Trust management (information system)

In information system and information technology, trust management is an abstract system that processes symbolic representations of social trust, usually to aid automated decision-making process. Such representations, e.g. in a form of cryptographic credentials, can link the abstract system of trust management with results of trust assessment. Trust management is popular in implementing information security, specifically access control policies.

The concept of trust management has been introduced by Matt Blaze[1] to aid the automated verification of actions against security policies. In this concept, actions are allowed if they demonstrate sufficient credentials, irrespective of their actual identity, separating symbolic representation of trust from the actual person.

Trust management can be best illustrated through the everyday experience of tickets. One can buy a ticket that entitles him e.g. to enter the stadium. The ticket acts as a symbol of trust, stating that the bearer of the ticket has paid for his seat and is entitled to enter. However, once bought, the ticket can be transferred to someone else, thus transferring such trust in a symbolic way. At the gate, only the ticket will be checked, not the identity of a bearer.

Overview

Trust management can be seen as a symbol-based automation of social decisions related to trust,[2] where social agents instruct their technical representations how to act while meeting technical representations of other agents. Further automation of this process can lead to automated trust negotiations (e.g. see Winslett[3]) where technical devices negotiate trust by selectively disclosing credential, according to rules defined by social agents that they represent. The definition and perspective on trust management was expanded in 2000 to include concepts of honesty, truthfulness, competence and reliability.[4] Trust levels, the nature of the trust relationship and the context were presented in the paper by Grandison and Sloman.

Web Services Trust Language (WS-Trust)[5] brings trust management into the environment of web services. The core proposition remain generally unchanged: the Web Service (verifier) is accepting a request only if the request contains proofs of claims (credentials) that satisfy the policy of a Web Service.

It is also possible to let technical agents monitor each other's behaviour and respond accordingly by increasing or decreasing trust. Such systems are collectively called Trust-Based Access Control (TBAC)[6] and their applicability have been studied for several different application areas.[7]

An alternative view on trust management[8] questions the possibility to technically manage trust, and focuses on supporting the proper assessment of the extent of trust one person has in the other.

Trust management is also studied in specific IT-related field such as transportation.[9]

Trust management is an important topic in online social network these days.[10]

gollark: I can write some code for this if desisred.
gollark: Surely you can just pull a particular tag of the container.
gollark: I can come up with a thing to transmit ubqmachine™ details to osmarks.net or whatever which people can embed in their code.
gollark: It's an x86-64 system using debian or something.
gollark: > `import hashlib`Hashlib is still important!> `for entry, ubq323 in {**globals(), **__builtins__, **sys.__dict__, **locals(), CONSTANT: Entry()}.items():`Iterate over a bunch of things. I think only the builtins and globals are actually used.The stuff under here using `blake2s` stuff is actually written to be ridiculously unportable, to hinder analysis. This caused issues when trying to run it, so I had to hackily patch in the `/local` thing a few minutes before the deadline.> `for PyObject in gc.get_objects():`When I found out that you could iterate over all objects ever, this had to be incorporated somehow. This actually just looks for some random `os` function, and when it finds it loads the obfuscated code.> `F, G, H, I = typing(lookup[7]), typing(lookup[8]), __import__("functools"), lambda h, i, *a: F(G(h, i))`This is just a convoluted way to define `enumerate(range))` in one nice function.> `print(len(lookup), lookup[3], typing(lookup[3])) #`This is what actually loads the obfuscated stuff. I think.> `class int(typing(lookup[0])):`Here we subclass `complex`. `complex` is used for 2D coordinates within the thing, so I added some helper methods, such as `__iter__`, allowing unpacking of complex numbers into real and imaginary parts, `abs`, which generates a complex number a+ai, and `ℝ`, which provvides the floored real parts of two things.> `class Mаtrix:`This is where the magic happens. It actually uses unicode homoglyphs again, for purposes.> `self = typing("dab7d4733079c8be454e64192ce9d20a91571da25fc443249fc0be859b227e5d")`> `rows = gc`I forgot what exactly the `typing` call is looking up, but these aren't used for anything but making the fake type annotations work.> `def __init__(rows: self, self: rows):`This slightly nonidiomatic function simply initializes the matrix's internals from the 2D array used for inputs.> `if 1 > (typing(lookup[1]) in dir(self)):`A convoluted way to get whether something has `__iter__` or not.

References
  1. Blaze, M. et al. (2003) "Experience with the KeyNote Trust Management System: Applications and Future Directions." Proc. of First Int. Conf. on Trust Management iTrust 2003. Springer-Verlag LNCS 2692, pp. 284-300.
  2. Cofta, P. (2007) Trust, Complexity and Control. Confidence in a Convergent World. J Wiley.
  3. Winslett, M. (2003) An Introduction to Trust Negotiations. In: P. Nixon and S. Terzis (eds.): Trust Management 2003, LNCS 2692, pp. 275-283.
  4. Tyrone Grandison, Morris Sloman. A Survey of Trust in Internet Applications. IEEE Communications Surveys and Tutorials, Fourth Quarter 2000
  5. Anderson, S. et al. (2005) Web Services Trust Language (WS-Trust).
  6. Dimmock, N., Bacon, J., Ingram, D., and Moody. K. (2005) Risk Models for Trust-Based Access Control (TBAC). In: P. Herrmann (ed): iTrust2005, LNCS 3477, pp. 364-371
  7. Adams, W. J., and Davis IV, N. J. (2005) "Towards a Decentralized Trust-Based Access Control System for Dynamic Collaboration." Proc. of the 2005 IEEE Workshop on Information Assurance and Security.
  8. Josang, A., Keser, C., and Dimitrakos, T. (2005) "Can We Manage Trust?" In: P. Herrmann et al. (Eds.): iTrust 2005, LNCS 3477, pp. 93-107.
  9. S. Ma, O. Wolfson, J. Lin. (2011) A Survey on Trust Management for Intelligent Transportation System. Proceedings of the 4th International Workshop on computational transportation science, IWCTS '11.
  10. W. Villegas, B. Ali, and M. Maheswaran "An Access Control Scheme for Protecting Personal Data." Sixth Annual Conference on Privacy, Security and Trust (PST 2008), October 2008, pp. 24-35, New Brunswick, Canada.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.