A vector model of trust to reason about trustworthiness of entities for developing secure systems
| dc.contributor.author | Chakraborty, Sudip, author | |
| dc.contributor.author | Ray, Indrajit, advisor | |
| dc.contributor.author | Ray, Indrakshi, advisor | |
| dc.date.accessioned | 2024-03-13T18:50:57Z | |
| dc.date.available | 2024-03-13T18:50:57Z | |
| dc.date.issued | 2008 | |
| dc.description.abstract | Security services rely to a great extent on some notion of trust. In all security mechanisms there is an implicit notion of trustworthiness of the involved entities. Security technologies like cryptographic algorithms, digital signature, access control mechanisms provide confidentiality, integrity, authentication, and authorization thereby allow some level of 'trust' on other entities. However, these techniques provide only a restrictive (binary) notion of trust and do not suffice to express more general concept of 'trustworthiness'. For example, a digitally signed certificate does not tell whether there is any collusion between the issuer and the bearer. In fact, without a proper model and mechanism to evaluate and manage trust, it is hard to enforce trust-based security decisions. Therefore there is a need for more generic model of trust. However, even today, there is no accepted formalism for specifying and reasoning with trust. Secure systems are built under the premise that concepts like "trustworthiness" or "trusted" are well understood, without agreeing to what "trust" means, what constitutes trust, how to measure it, how to compare or compose two trusts, and how a computed trust can help to make a security decision. | |
| dc.description.abstract | To help answer such questions, this dissertation proposes a new vector model of trust. The model has several powerful features such as the ability to numerically evaluate different parameters influencing trust and to express different degrees of trust quantitatively, the ability to model the dependence of trust on time and on trust itself, and the formalization of trust comparison and trust composition operations. This work also formally defines trust context and relationships between different contexts and shows the importance of these in trust evaluation. | |
| dc.description.abstract | The primary contributions of the dissertation are: (1) A flexible quantitative model of trust based on different parameters and providing multilevel of trust. The model is extensible as the parameters are independent to each other. Addition of new parameters does not affect the other features of the model. The model can evaluate trust even when all the relevant information to do so is not available. (2) Formalism of trust context and relationship between different contexts. This formalism can help to make reasoned decisions about trust in a context when no information is available for that context. These demonstrate that the model is useful in making fine-grained security related decisions in different security contexts where other mechanisms or other trust models are not sufficient to make such decisions. | |
| dc.description.abstract | The effectiveness of the model is validated by estimating the relative trustworthiness of two security solutions (namely, cookie solution and filtering mechanism) to denial of service attacks in an e-commerce platform and comparing the outcome with the result known from practice. Trust-based decision making in different security scenarios are also discussed to show potential application of the model. | |
| dc.format.medium | born digital | |
| dc.format.medium | doctoral dissertations | |
| dc.identifier | ETDF_Chakraborty_2008_3332727.pdf | |
| dc.identifier.uri | https://hdl.handle.net/10217/237635 | |
| dc.language | English | |
| dc.language.iso | eng | |
| dc.publisher | Colorado State University. Libraries | |
| dc.relation.ispartof | 2000-2019 | |
| dc.rights | Copyright and other restrictions may apply. User is responsible for compliance with all applicable laws. For information about copyright law, please see https://libguides.colostate.edu/copyright. | |
| dc.rights.license | Per the terms of a contractual agreement, all use of this item is limited to the non-commercial use of Colorado State University and its authorized users. | |
| dc.subject | secure systems | |
| dc.subject | security | |
| dc.subject | trust | |
| dc.subject | trustworthiness | |
| dc.subject | computer science | |
| dc.title | A vector model of trust to reason about trustworthiness of entities for developing secure systems | |
| dc.type | Text | |
| dcterms.rights.dpla | This Item is protected by copyright and/or related rights (https://rightsstatements.org/vocab/InC/1.0/). You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). | |
| thesis.degree.discipline | Computer Science | |
| thesis.degree.grantor | Colorado State University | |
| thesis.degree.level | Doctoral | |
| thesis.degree.name | Doctor of Philosophy (Ph.D.) |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- ETDF_Chakraborty_2008_3332727.pdf
- Size:
- 2.82 MB
- Format:
- Adobe Portable Document Format