Title: An Ad Hoc Trust Inference Model for Flexible and Controlled Information Sharing
1An Ad Hoc Trust Inference Model for Flexible and
Controlled Information Sharing
- Danfeng (Daphne) Yao
- Rutgers University, New Brunswick
2Motivation Hurricane Katrina 2005
3Motivation contd
- Flexible authorization for cross-domain
information sharing - Traditional access control models are too strict
- Motivating scenario inadequate crisis
communication among FEMA Coast Guard after
Hurricane Katrina - Need to efficiently share and utilize data
generated in pervasive computing environments - Sensor data, location, etc
- Challenge there is no central authority in this
decentralized environment - How does the resource owner adaptively makes
access control decisions in response to emergency
situations?
4Decentralized trust management
- Digital identity and certificate
- Most of existing trust management models only
work for static access control policies - Policies are pre-defined and not adaptive to
contexts - Models cannot handle crisis and emergency
situations - Our approach ad hoc trust inference
- Allow the requester to specify emergency level
- Use fuzzy logic to integrate user information
Is Bob qualified to access DB?
Request for access
Bobs credential
Policies
Hospital
University
Bob
5Broader implication of dynamic authorization
0
1
Deny
Allow
- Useful for flexible information sharing in
mission-critical systems
JASON Report 04 studied the need for broader
access model
6Our idea multimodal authorization
- Authorization decisions are made based on
multiple factors including the identity, history,
environment associated with a request. - A requester is given multiple chances of proving
trustworthiness, instead of a type of criteria.
7Our ad hoc trust inference model
- We introduce attribute urgency level that is to
be specified by the requester - Urgency level defines how urgent a requester
needs the information - This attribute is self-claimed by the requester,
e.g., urgency level very high - Three attribute types identity type, history
type, and environment type - We develop a mechanism that combines various
attribute values and outputs a numeric
trustworthiness score for the requester - Our design integrates an audit component in trust
inference
8Input attributes in our trust model
Attribute type Attribute name Authentication method Value range
Identity input Affiliation Credential 0, 1
History input Historic performance n/a 0, 1
Environment input Urgency level Audit mechanism 0, 1
Inference output Trustworthiness n/a 0, 1
How does the resource owner combine these
attribute values and obtain the trustworthiness
of a requester?
9Advantages of ad hoc trust inference with fuzzy
logic
- Access policies are intrinsically flexible
- Supports continuous access decisions
- More flexible than binary access verdicts
- Access rules are intuitive to define
- Rules are individually defined for each attribute
- Can handle incomplete and imprecise inputs
- In decentralized environments, resource owners
usually do not have complete and precise inputs
10An example of membership function and degrees of
membership in fuzzy logic
- Earliness(time) 1, IF time 1200,
- (2000-time) / 800, IF 1200 lt
time 2000, - 0, IF time gt 2000
Time of the day Degree of earliness
0900 1
1400 0.75
1600 0.5
2200 0
11Trust inference steps
- Define attributes from which trustworthiness may
be inferred - Define the fuzzy variables associated with each
attribute - For each fuzzy variable, define a membership
function - Define the output membership function for the
output variable (i.e., degrees of
trustworthiness) - Define fuzzy rules to specify the logic used to
infer the trustworthiness score from attributes
12Example
- Bob from FEMA needs to access US Coast Guard
(USCG) database for a rescue task - Bob has a FEMA credential
- Urgency level very high
- USCG has prior interactions with FEMA
- Affiliation score high
- History very high
- USCG has also defined fuzzy membership functions
and fuzzy rules - Ad hoc trust inference computation produces a
trustworthiness score for Bobs request - E.g., trustworthiness very high
Note that the actual inference is done on crisp
inputs and outputs a crisp trust score. Please
refer to the paper for detailed computation.
13Architecture
14Audit
- Urgency level is self-claimed by the requester
and may be inaccurate - Audit process identifies cheating users
- A dishonest user may always claim high urgency
level - Audit process selectively examines and verifies
the urgency levels associated past requesters - Dishonest user and organization will have lower
trustworthiness in the future transactions - Lower affiliation score
- Lower history score
15Conclusions and Future work
- Conclusions
- Crisis information sharing requires flexible
trust inference mechanism - We have presented an ad hoc trust inference
framework that allows user-specified context
input - Future work
- To automate audit mechanism by analyzing public
and sensory information - To apply ad hoc trust inference mechanism to
manage trust in Web 2.0 applications
16Acknowledgements
- Professor James Garnett, Rutgers University
Department of Public Policy and Administration - Funding Rutgers University Computing
Coordination Council (CCC) Pervasive Computing
Initiative Grant