Document Sample
fuzzy Powered By Docstoc
					 An Ad Hoc Trust Inference
   Model for Flexible and
Controlled Information Sharing
          Danfeng (Daphne) Yao
     Rutgers University, New Brunswick

             July 14th SAM 2008 Las Vegas, NV
Motivation: Hurricane Katrina 2005
             Motivation cont’d
Flexible authorization for cross-domain information
– Traditional access control models are too strict
– Motivating scenario: inadequate crisis communication among
  FEMA & Coast Guard after Hurricane Katrina
Need to efficiently share and utilize data generated in
pervasive computing environments
– Sensor data, location, etc
Challenge: there is no central authority in this
decentralized environment
– How does the resource owner adaptively makes access control
  decisions in response to emergency situations?
   Decentralized trust management
   Digital identity and certificate

                                                    Is Bob qualified to access DB?

                                      Request for access
             Bob’s credential                                         Policies

University                                                 Hospital

   Most of existing trust management models only work for static
   access control policies
    – Policies are pre-defined and not adaptive to contexts
    – Models cannot handle crisis and emergency situations
   Our approach: ad hoc trust inference
    – Allow the requester to specify emergency level
    – Use fuzzy logic to integrate user information
  Broader implication of dynamic

 0                                                            1
Deny                                                      Allow

Useful for flexible information sharing in mission-critical

[JASON Report 04] studied the need for broader access model
  Our idea: multimodal authorization

Authorization decisions are made based on multiple
  factors including the identity, history, environment
  associated with a request.

A requester is given multiple chances of proving
  trustworthiness, instead of a type of criteria.
Our ad hoc trust inference model
We introduce attribute urgency level that is to be
specified by the requester
– Urgency level defines how urgent a requester needs the
– This attribute is self-claimed by the requester, e.g., urgency level
  = very high
– Three attribute types: identity type, history type, and environment
We develop a mechanism that combines various
attribute values and outputs a numeric trustworthiness
score for the requester
Our design integrates an audit component in trust
   Input attributes in our trust model
Attribute type    Attribute name     Authentication     Value range
Identity input    Affiliation        Credential         [0, 1]

History input     Historic           n/a                [0, 1]
Environment       Urgency level      Audit              [0, 1]
input                                mechanism

Inference output Trustworthiness n/a                    [0, 1]

 How does the resource owner combine these attribute values and
 obtain the trustworthiness of a requester?
    Advantages of ad hoc trust
     inference with fuzzy logic
Access policies are intrinsically flexible
– Supports continuous access decisions
– More flexible than binary access verdicts
Access rules are intuitive to define
– Rules are individually defined for each attribute
Can handle incomplete and imprecise inputs
– In decentralized environments, resource owners
  usually do not have complete and precise inputs
  An example of membership function and
   degrees of membership in fuzzy logic

Earliness(time) = { 1,                    IF time ≤ 1200,
                    (2000−time) / 800,    IF 1200 < time ≤ 2000,
                    0,                    IF time > 2000 }

             Time of the day        Degree of
                  09:00                   1

                  14:00                  0.75

                  16:00                  0.5

                  22:00                   0
      Trust inference steps
Define attributes from which trustworthiness may
be inferred
Define the fuzzy variables associated with each
For each fuzzy variable, define a membership
Define the output membership function for the
output variable (i.e., degrees of trustworthiness)
Define fuzzy rules to specify the logic used to
infer the trustworthiness score from attributes
     Bob from FEMA needs to access US Coast Guard
     (USCG) database for a rescue task
      – Bob has a FEMA credential
      – Urgency level = very high
     USCG has prior interactions with FEMA
      – Affiliation score = high
      – History = very high
      – USCG has also defined fuzzy membership functions and fuzzy
     Ad hoc trust inference computation produces a
     trustworthiness score for Bob’s request
      – E.g., trustworthiness = very high

Note that the actual inference is done on crisp inputs and outputs a crisp trust score.
Please refer to the paper for detailed computation.
Urgency level is self-claimed by the requester
and may be inaccurate
Audit process identifies cheating users
– A dishonest user may always claim high urgency level
Audit process selectively examines and verifies
the urgency levels associated past requesters
Dishonest user and organization will have lower
trustworthiness in the future transactions
– Lower affiliation score
– Lower history score
Conclusions and Future work
– Crisis information sharing requires flexible trust
  inference mechanism
– We have presented an ad hoc trust inference
  framework that allows user-specified context input
Future work
– To automate audit mechanism by analyzing public
  and sensory information
– To apply ad hoc trust inference mechanism to
  manage trust in Web 2.0 applications
Professor James Garnett, Rutgers University
Department of Public Policy and Administration

Funding: Rutgers University Computing
Coordination Council (CCC) Pervasive
Computing Initiative Grant

Shared By: