Authentication in distributed systems: theory and practice
SOSP '91 Proceedings of the thirteenth ACM symposium on Operating systems principles
Authentication metric analysis and design
ACM Transactions on Information and System Security (TISSEC)
Authoritative sources in a hyperlinked environment
Journal of the ACM (JACM)
A random graph model for massive graphs
STOC '00 Proceedings of the thirty-second annual ACM symposium on Theory of computing
Valuation of Trust in Open Networks
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Modelling a Public-Key Infrastructure
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
A Subjective Metric of Authentication
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
The Eigentrust algorithm for reputation management in P2P networks
WWW '03 Proceedings of the 12th international conference on World Wide Web
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Propagation of trust and distrust
Proceedings of the 13th international conference on World Wide Web
Beyond proof-of-compliance: security analysis in trust management
Journal of the ACM (JACM)
Access Control Systems: Security, Identity Management and Trust Models
Access Control Systems: Security, Identity Management and Trust Models
The Structure and Dynamics of Networks: (Princeton Studies in Complexity)
The Structure and Dynamics of Networks: (Princeton Studies in Complexity)
Google's PageRank and Beyond: The Science of Search Engine Rankings
Google's PageRank and Beyond: The Science of Search Engine Rankings
Simplification and analysis of transitive trust networks
Web Intelligence and Agent Systems
Attack-resistant trust metrics for public key certification
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Security and Trust in IT Business Outsourcing: a Manifesto
Electronic Notes in Theoretical Computer Science (ENTCS)
Introduction to Information Retrieval
Introduction to Information Retrieval
Taxonomy of trust: Categorizing P2P reputation systems
Computer Networks: The International Journal of Computer and Telecommunications Networking - Management in peer-to-peer systems
Network as a computer: ranking paths to find flows
CSR'08 Proceedings of the 3rd international conference on Computer science: theory and applications
Quantifying and qualifying trust: spectral decomposition of trust networks
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Hi-index | 0.02 |
Trust is often conveyed through delegation, or through recommendation. This makes the trust authorities, who process and publish trust recommendations, into an attractive target for attacks and spoofing. In some recent empiric studies, this was shown to lead to a remarkable phenomenon of adverse selection : a greater percentage of unreliable or malicious web merchants were found among those with certain types of trust certificates, then among those without. While such findings can be attributed to a lack of diligence in trust authorities, or even to conflicts of interest, our analysis of trust dynamics suggests that public trust networks would probably remain vulnerable even if trust authorities were perfectly diligent. The reason is that the process of trust building, if trust is not breached too often, naturally leads to power-law distributions: the rich get richer, the trusted attract more trust. The evolutionary processes with such distributions, ubiquitous in nature, are known to be robust with respect to random failures, but vulnerable to adaptive attacks. We recommend some ways to decrease the vulnerability of trust building, and suggest some ideas for exploration.