Technical background on the
“ Blueprints and
Use Cases” - ICDS 2014
Dr. George Vaněček, Jr.
(FICO, San Jose, CA, USA)
Deep...
Trust?
Trust is one of humanity’s most explicit and intrinsic social
cognitions, yet within the digital world its mostly s...
The Untrustworthy Internet?
“Billions of people around the world do not trust the
Internet”,
- claims European Commission ...
Human/Computer Co-evolution
Today
adaptedfrom:F.Mattern,Dagstuhl2002
50B+ interconnected
sensors, actuators,
and intellige...
Rising Problem for Enterprises
People and organizations will need to adopt a more
flexible access policy to remain competi...
Internet and IoT Security Models need to
adopt to new Trust Management Systems
Most of today’s security infrastructure is ...
Trust Management System Overview
 A Logical Trust Network maintains entities and trust
relationships between those entiti...
Current vs. Trust-based Interactions
Users
Public
Devices
Personal
Devices
Organizations
Service and Content
Providers
Tru...
Logical Trust Network
 A digraph of nodes (i.e., entities)
and directed edges (e.g.,
relationships), where
 An entity is...
Trust needs to differentiate an entity by its
context(s) that change with time
Father
Consultant Employee
Teacher
Tourist
...
Entity Contexts change/are-created over Time
by Events
Entity’s Current Contexts
Versioning from C000 to C001
Contextual E...
Describing Entities and their Contexts
 A context is a set of unique attributes
{(n0,v0,r0), …}
An attribute is a tuple o...
Situations identify Contexts
Father
ConsultantEmployee
Teacher
Tourist
Hobbyist Volunteer
Trustor
Contexts
Walking in a pa...
Trust Relationships
Connect Contexts
 Edges in the Logical Trust Network represent direct trust
relationships.
 Indirect...
Trust Relationships
A trust relationship R is defined as a set of
scoring attributes
R(Ci, Cj) = {a0, …, am}
from Context ...
Closer look at the Logical Trust Network
Time
Entity
Now
Trust
Broker
Truster
Trustee
Entity
Current
Contexts
Relationship...
Trust Belief Policy
A believe policy B is defined as a set of belief attributes qn
that reference score attributes as
B = ...
Boolean Trust for an Explicit Relationship
Trust questions must be answered as “yes” or “no”.
Given a trust relationship R...
Open Problems
• Do we need a new identity ecosystem for all people, places
and things to manage trust on the Internet?
E.g...
Summary
I. A generalized trust management system is needed to
address current aging security and privacy issues.
II. The e...
Thank you
GeorgeVanecek@fico.com
Upcoming SlideShare
Loading in …5
×

Trust blueprints icds 2014

385 views

Published on

As the scope of current distributed computing model envisioned by the contemporary cloud computing environment enlarges to future federated Intercloud and ubiquitous & pervasive computing models such as Internet of Things (IoT), many difficult problems and challenges arise. Security is one of the most important and paramount concerns of such a computing environment. Current security mechanisms are very static, inflexible and not granular enough to make efficient and informed decisions in the Service Provider based computing environment. The conventional trust mechanisms in place are inadequate at addressing granular level trust issues in the highly distributed open environments. In this paper, we explore various Trust Management schemes and blueprints for enabling a framework that interested parties can use to determine the trustworthiness of disparate and heterogeneous computing entities. The paper also enumerates various business use case scenarios articulating how such a Trust Management framework would be highly invaluable for addressing the current as well as future computing environments needs.

Published in: Technology
  • Be the first to like this

Trust blueprints icds 2014

  1. 1. Technical background on the “ Blueprints and Use Cases” - ICDS 2014 Dr. George Vaněček, Jr. (FICO, San Jose, CA, USA) Deepak Vij, Ishita Majumdar, Naveen Dhar (FutureWei Technologies, Santa Clara, CA, USA) The Eighth International Conference on Digital Societies ICDS 2014, Barcelona Spain
  2. 2. Trust? Trust is one of humanity’s most explicit and intrinsic social cognitions, yet within the digital world its mostly static, over simplified and generally not negotiable!? Trust is the extent to which a trustor is willing to depend on something or someone (a trustee) in a given situation, even though negative consequences are possible. ! ?
  3. 3. The Untrustworthy Internet? “Billions of people around the world do not trust the Internet”, - claims European Commission vice-president Neelie Kroes. “The future of internet was based on trust…Trust can never again be taken for granted.” - March 2014, BBC • 98% of Americans distrust the Internet • 56% fear on-line information is outdated • 53% feel the information is self-promotional • 45% feel unfamiliar with the sources - Harris Interactive MRF, 2012
  4. 4. Human/Computer Co-evolution Today adaptedfrom:F.Mattern,Dagstuhl2002 50B+ interconnected sensors, actuators, and intelligent, autonomous, and individualized devices, supported by massive cloud services. Simple ComplexTrust Many People per One Computer One Computer for One Person Many Computers for Everyone
  5. 5. Rising Problem for Enterprises People and organizations will need to adopt a more flexible access policy to remain competitive yet open. A company wants to enable employee and guest access from anywhere at anytime, but also meet compliance reviews and protect company data. An employee wants access to corporate data and services anytime, anywhere (multiple employers or public sites) on any devices while protecting his/her privacy. ! ! By 2014, 80% of mobile professionals will use at least two personal devices to access corporate systems and data. A device needs to know who and what to trust when, where, and why. ?
  6. 6. Internet and IoT Security Models need to adopt to new Trust Management Systems Most of today’s security infrastructure is static and perimeter-centric with policies that are restrictive and insular. This is no longer sufficient in an environment that is highly dynamic, multi-sourced and virtualized, and where consumer-oriented IT is increasingly used in lieu of enterprise-owed, provisioned systems.
  7. 7. Trust Management System Overview  A Logical Trust Network maintains entities and trust relationships between those entities  Trust values for a trustee are determined from the combined scores of a trustor’s 1. Evidence: trust values based on directly scoring of tracked evidence 2. Reputation: trust value based on indirect recommendations.  The Logical Trust Network is redundantly distributed over a topology of 1. Trust Agents: decentralized set of peers in a P2P topology 2. Trust Brokers: a centralized 3rd-party set of trust brokers Where an entity and its adjacent relationship may appear differently in more than one agent or broker.
  8. 8. Current vs. Trust-based Interactions Users Public Devices Personal Devices Organizations Service and Content Providers Trust Relationship Trust Index Client Server Req. Resp. Trust? Trustee Req. Truster Logical Trust Network IdP Authentication and Authorization Based on Membership Auth ? ? ye s ye s Resp. Auth IdP Today
  9. 9. Logical Trust Network  A digraph of nodes (i.e., entities) and directed edges (e.g., relationships), where  An entity is any person, place or thing with a distinct existence that needs to trust or be trusted by other entities. Users Public Devices Personal Devices Organizations Service and Content Providers Trust Relationship Trust Index  Entities need not have unique identities; in their absence, their identities may be probabilistically resolved from their attributes.  Entities are contextually structured, and relationships are granularly scored…
  10. 10. Trust needs to differentiate an entity by its context(s) that change with time Father Consultant Employee Teacher Tourist Moto Hobbyist Volunteer Entity Cijk • Entity i • Context j • Version k t
  11. 11. Entity Contexts change/are-created over Time by Events Entity’s Current Contexts Versioning from C000 to C001 Contextual Events Cause Context Evolution, e.g., Branching from C000 to C010
  12. 12. Describing Entities and their Contexts  A context is a set of unique attributes {(n0,v0,r0), …} An attribute is a tuple of n-name, v-value, r-unique attribute identifier, e.g., (“Name.Last”, “Smith”, “org:w3c:etc:context:…:name”)  Attributes represent entities characteristics, configurations, scenarios, locations, times, roles, etc.  Contexts are immutable. They may change or split. Their changes represent subsequent contexts in the entity’s context tree.  Entities are defined as the collection of their contexts at any given time t, e.g., e0t = (C011, C020, C030).  Situations differentiate contexts…
  13. 13. Situations identify Contexts Father ConsultantEmployee Teacher Tourist Hobbyist Volunteer Trustor Contexts Walking in a park with daughter Riding with a group of motorcycle club members Working on a patent with coworkers  Situations are represented by attribute sets Mapping function maps situations to contexts
  14. 14. Trust Relationships Connect Contexts  Edges in the Logical Trust Network represent direct trust relationships.  Indirect and derived relationships may be temporarily cached for auditing and verification but typically not persisted permanently.  Trustor contexts needs evidence (e.g., mutable performance profile) to prove trustworthiness
  15. 15. Trust Relationships A trust relationship R is defined as a set of scoring attributes R(Ci, Cj) = {a0, …, am} from Context Ci of Entity i to the Context Cj of Entity j where a scoring attribute an = (n, α, r, sn) holds a score value 0≤α≤1 defined by a scoring function over the jth evidence Dj Sn(Dj) = α An example is (“gradRatio”, 0.87, “org:shool:…:gradRatio”, graduated/enrolled) Ci Cj Dj Trustor Trustee R(Ci, Cj )
  16. 16. Closer look at the Logical Trust Network Time Entity Now Trust Broker Truster Trustee Entity Current Contexts Relationship Evidence Scores Situation Context Determination
  17. 17. Trust Belief Policy A believe policy B is defined as a set of belief attributes qn that reference score attributes as B = { qn | qn = (n, β) } where n is the name of a score attribute, and β is a score threshold 0 ≤ β ≤ 1 and ∨qn c B, an c R e.g., (“GradRatio”, 0.85) I trust until trust is broken I distrust until trust is earned
  18. 18. Boolean Trust for an Explicit Relationship Trust questions must be answered as “yes” or “no”. Given a trust relationship R and a belief policy B, R represents trust based on direct evidence only if Combining evidence-based trust with jth reputation, Uj, yields Other trust determination functions can be formulated from the Logical Trust Network model… Score Expected score threshold
  19. 19. Open Problems • Do we need a new identity ecosystem for all people, places and things to manage trust on the Internet? E.g., National Strategy for Trusted Identities in Cyberspace (NSTIC) • Need algorithms to maintain and create entities’ contexts • How do trust brokers collect evidence? • Need tools for trustors to maintain their beliefs and relationships. • Need to define a general and extensible taxonomy for attribute names? • How do we define and share scoring functions? • How do we secure the Logical Trust Network? • How do we protect entity’s privacy while allowing sharing?
  20. 20. Summary I. A generalized trust management system is needed to address current aging security and privacy issues. II. The evolution of IT into ICT and hybrid enterprise/public services needs trust. III. The digital world can no longer ignore trust. IV. Its time for the computer science and security communities to formalize and deploy a trust system in the future Internet.
  21. 21. Thank you GeorgeVanecek@fico.com

×