July 14 th SAM 2008 Las Vegas, NV An Ad Hoc Trust Inference Model for Flexible and Controlled Information Sharing Danfeng (Daphne) Yao Rutgers University,

Slides:

Advertisements

Similar presentations

Modelling with expert systems. Expert systems Modelling with expert systems Coaching modelling with expert systems Advantages and limitations of modelling.

Advertisements

The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.

The 20th International Conference on Software Engineering and Knowledge Engineering (SEKE2008) Department of Electrical and Computer Engineering

Smart Shopper A Consumer Decision Support System Using Type-2 Fuzzy Logic Systems Ling Gu 2003 Fall CSc8810.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.

Report on Attribute Certificates By Ganesh Godavari.

Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Gabriel Tsang Supervisor: Jian Yang.  Initial Problem  Related Work  Approach  Outcome  Conclusion  Future Work 2.

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.

Towards Security and Privacy for Pervasive Computing Author ： Roy Campbell,Jalal Al-Muhtadi, Prasad Naldurg,Geetanjali Sampemane M. Dennis Mickunas.(2002)

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Fuzzy Expert System.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

1 Chapter 18 Fuzzy Reasoning. 2 Chapter 18 Contents (1) l Bivalent and Multivalent Logics l Linguistic Variables l Fuzzy Sets l Membership Functions l.

Chapter 7 Using Data Flow Diagrams

Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 Florina Almenárez, Andrés Marín, Daniel Díaz, Juan Sánchez

Extended Role Based Access Control – Based Design and Implementation for a Secure Data Warehouse Dr. Bhavani Thuraisingham Srinivasan Iyer.

Smart Learning Services Based on Smart Cloud Computing

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

Chapter 10: Authentication Guide to Computer Network Security.

A Human-centric framework for universal access Canadian Undergraduate Software Engineering Conference March 7-9, 2002 Jacob Slonim Dalhousie.

P2P Systems Meet Mobile Computing A Community-Oriented Software Infrastructure for Mobile Social Applications Cristian Borcea *, Adriana Iamnitchi + *

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

A Research Agenda for Accelerating Adoption of Emerging Technologies in Complex Edge-to-Enterprise Systems Jay Ramanathan Rajiv Ramnath Co-Directors,

Functional Model Workstream 1: Functional Element Development.

DBS201: DBA/DBMS Lecture 13.

Annual Workshop February 5th, A Formal Approach to Analyze Privacy in Electronic Services MSEC Koen Decroix [Koen Decroix – MSEC - KU Leuven]

Digital Object Architecture

USING METADATA TO FACILITATE UNDERSTANDING AND CERTIFICATION ABOUT THE PRESERVATION PROPERTIES OF A PRESERVATION SYSTEM Jewel H. Ward, Hao Xu, Mike C.

Sanzi-1 CSE5 810 CSE5810: Intro to Biomedical Informatics Dynamically Generated Adaptive Credentials for Health Information Exchange Eugene Sanzi.

Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, October 2002 Marco Casassa Mont Richard.

Information flow-based Risk Assessment in Access Control Systems

Philosophy of IR Evaluation Ellen Voorhees. NIST Evaluation: How well does system meet information need? System evaluation: how good are document rankings?

Chapter 6: Foundations of Business Intelligence - Databases and Information Management Dr. Andrew P. Ciganek, Ph.D.

RECALL THE MAIN COMPONENTS OF KIM Functional User Interfaces We just looked at these Reference Implementation We will talk about these later Service Interface.

Model-View-Controller Ku-Yaw Chang Assistant Professor, Department of Computer Science and Information Engineering Da-Yeh University.

Computer Science and Engineering 1 Service-Oriented Architecture Security 2.

SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.

Chapter 1 : Introduction §Purpose of Database Systems §View of Data §Data Models §Data Definition Language §Data Manipulation Language §Transaction Management.

PERVASIVE COMPUTING MIDDLEWARE BY SCHIELE, HANDTE, AND BECKER A Presentation by Nancy Shah.

©Silberschatz, Korth and Sudarshan1.1Database System Concepts Chapter 1: Introduction Purpose of Database Systems View of Data Data Models Data Definition.

1 of 27 How to invest in Information for Development An Introduction Introduction This question is the focus of our examination of the information management.

Page 1 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 Context-based Coalition Access Control for Spontaneous Networking.

Decentralized authorization and data security in web content delivery * Danfeng Yao (Brown University, USA) Yunhua Koglin (Purdue University, USA) Elisa.

SecPAL Presented by Daniel Pechulis CS5204 – Operating Systems1.

M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proc. of the 17 th Symposium on Security and Privacy, pages IEEE Computer.

Lecture 9-1 : Intro. to UML (Unified Modeling Language)

Approaching Fine-grain Access Control for Distributed Biomedical Databases within Virtual Environments Onur Kalyoncu, Yi Pan, Matthias Assel High Performance.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September Integrating Policy with Applications.

Approaches for Ensuring Security and Privacy in Unplanned Ubiquitous Computing Environments V. Ramakrishna, Kevin Eustice, Matthew Schnaider Laboratory.

David Chiu and Gagan Agrawal Department of Computer Science and Engineering The Ohio State University 1 Supporting Workflows through Data-driven Service.

Secure middleware patterns E.B.Fernandez. Middleware security Architectures have been studied and several patterns exist Security aspects have not been.

Computer Science and Engineering 1 Mobile Computing and Security.

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

1 An infrastructure for context-awareness based on first order logic 송지수 ISI LAB.

Databases Salihu Ibrahim Dasuki (PhD) CSC102 INTRODUCTION TO COMPUTER SCIENCE.

IT Monitoring System for SF and CF - Slovakia W ORKSHOP OF V4+S L. COUNTRIES ON THE MONITORING SYSTEMS M AY 2012, P RAGUE.

ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.

DDMAC: Dynamic Delayed Medium Access Control (MAC) Protocol with Fuzzy Technique for Wireless Body Area Network By: Ido Polak Netanel Ring.

Designing a Federated Testbed as a Distributed System Robert Ricci, Jonathon Duerig, Gary Wong, Leigh Stoller, Srikanth Chikkulapelly, Woojin Seok 1.

IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.

Trust Profiling for Adaptive Trust Negotiation

Presented by: Saurav Kumar Bengani

THE COMPELLING NEED FOR DATA WAREHOUSING

MANAGING DATA RESOURCES

Alerts for Healthcare Process and Data Integration

Presentation transcript:

July 14 th SAM 2008 Las Vegas, NV An Ad Hoc Trust Inference Model for Flexible and Controlled Information Sharing Danfeng (Daphne) Yao Rutgers University, New Brunswick

Motivation: Hurricane Katrina 2005

Motivation cont’d Flexible authorization for cross-domain information sharing –Traditional access control models are too strict –Motivating scenario: inadequate crisis communication among FEMA & Coast Guard after Hurricane Katrina Need to efficiently share and utilize data generated in pervasive computing environments –Sensor data, location, etc Challenge: there is no central authority in this decentralized environment –How does the resource owner adaptively makes access control decisions in response to emergency situations?

Decentralized trust management Digital identity and certificate Most of existing trust management models only work for static access control policies –Policies are pre-defined and not adaptive to contexts –Models cannot handle crisis and emergency situations Our approach: ad hoc trust inference –Allow the requester to specify emergency level –Use fuzzy logic to integrate user information Request for access Bob Is Bob qualified to access DB? Policies Bob’s credential Hospital University

Broader implication of dynamic authorization Useful for flexible information sharing in mission-critical systems Useful for flexible information sharing in mission-critical systems 0 Deny 1 Allow [JASON Report 04] studied the need for broader access model

Our idea: multimodal authorization Authorization decisions are made based on multiple factors including the identity, history, environment associated with a request. A requester is given multiple chances of proving trustworthiness, instead of a type of criteria.

Our ad hoc trust inference model We introduce attribute urgency level that is to be specified by the requester –Urgency level –Urgency level defines how urgent a requester needs the information –This attribute is self-claimed by the requester, e.g., urgency level = very high –Three attribute types: identity type, history type, and environment type We develop a mechanism that combines various attribute values and outputs a numeric trustworthiness score for the requester Our design integrates an audit component in trust inference

Input attributes in our trust model Attribute type Attribute name Authentication method Value range Identity input AffiliationCredential [0, 1] History input Historic performance n/a [0, 1] Environment input Urgency level Audit mechanism [0, 1] How does the resource owner combine these attribute values and obtain the trustworthiness of a requester? Inference output Trustworthinessn/a [0, 1]

Access policies are intrinsically flexible –Supports continuous access decisions –More flexible than binary access verdicts Access rules are intuitive to define –Rules are individually defined for each attribute Can handle incomplete and imprecise inputs –In decentralized environments, resource owners usually do not have complete and precise inputs Advantages of ad hoc trust inference with fuzzy logic

An example of membership function and degrees of membership in fuzzy logic Earliness(time) = { 1, IF time ≤ 1200, (2000−time) / 800, IF 1200 < time ≤ 2000, 0, IF time > 2000 } Time of the day Degree of earliness 09:001 14: : :000

Trust inference steps Define attributes from which trustworthiness may be inferred Define the fuzzy variables associated with each attribute For each fuzzy variable, define a membership function Define the output membership function for the output variable (i.e., degrees of trustworthiness) Define fuzzy rules to specify the logic used to infer the trustworthiness score from attributes

Example Bob from FEMA needs to access US Coast Guard (USCG) database for a rescue task –Bob has a FEMA credential –Urgency level = very high USCG has prior interactions with FEMA –Affiliation score = high –History = very high –USCG has also defined fuzzy membership functions and fuzzy rules Ad hoc trust inference computation produces a trustworthiness score for Bob’s request –E.g., trustworthiness = very high Note that the actual inference is done on crisp inputs and outputs a crisp trust score. Please refer to the paper for detailed computation.

Architecture

Audit Urgency level is self-claimed by the requester and may be inaccurate Audit process identifies cheating users –A dishonest user may always claim high urgency level Audit process selectively examines and verifies the urgency levels associated past requesters Dishonest user and organization will have lower trustworthiness in the future transactions –Lower affiliation score –Lower history score

Conclusions and Future work Conclusions –Crisis information sharing requires flexible trust inference mechanism –We have presented an ad hoc trust inference framework that allows user-specified context input Future work –To automate audit mechanism by analyzing public and sensory information –To apply ad hoc trust inference mechanism to manage trust in Web 2.0 applications

Acknowledgements Professor James Garnett, Rutgers University Department of Public Policy and Administration Funding: Rutgers University Computing Coordination Council (CCC) Pervasive Computing Initiative Grant