World Wide Web Journal - Special issue: Web security: a matter of trust
Referee: trust management for Web applications
World Wide Web Journal - Special issue: Web security: a matter of trust
The right type of trust for distributed systems
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Immunizing online reputation reporting systems against unfair ratings and discriminatory behavior
Proceedings of the 2nd ACM conference on Electronic commerce
Communications of the ACM
Component Software: Beyond Object-Oriented Programming
Component Software: Beyond Object-Oriented Programming
A logic for uncertain probabilities
International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems
Making Components Contract Aware
Computer
Discretionary Enforcement of Electronic Contracts
EDOC '02 Proceedings of the 6th International Enterprise Distributed Object Computing Conference
Certifying High Assurance Software
COMPSAC '98 Proceedings of the 22nd International Computer Software and Applications Conference
Valuation of Trust in Open Networks
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
State-Based Security Policy Enforcement in Component-Based E-Commerce Applications
I3E '02 Proceedings of the IFIP Conference on Towards The Knowledge Society: E-Commerce, E-Business, E-Government
Trust-Adapted Enforcement of Security Policies in Distributed Component-Structured Applications
ISCC '01 Proceedings of the Sixth IEEE Symposium on Computers and Communications
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Relying Party Credentials Framework
Electronic Commerce Research
Cryptographic support for secure logs on untrusted machines
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Managing Trustworthiness in Component-based Embedded Systems
Electronic Notes in Theoretical Computer Science (ENTCS)
Trust4All: a trustworthy middleware platform for component software
AIC'07 Proceedings of the 7th Conference on 7th WSEAS International Conference on Applied Informatics and Communications - Volume 7
A methodology for trust control mode prediction
ISP'06 Proceedings of the 5th WSEAS International Conference on Information Security and Privacy
Two-level trust-based decision model for information assurance in a virtual organization
Decision Support Systems
A comprehensive trust model for component software
Proceedings of the 4th international workshop on Security, privacy and trust in pervasive and ubiquitous computing
An adaptive trust control model for a trustworthy component software platform
ATC'07 Proceedings of the 4th international conference on Autonomic and Trusted Computing
Hi-index | 0.00 |
Software component technology supports the cost-effective design of applications suited to the particular needs of the application owners. This design method, however, causes two new security risks. At first, a malicious component may attack the application incorporating it. At second, an application owner may incriminate a component designer falsely for any damage in his application which in reality was caused by somebody else. The first risk is addressed by security wrappers controlling the behavior at the component interface at runtime and enforcing certain security policies in order to protect the other components of the application against attacks from the monitored component. Moreover, we use trust management to reduce the significant performance overhead of the security wrappers. Here, the kind and intensity of monitoring a component is adjusted according to the experience of other users with this component. Therefore a so-called trust information service collects positive and negative experience reports of the component from various users. Based on the reports, special trust values are computed which represent the belief or disbelief of all users in a component resp. the uncertainty about it. The wrappers adjust the intensity of monitoring a component dependent on its current trust value. In this paper, we focus on the second security risk. To prevent that a component user sends wrong reports resulting in a bad trust value of the component, which therefore would be wrongly incriminated, the trust information service stores also trust values of the component users. The trust values are based on valuations resulting from validity checks of the experience reports sent by the component users. Therefore an experience report is tested for consistency with a log of the component interface behavior which is supplied by the component user together with the report. Moreover, the log is checked for being correct as well. By application of Jøsang's subjective logic we make the degree, to which the experience reports of a component user are considered to compute the trust value of a component, conditional upon the user's own trust value. Thus, users with a bad reputation cannot influence the trust value of a component since their experience reports are discounted.