An Ad Hoc Trust Inference Model for Flexible and Controlled Information Sharing

1
An Ad Hoc Trust Inference Model for Flexible and
Controlled Information Sharing

• Danfeng (Daphne) Yao
• Rutgers University, New Brunswick

2
Motivation Hurricane Katrina 2005
3
Motivation contd

• Flexible authorization for cross-domain
  information sharing
• Traditional access control models are too strict
• Motivating scenario inadequate crisis
  communication among FEMA Coast Guard after
  Hurricane Katrina
• Need to efficiently share and utilize data
  generated in pervasive computing environments
• Sensor data, location, etc
• Challenge there is no central authority in this
  decentralized environment
• How does the resource owner adaptively makes
  access control decisions in response to emergency
  situations?

4
Decentralized trust management

• Digital identity and certificate
• Most of existing trust management models only
  work for static access control policies
• Policies are pre-defined and not adaptive to
  contexts
• Models cannot handle crisis and emergency
  situations
• Our approach ad hoc trust inference
• Allow the requester to specify emergency level
• Use fuzzy logic to integrate user information

Is Bob qualified to access DB?
Request for access
Bobs credential
Policies
Hospital
University
Bob
5
Broader implication of dynamic authorization
0
1
Deny
Allow

• Useful for flexible information sharing in
  mission-critical systems

JASON Report 04 studied the need for broader
access model
6
Our idea multimodal authorization

• Authorization decisions are made based on
  multiple factors including the identity, history,
  environment associated with a request.
• A requester is given multiple chances of proving
  trustworthiness, instead of a type of criteria.

7
Our ad hoc trust inference model

• We introduce attribute urgency level that is to
  be specified by the requester
• Urgency level defines how urgent a requester
  needs the information
• This attribute is self-claimed by the requester,
  e.g., urgency level very high
• Three attribute types identity type, history
  type, and environment type
• We develop a mechanism that combines various
  attribute values and outputs a numeric
  trustworthiness score for the requester
• Our design integrates an audit component in trust
  inference

8
Input attributes in our trust model
Attribute type Attribute name Authentication method Value range
Identity input Affiliation Credential 0, 1
History input Historic performance n/a 0, 1
Environment input Urgency level Audit mechanism 0, 1
Inference output Trustworthiness n/a 0, 1
How does the resource owner combine these
attribute values and obtain the trustworthiness
of a requester?
9
Advantages of ad hoc trust inference with fuzzy
logic

• Access policies are intrinsically flexible
• Supports continuous access decisions
• More flexible than binary access verdicts
• Access rules are intuitive to define
• Rules are individually defined for each attribute
  
• Can handle incomplete and imprecise inputs
• In decentralized environments, resource owners
  usually do not have complete and precise inputs

10
An example of membership function and degrees of
membership in fuzzy logic

• Earliness(time) 1, IF time 1200,
• (2000-time) / 800, IF 1200 lt
  time 2000,
• 0, IF time gt 2000

Time of the day Degree of earliness
0900 1
1400 0.75
1600 0.5
2200 0
11
Trust inference steps

• Define attributes from which trustworthiness may
  be inferred
• Define the fuzzy variables associated with each
  attribute
• For each fuzzy variable, define a membership
  function
• Define the output membership function for the
  output variable (i.e., degrees of
  trustworthiness)
• Define fuzzy rules to specify the logic used to
  infer the trustworthiness score from attributes

12
Example

• Bob from FEMA needs to access US Coast Guard
  (USCG) database for a rescue task
• Bob has a FEMA credential
• Urgency level very high
• USCG has prior interactions with FEMA
• Affiliation score high
• History very high
• USCG has also defined fuzzy membership functions
  and fuzzy rules
• Ad hoc trust inference computation produces a
  trustworthiness score for Bobs request
• E.g., trustworthiness very high

Note that the actual inference is done on crisp
inputs and outputs a crisp trust score. Please
refer to the paper for detailed computation.
13
Architecture
14
Audit

• Urgency level is self-claimed by the requester
  and may be inaccurate
• Audit process identifies cheating users
• A dishonest user may always claim high urgency
  level
• Audit process selectively examines and verifies
  the urgency levels associated past requesters
• Dishonest user and organization will have lower
  trustworthiness in the future transactions
• Lower affiliation score
• Lower history score

15
Conclusions and Future work

• Conclusions
• Crisis information sharing requires flexible
  trust inference mechanism
• We have presented an ad hoc trust inference
  framework that allows user-specified context
  input
• Future work
• To automate audit mechanism by analyzing public
  and sensory information
• To apply ad hoc trust inference mechanism to
  manage trust in Web 2.0 applications

16
Acknowledgements

• Professor James Garnett, Rutgers University
  Department of Public Policy and Administration
• Funding Rutgers University Computing
  Coordination Council (CCC) Pervasive Computing
  Initiative Grant