Trust Managementfor Pervasive Computing Environments

We present a scheme for highlighting the trust issues of merit within pervasive computing, based on an analysis of scenarios from the healthcare domain. The first scenario helps us define an analysis grid, where the human and technical aspects of trust are considered. The analysis is applied to a second scenario to examine its suitability. We then discuss the various categories of the analysis grid in the light of this examination and of the literature on the subject of trust. We believe that this approach could form the basis of a generalised trust analysis framework to support the design, procurement and use of pervasive computing.

There are myriad ways in which people benefit from systems in cyberspace that support such things as positive social interactions, electronic commerce, and automated decision making. However, harm to people and organizations can also occur, through losing privacy, fostering crime and fraud, spreading misinformation, and challenging or violating many ethical standards. Broadly characterized, systems functioning in cyberspace involve people, data, devices, computational resources, controls, and communication infrastructure. As a concept, trust refers to the state of belief in the competence of an entity to act dependably, reliably and securely within a specific situation or context. Trust is a social construct. An acceptable level of trust is essential to meaningful or satisfactory engagement and interaction among people, and, by extension, among any and all cyberspace systems. Building on the ability for entities to monitor data and drive models within contexts of how people engage w...

2009

From choosing the daily lunch menu to buying or selling stock options, decisions have to be made every day. In general, due to incomplete information, making a decision carries a risk. Typically, such risks are mitigated through risk management.

—Pervasive Computing is one of the latest and more advanced paradigms currently available in the computers arena. Its ability to provide the distribution of computational services within environments where people live, work or socialize leads to make issues such as privacy, trust and identity more challenging compared to traditional computing environments. In this work we review these general issues and propose a Pervasive Computing architecture based on a simple but effective trust model that is better able to cope with them. The proposed architecture combines some Artificial Intelligence techniques to achieve close resemblance with human-like decision making. Accordingly, Apriori algorithm is first used in order to extract the behavioral patterns adopted from the users during their network interactions. Naïve Bayes classifier is then used for final decision making expressed in term of probability of user trustworthiness. To validate our approach we applied it to some typical ubiquitous computing scenarios. The obtained results demonstrated the usefulness of such approach and the competiveness against other existing ones.

2008

The advent of the internet has resulted in the exponential growth in availability of information as well as the sources from which this information can be gathered. Information has become an asset as well as a vital tool for decision making processes. In order to gain new information, a business is often required to give some information, it is already in possession of, up. This information could be of a sensitive nature and a business needs to know if the source it is exchanging information with can be trusted. Trust models have been proposed to solve this dilemma. Trust models use logical rules to analyze the nature of interactions. An agent, which is a computer running a trust model, analyzes other agents it comes into contact with and determines a trust level. The trust level is a single value that controls all interactions occurring between participating agents. Values above a certain threshold are seen as trusted and values below are seen as distrusted. The problem is that these trust models were found to be wide and varied, with no common set of features between them, making it difficult to determine which models address which particular issues of the concept of trust. This paper proposes a set of criteria that is to be used to evaluate various trust models in order to identify the issues addressed by specific models. Four main categories into which these criteria fall have been identified. Due to space constraints one of these is discussed in detail followed by an example analysis of a trust model in order to illustrate how these criteria are used during trust model evaluation.

IEEE Security & Privacy Magazine, 2011

In this paper we describe ongoing work into the development of a trust-based architecture aimed at increasing security and user confidence in pervasive computing systems. We begin by describing the issue of security and privacy in pervasive computing systems before introducing the notion of Role Based Access Control. Such access control methods depend on strict policies that can lead to a loss of flexibility and usability. To overcome this we show how by employing the concept of trust and reputation it is possible to strike a better balance between usability and security. This work is ongoing but we present an architectural diagram showing our novel Trust & Role Based Access control system together with reporting on initial results. Finally we discuss how this work is consistent with our wider approaches to intelligent environments such as evidential learning, promiscuous association, end-user programming and discuss the future directions we are planning.

2002

The technological challenges of securing networks are great, as recently witnessed in widespread denial of service and virus attacks. The human reaction to these attacks may be either a loss of trust or a willingness to tolerate increasing risk having weathered one assault. Examining human and computer interaction with a focus on evaluations the human response to loss of trust is a key part of the search for more secure networks. The success of current efforts to design appropriate security mechanisms depends as much on an understanding of human extensions of trust to computers as it does on an understanding of underlying mathematics. However, the former has not been sufficiently examined. In this work we survey the findings in social psychology and philosophy with respect to trust. We introduce three hypotheses that remain unanswered with respect to the manner in which humans react to computers. We discuss potential design revisions in light of findings from other disciplines. Then we conclude by noting that research which empowers users in order to be their own security manager may be based on a fundamentally flawed view of human-computer interaction. We close by encouraging designers of computer security systems to examine the humans, which these systems are intended to empower, and recommend that any security system be built on the basis of understanding of human trust provided by the social sciences.

In this book our effort is to model and rationalize the trust notion trying to catch all the different and varying aspects of this broad concept. In fact, there are today many studies, models, simulations and experiments trying to integrate trust in the technological infrastructures: The most advanced disciplines in Human-) are forced to cope with trust. But why does trust seem to be so important in the advanced technological contexts? Is it necessary to involve such a complex, fuzzy and human related concept? Is it not sufficient to consider just more technical and simply applicable notions like security? To give a satisfactory response to these questions we have to evaluate which kind of network infrastructures are taken into consideration in the new communication and interaction scenarios, which kind of peculiar features should have the artificial agents we have to cope with, which kind of computing is going to invade (pervade) the future physical environments? In fact, trust becomes fundamental in the open multi-agent systems where the agents (which could be both human beings and artificial agents owned by other human stakeholders) can (more or less freely) enter and leave the system. The evolution of the interaction and communication technological paradigms toward human style, is, on the one hand, a really difficult task to realize, but, on the other hand, it potentially increases the people accessing to (and fruitful in using) the new technologies. In fact, in the history of their evolution humans have learned to cooperate in many ways and environments; on different tasks; and to achieve different goals. They have intentionally realized (or they were spontaneously emerging) diverse cooperative constructs (purely interactional, technical-legal, organizational, socio-cognitive, etc.) for establishing trust among them. It is now necessary to remodel the trust concept in the new current and future scenarios (new channels and infrastructures of communication; new artificial entities, new environments) and the efforts in the previously cited scientific fields (HCI, MAS, DAI, NCS) are trying to give positive answers to these main requirements. Trust Theory: A Socio-Cognitive and Computational Model Cristiano Castelfranchi and Rino Falcone

The complexity of distributed systems continuously increases and their usage is widened into a variety of contexts. Users do several activities through these systems like sharing data, chatting, buying online, etc. Persons, hardware and software are involved in activities so we consider a system as the representation of two worlds, the social and the digital worlds. Trust plays an important role in helping users to analyze the danger or risk they incur when doing an activity. Research on trust notions has focused on the social entities where a trustee is a person or an organization of persons. Recent research analyzes trust toward the digital world i.e., technologies. We consider that having these two building blocks is not enough for a user to decide if she can confidently do an activity in a particular system. Such decision requires to consider the system organization as a whole because it determines whom and what would be involved in a user activity and how. This article focuses on this problem and provides first ideas for solution.