Role-Based Access Control Models
Computer
The Eigentrust algorithm for reputation management in P2P networks
WWW '03 Proceedings of the 12th international conference on World Wide Web
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Support Vector Machines for Pattern Classification (Advances in Pattern Recognition)
Support Vector Machines for Pattern Classification (Advances in Pattern Recognition)
TrustGuard: countering vulnerabilities in reputation management for decentralized overlay networks
WWW '05 Proceedings of the 14th international conference on World Wide Web
A survey of trust and reputation systems for online service provision
Decision Support Systems
Hi-index | 0.00 |
An organization consists of many resources and entities who want to access those resources. Not all entities are granted full access rights to every resource, so there must be a Trust Management System (TMS) in place to enforce access rights. In this paper, we present a new Hybrid Trust Management System (HTMS) that combines Role Based Trust Management (RBTM) with Reputation Systems (RS). At any point in time, the privilege level of an entity is determined not only by its role in the system, but also by its reputation score, which in turn is based on its behavior. If a privileged node becomes compromised and conducts several malicious or risky transactions, its privilege level is quickly reduced to limit its access to resources and minimize the damage it can inflict further. The system uses a global, network-wide perspective in order to thwart global attacks. Such fine-grained variations of access control and dynamically assigning privilege levels would be very difficult to accomplish manually. We evaluated HTMS by comparing an implementation of it against an ideal response. We show that HTMS performs very close to the ideal if we can accurately estimate the proportion of malicious nodes in the network. We suggest using sampling to estimate this proportion. However, even if this estimate is not accurate, the results are still much better than using RBTM by itself.