Computer Security: Chapter 4 - Introduction to Trust in Computing

4. Introduction to Trust in Computing* Presented by: Prof. Bharat Bhargava Department of Computer Sciences and Center for Education and Research in Information Assurance and Security (CERIAS) Purdue University with contributions from Prof. Leszek Lilien Western Michigan University and CERIAS, Purdue University * Supported in part by NSF grants IIS­0209059, IIS­0242840, ANI­0219110, and Cisco URP grant. Introduction to Trust Outline 1) Trust in Social & Computing Systems 2) Selected Trust Characteristics 3) Selected Research Issues in Trust 4) Avoiding Traps of Trust Complexity 5) Trust and Privacy incl. Trading Privacy Loss for Trust Gain 6) Trust & Pervasive Computing 3/23/04 2 1) Trust in Social & Comput’g Systems (1) Trust [The American Heritage Dictionary of the English Language, 4th ed., Houghton Mifflin, 2000 ] = “reliance on the integrity, ability, or character of a person or thing” Trust is pervasive in social systems Constantly used it in interactions among: People / Organizations / Animals / Artifacts (sic!) E.g., “Can I trust my car on this long vacation trip?” Used instinctively and implicitly in closed and static systems Example: In a small village – everybody knows everybody Villagers instinctively use their knowledge or stereotypes to trust/distrust others Used consciously and explicitly in open or dynamic systems Example: In a big city ­ explicit rules of behavior in diverse trust relationships 3/23/04 E.g., Build up trust by asking friends or recommendation services for a dependable plumber 3 1) Trust in Social & Computing Systems (2) Establishing Trust by Interactions Social or computer­based interactions: From a simple transaction to a complex collaboration Adequate degree of trust required for interactions How to establish initial trust? Build up trust in interactions with strangers or known partners Human or artificial partners Offline or online Trust Degradation and Recovery Identification and isolation of violators Dynamic trust updated according to interaction histories and recommendations Fast degradation of trust and its slow recovery This defends against smart violators 3/23/04 4 1) Trust in Social & Computing Systems (3) Trust is pervasive & beneficial in complex social systems ­ Why not exploit pervasive trust as a paradigm in computing? Use it also in non­pervasive computing (not a contradiction!) Trust is already common, used extensively in computing systems Although usually subconsciously Examples of users’ trust­based decisions: Search for reputable ISPs / e­banking sites Ignoring emails from “Nigerians” asking for transferring millions of dollars But should be even more pervasive in computing systems Challenge for exploiting trust in computing: Extending trust­based solutions to: 1) Artificial entities (such as software agents or subsystems) 2) Subconscious choices made by human users’ 3/23/04 5 ... - tailieumienphi.vn