Repository logo
 

A vector model of trust to reason about trustworthiness of entities for developing secure systems

dc.contributor.authorChakraborty, Sudip, author
dc.contributor.authorRay, Indrajit, advisor
dc.contributor.authorRay, Indrakshi, advisor
dc.date.accessioned2024-03-13T18:50:57Z
dc.date.available2024-03-13T18:50:57Z
dc.date.issued2008
dc.description.abstractSecurity services rely to a great extent on some notion of trust. In all security mechanisms there is an implicit notion of trustworthiness of the involved entities. Security technologies like cryptographic algorithms, digital signature, access control mechanisms provide confidentiality, integrity, authentication, and authorization thereby allow some level of 'trust' on other entities. However, these techniques provide only a restrictive (binary) notion of trust and do not suffice to express more general concept of 'trustworthiness'. For example, a digitally signed certificate does not tell whether there is any collusion between the issuer and the bearer. In fact, without a proper model and mechanism to evaluate and manage trust, it is hard to enforce trust-based security decisions. Therefore there is a need for more generic model of trust. However, even today, there is no accepted formalism for specifying and reasoning with trust. Secure systems are built under the premise that concepts like "trustworthiness" or "trusted" are well understood, without agreeing to what "trust" means, what constitutes trust, how to measure it, how to compare or compose two trusts, and how a computed trust can help to make a security decision.
dc.description.abstractTo help answer such questions, this dissertation proposes a new vector model of trust. The model has several powerful features such as the ability to numerically evaluate different parameters influencing trust and to express different degrees of trust quantitatively, the ability to model the dependence of trust on time and on trust itself, and the formalization of trust comparison and trust composition operations. This work also formally defines trust context and relationships between different contexts and shows the importance of these in trust evaluation.
dc.description.abstractThe primary contributions of the dissertation are: (1) A flexible quantitative model of trust based on different parameters and providing multilevel of trust. The model is extensible as the parameters are independent to each other. Addition of new parameters does not affect the other features of the model. The model can evaluate trust even when all the relevant information to do so is not available. (2) Formalism of trust context and relationship between different contexts. This formalism can help to make reasoned decisions about trust in a context when no information is available for that context. These demonstrate that the model is useful in making fine-grained security related decisions in different security contexts where other mechanisms or other trust models are not sufficient to make such decisions.
dc.description.abstractThe effectiveness of the model is validated by estimating the relative trustworthiness of two security solutions (namely, cookie solution and filtering mechanism) to denial of service attacks in an e-commerce platform and comparing the outcome with the result known from practice. Trust-based decision making in different security scenarios are also discussed to show potential application of the model.
dc.format.mediumborn digital
dc.format.mediumdoctoral dissertations
dc.identifierETDF_Chakraborty_2008_3332727.pdf
dc.identifier.urihttps://hdl.handle.net/10217/237635
dc.languageEnglish
dc.language.isoeng
dc.publisherColorado State University. Libraries
dc.relation.ispartof2000-2019
dc.rightsCopyright and other restrictions may apply. User is responsible for compliance with all applicable laws. For information about copyright law, please see https://libguides.colostate.edu/copyright.
dc.rights.licensePer the terms of a contractual agreement, all use of this item is limited to the non-commercial use of Colorado State University and its authorized users.
dc.subjectsecure systems
dc.subjectsecurity
dc.subjecttrust
dc.subjecttrustworthiness
dc.subjectcomputer science
dc.titleA vector model of trust to reason about trustworthiness of entities for developing secure systems
dc.typeText
dcterms.rights.dplaThis Item is protected by copyright and/or related rights (https://rightsstatements.org/vocab/InC/1.0/). You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).
thesis.degree.disciplineComputer Science
thesis.degree.grantorColorado State University
thesis.degree.levelDoctoral
thesis.degree.nameDoctor of Philosophy (Ph.D.)

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
ETDF_Chakraborty_2008_3332727.pdf
Size:
2.82 MB
Format:
Adobe Portable Document Format