ABSTRACT
      2. INTRODUCTION
      3. VIRTUAL ORGANIZATIONS IN GRID COMPUTING
        1. Overview
        2. Virtual Breeding Environments
        3. VO Topologies
          1. Supply-Chain VOs
          2. Hub-and-Spoke VOs
          3. Peer-to-Peer VOs
        4. Trust-Based VO Lifecycle
          1. VO Identification
          2. VO Formation
          3. VO Operation
          4. VO Dissolution
      4. GRID SECURITY
        1. Overview
        2. Threat Models for Grid
        3. OGSA Security
          1. Authentication Service
          2. Identity Mapping Service
          3. Authorization Service
          4. VO Policy Service
          5. Credential Conversion Service
          6. Audit Service
          7. Profile Service
          8. Privacy Service
        4. Grid Security Infrastructure
          1. Authentication
          2. Identity Federation
          3. Dynamic Entities and Delegation
          4. Message-Level Security
          5. Trust Domains
        5. EGEE Security architecture
          1. Logging and Auditing
          2. Authentication
          3. Authorization
          4. Delegation
          5. Data Key Management
          6. Sandboxing
      5. TRUST AND REPUTATION IN GRIDS
        1. Overview
          1. Role-Based Trust Management with Weights
          2. The Model
          3. Extending the Globus Architecture with RTML
          4. Credentials and Access Policies as RTML Statements
        2. Utility-Based Reputation
          1. A Reputation Management System for Grids
          2. Usage Scenario
      6. FUTURE RESEARCH DIRECTIONS
        1. Comparison of Different Approaches
          1. New Grid-Related Paradigms
          2. Threat Models for Trust Management
          3. Quantitative Methods
      7. CONCLUSION
      8. ACKNOWLEDGMENT
      9. REFERENCES
    2. 8. Formalizing and Managing Activity-Aware Trust in Collaborative Environments
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
        1. Trust Issues in Critical Infrastructures
        2. Managing Activity-Aware Trust Relationships
          1. Activity-Aware Trust
        3. Activity-Aware Trust Management System Objectives
        4. Activity-Aware Trust Management System Requirements
      4. R1 EVIDENCE COLLECTION AND DISTRIBUTION
        1. R1.1 Heterogeneous Forms of Evidence
        2. R1.2 Selective Collection and Distribution of Evidence
        3. R1.3 Dynamic Management of Evidence Streams
      5. R2 TRUST ANALYSIS
        1. R2.1 Time-Aware Trust Relationships
        2. R2.2 Composable Trust Constructs
      6. R3 TRUST EVALUATION
        1. R3.1 Evidence Aggregation
        2. R3.2 Evidence-to-Expectation Mapping functions
        3. R3.3 Expectation Satisfaction
      7. R4 TRUST MONITORING
        1. R4.1 Trust Re-Evaluation
        2. R4.2 Trusting Attitude Support
        3. Trust Ontology Model
        4. Trust Relation
        5. Trust Relation Attributes
          1. Trustors and Trustees
          2. Context
          3. Trust Levels
          4. Time Interval
          5. Expectation Set
          6. Interaction id
          7. Status
        6. Trust Relation Properties and Operations
          1. Operations Changing Trust Relation State
          2. Operations Using Trust Relation State
        7. Trust Model Applicability
      8. CHALLENGES AND FUTURE DIRECTIONS
      9. CONCLUSION
      10. REFERENCES
      11. ENDNOTE
    3. 9. Trust Development in Peer-to-Peer Environments
      1. ABSTRACT
      2. INTRODUCTION
      3. RELATED WORK
      4. TRUST EVALUATION
          1. Local Rating
        1. Aggregated rating
        2. Recommendation and Noise
        3. Credibility Evaluation
      5. EXPERIMENTS
        1. Experiment 1
        2. Experiment 2
        3. Experiment 3
        4. Experiment 4
        5. Comparison
      6. CONCLUSION
      7. REFERENCES
    4. 10. Trust Management in Ad Hoc Networks
      1. ABSTRACT
      2. INTRODUCTION
      3. TRUST ASPECTS WITHIN AD HOC NETWORK OPERATIONS
        1. Node Auto-Configuration
        2. Neighbor Discovery
        3. Collaboration for Routing
        4. Adaptation of Node Behavior
        5. Mobility
        6. Distributed Network Management and Distributed Security Services
      4. OVERVIEW OF AD HOC NETWORK TECHNOLOGIES AND PROTOCOLS
        1. Protocols for Auto-Configuration
          1. Dynamic Configuration Distribution Protocol (DCDP)
        2. Routing in Ad Hoc Networks
          1. Optimised Link State Routing (OLSR)
          2. Ad Hoc On-Demand Distance Vector Routing (AODV)
        3. Behavior of TCP/IP Protocols in Ad Hoc Networks
      5. MITIGATION OF ATTACKS USING TRUST
        1. Vulnerabilities and Attacks in Mobile Ad Hoc Networks
          1. Passive Listening
          2. Impersonation, Black Hole and Sybil Attack
          3. Collusion Attacks and Wormhole
          4. Misbehavior and Denial of Services
        2. Deficiencies of Traditional Security Measures Regarding Attacks in Mobile Ad Hoc Networks
        3. Architecture of Ad Hoc Trust-Based Services
        4. Autonomic Node Based Reasoning on Trust
          1. Formal Languages for Reasoning on Trust
          2. Trust Evaluation Models
          3. Evidence Gathering and Management
          4. Misbehavior Detection and Trust Based Decisions
        5. Trust Through Collaboration Among Nodes
      6. OTHER APPLICATIONS OF TRUST IN MOBILE AD HOC NETWORKS
        1. Visualization of Trust Metrics and Intuitive Management of Ad Hoc Networks
      7. CONCLUSION
      8. REFERENCES
    5. 11. A Context-Aware Model of Trust for Facilitating Secure Ad Hoc Collaborations
      1. ABSTRACT
      2. INTRODUCTION
      3. RELATED WORKS
        1. Overview of the Context Aware Trust Model
        2. Trust Evaluation
        3. Evaluating Experience
        4. Evaluating Knowledge
        5. Evaluating Recommendation
        6. Normalization of Trust Vector
        7. Trust Dynamics
        8. Trust Vector at Present Time
        9. Reasoning about Trust Relationships in Different Contexts
        10. Relationships Between Contexts
          1. Specialization Relationship
          2. Composition Relationship
          3. Context Graphs
        11. Evaluating Trust without Complete Information
        12. Extrapolating Trust Values from Different Contexts
        13. Comparison Operation on Trust Vectors
        14. Combining Trust Vectors for Collaborations
        15. Trust Relationship between a Truster and a Group of Trustee
        16. Trust Relationship between a Group of Trusters and a Single Trustee
        17. Trust Relationship between a Group of Trusters and a Group of Trustees
        18. Reconfiguration of a Group
      4. CONCLUSION AND FUTURE DIRECTIONS
      5. ACKNOWLEDGMENT
      6. REFERENCES
      7. ENDNOTE
    6. 12. An Evaluation Framework for Reputation Management Systems*
      1. ABSTRACT
      2. INTRODUCTION
      3. OVERVIEW OF EVALUATION FRAMEWORK
        1. Terminology
        2. Architectural Justification
      4. TRACE GENERATION
        1. Trace Generation Summary
        2. Trace Files
        3. User Models
        4. Library Initialization
        5. Query Generation
      5. TRACE SIMULATION
        1. Bandwidth & Load Distribution
        2. Source Selection
        3. Feedback Database
      6. REPUTATION ALGORITHMS
        1. None (No RA present)
        2. EigenTrust
        3. Trust Network Analysis with Subjective Logic (TNA-SL)
      7. EVALUATION METRICS
        1. Effectiveness Metric
        2. Simulation Efficiency
        3. Heuristically Improving Simulation Efficiency
      8. TEST RUNS AND OBSERVATIONS
        1. Simple Test Runs
        2. Pre-Trusted Peers
        3. Reduced Interaction Density
        4. Tightening Bandwidth Constraints
      9. EMPOWERING MALICIOUS USERS
        1. Assumptions Benefiting Bad Users
        2. Distributed Schema
        3. Empowering Isolated Malicious Users
        4. Empowering Malicious Collectives
      10. CONCLUSION
        1. Future Work
        2. Source Availability
      11. REFERENCES
      12. ADDITIONAL READING
      13. ENDNOTES
    7. 13. Observation-Based Trust Management for Services in Mobile Networks
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
        1. Trust Metrics
        2. Fuzzy Service property Model
      4. OBSERVATION-BASED TRUST FOR SERVICES IN MOBILE NETWORKS
        1. Information Gathering
        2. The Observer Management System
        3. Dissemination and Querying
        4. Trust Management framework Observation Reports
        5. Information processing
          1. Trust Classification
          2. Fuzzy Model Integration
          3. Observation Report Weighting
        6. Information Usage
          1. Trust Assessment
        7. Measurement Based Evaluation
        8. Reputation Based Evaluation
        9. Recommendation Based Evaluation
        10. General Trust Assessment
          1. Risk and Service Invocation
        11. Realization
        12. Evaluation
          1. Simulations
      5. CONCLUSION
      6. SUMMARY
      7. FUTURE WORK
        1. Open issues
      8. REFERENCES
      9. ENDNOTE
    8. 14. Risk-Based Trust Management for E-Commerce
      1. ABSTRACT
      2. INTRODUCTION
      3. ELECTRONIC COMMERCE OVERVIEW
        1. E-Commerce Architecture
        2. Risks Associated with E-Commerce
        3. Trust and Reputation Management
      4. RISK-BASED TRUST MANAGEMENT MODEL
        1. Highlight of the Framework
        2. Risk Formulation
          1. Computing Trust Value Risk
          2. Computing Service Cost
          3. Computing Warranty Value
        3. Computing Transaction Risk
      5. PERFORMANCE ANALYSIS
        1. Simulation result and Discussion
          1. Impact of Weighing Scales
          2. Comparative Analysis
      6. FUTURE RESEARCH DIRECTIONS
      7. CONCLUSION
      8. REFERENCES
    9. 15. Privacy and Trust Issues in Context-Aware Pervasive Computing: State-of-the-Art and Future Directions
      1. ABSTRACT
      2. INTRODUCTION
      3. PERVASIVE COMPUTING
        1. Properties and Features
        2. Requirements
        3. Security Challenges
      4. CONTEXT-AWARE COMPUTING
        1. Terminology
        2. Life-Cycle of Context-Aware Information
        3. Context Taxonomy
        4. Reasoning about Uncertain Contexts in Pervasive Computing
          1. Ontology Reasoning in Context-Aware Computing
          2. Fuzzy Logic Reasoning in Context-Aware Computing
      5. PRIVACY IN PERVASIVE COMPUTING
        1. Privacy Definition
        2. General Principles and Privacy Requirements
        3. Privacy-Aware Design Guidelines
      6. TRUST IN PERVASIVE COMPUTING
        1. Trust Management in Pervasive Computing
        2. Trust Establishment in Pervasive Computing
        3. Privacy in Trust Negotiation
      7. AUTHENTICATION IN PERVASIVE COMPUTING
        1. Authentication Requirements
        2. Designing Privacy-Based Context-Aware Authentication Systems
      8. RELATED WORK
        1. Security Infrastructure
        2. Privacy Related Researches
        3. Privacy-Enhanced Identity Management Systems
        4. Trust Researches
      9. CONCLUSION AND FUTURE DIRECTIONS
      10. REFERENCES
    10. 16. Trust and Stability in Heterogeneous Multimedia Networks
      1. ABSTRACT
      2. INTRODUCTION
      3. SIGNIFICANCE AND RESEARCH QUESTIONS
      4. REVIEW OF LITERATURE
      5. THEORETICAL FRAMEWORK
      6. STABILITY BEHAVIOR OF HETEROGENEOUS NETWORKS
        1. Unstable Heterogeneous Networks under Classical Adversarial Attacks
          1. Unstable Compositions of NTG with FFS and LIS
            1. Stability Behavior of U1 Network
            2. Stability Behavior of U2 Network
            3. Stability Behavior of S1, S2, S3, S4 Networks
            4. Instability of FIFO and NTG Compositions
        2. Unstable Heterogeneous Networks under Adversarial Attacks with Dynamic Slowdowns
          1. Instability Behavior of Size-Parameterized Networks
          2. Instability Bounds for Forbidden Subgraphs
        3. Unstable Heterogeneous Networks under Adversarial Attacks with Dynamic Capacities
      7. NETWORK SIMULATION PLATFORM
      8. EVALUATION
      9. POTENTIAL USE
      10. CONCLUSION AND DISCUSSIONS
      11. REFERENCES
  9. 3. Trust Modeling and Management Driven by Social Study
    1. 17. The Role of Trust in Social Life
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
        1. Conception of Trust
          1. In the Behavior Tradition
          2. In the Psychological Approach
        2. Theory and Model of Trust
          1. Psychological Trait Theory
          2. Social Learning Theory
          3. Glanville's Theory
          4. Rotenberg's Theory
        3. Measurement of Trust in Sociology and Psychology
          1. Questionnaire Survey
          2. Experimental Method
          3. Qualitative Research Method
          4. Remarks
      4. TRUST IN SOCIAL LIFE
        1. Issues, Controversies and Problems
          1. Interpersonal Trust
          2. Trust in Organization
          3. Trust in Virtual Reality
        2. Solutions and Recommendations
          1. Interpersonal Trust
          2. Trust in Organization
          3. Trust in Virtual Reality
      5. FUTURE RESEARCH DIRECTIONS
        1. Multi-Disciplinary Integration of Trust Research
        2. Applying the Results of Trust into Industry
      6. CONCLUSION
      7. REFERENCES
    2. 18. Issues on Anshin and its Factors
      1. ABSTRACT
      2. INTRODUCTION
      3. RELATED WORK ON ANSHIN AND TRUST
      4. USER SURVEY WITH STATISTICAL ANALYSIS
        1. Questionnaire Survey
          1. Preparing a Questionnaire
          2. Improving the Questionnaire
          3. Conducting Survey
        2. Exploratory Factor Analysis with Examples
          1. Selecting Factors
          2. Interpreting Factors
        3. Structural Equation Modeling with Examples
          1. Constructing Models
          2. Fitness of Models
        4. User Survey on Anshin
      5. CONCLUSION
      6. REFERENCES
    3. 19. Trust in Identification Systems: From Empirical Observations to Design Guidelines
      1. ABSTRACT
      2. INTRODUCTION
      3. METHODOLOGY
      4. TRUST
        1. Overview
        2. Definition
        3. Asymmetric Trust
        4. Justified Trust
      5. CITIZEN IDENTIFICATION SYSTEMS
      6. EMPIRICAL FINDINGS
        1. Risk and Benefits
        2. Vulnerability and Scepticism
        3. Privacy and Data Loss
        4. Conclusion
      7. WHAT THEORY?
        1. Society and Technology
        2. Technology Adoption
        3. Technology as a Message
        4. Identification System as a Message
        5. Implications
      8. GUIDELINES
        1. Communicate Through Technology
        2. Set Baseline to Avoid Negative Messages
        3. Demonstrate Value Compatibility
        4. Allow for Experimentation and Keep Learning from It
      9. CONCLUSION
      10. REFERENCES
    4. 20. Human-Machine Trust Interaction: A Technical Overview
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
        1. Concept of Human-Machine Trust
        2. Factors Influencing Human-Machine Trust
          1. Properties of Machine System
          2. Properties of Human
          3. Context
      4. APPROPRIATE TRUST IN HUMAN-MACHINE INTERACTION
        1. Issue, Controversies and Problems
        2. Solutions and Recommendations
          1. Make Web Site Content Trustable
          2. Make Design of Web Site Trustable
          3. Consider Properties of Consumers
          4. Consider Context of E-Commerce
      5. FUTURE RESEARCH DIRECTIONS
      6. CONCLUSION
      7. REFERENCES
    5. 21. Rethinking Realistic Wireless Network Mobility: Model and Trust
      1. ABSTRACT
      2. INTRODUCTION
      3. DATA COLLECTION
      4. A LEVY WALK MOBILITY MODEL
      5. EXPERIMENTAL CONFIRMATION
        1. Flight Distance
        2. Stay Time and Turning Angle
        3. Reconstruction
        4. A Trust-Based Refinement
      6. CONCLUSION
      7. FUTURE PLAN AND DISCUSSION
      8. ACKNOWLEDGMENT
      9. REFERENCE
  10. Compilation of References
  11. About the Contributors