Skip to main content
Springer Nature Link
Log in

A Requirements-Driven Trust Framework for Secure Interoperation in Open Environments

  • Conference paper
Trust Management (iTrust 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3986))

Included in the following conference series:

Abstract

A key challenge in emerging multi-domain open environments is the need to establish trust-based, loosely coupled partnerships between previously unknown domains. An efficient trust framework is essential to facilitate trust negotiation based on the service requirements of the partner domains. While several trust mechanisms have been proposed, none address the issue of integrating the trust mechanisms with the process of integrating access control policies of partner domains to facilitate secure interoperation. In this paper, we propose a requirements-driven trust framework for secure interoperation in open environments. Our framework tightly integrates game-theory based trust negotiation with service negotiation, and policy mapping to ensure secure interoperation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Skogsrud, H., Benatallah, B., Casati, F.: Model Driven Trust Negotiation for Web Services. IEEE Internet Computing, 45–52, (November-December 2003)

    Google Scholar 

  2. Yu, T., Winslett, M., Seamons, K.E.: Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies for Automated Trust Negotiation. ACM Transactions in Information Systems Security 6(1), 1–42 (2003)

    Article  Google Scholar 

  3. Bertino, E., Ferrari, E., Squicciarani, A.C.: Trust-X: A Peer to Peer Framework for Trust Establishment. IEEE Transactions on Knowledge and Data Engineering 16(7), 827–842 (2004)

    Article  Google Scholar 

  4. Capra, L.: Engineering Human Trust in Mobile System Collaborations. In: Proceedings of ACM SIGSOFT/FSE-12, Newport Beach, CA, October 31-November 6, 2004, pp. 107–116 (2004)

    Google Scholar 

  5. Aberer, K., Despotovic, Z.: Managing Trust in a Peer-2-Peer Information System. In: Proceedings of ACM CIKM 2001, Atlanta, GA, November 5-10, 2001, pp. 310–317 (2001)

    Google Scholar 

  6. Xianliang, H.M.L., Chuan, Z.-x.-Z.: A trust model of P2P system based on confirmation theory. ACM SIGOPS Operating Systems Review 39(1), 56–62 (2005)

    Article  Google Scholar 

  7. Gupta, M., Judge, P., Ammar, M.: A Reputation System for Peer-to-Peer Networks. In: Proceedings of NOSSDAV 2003, Monterey, California, USA (June 1–3, 2003)

    Google Scholar 

  8. Damiani, E., di Vimercati, S. de C., Paraboschi, S., Samarati, P., Violante, F.: A Reputation-Based Approach for Choosing Reliable Resources in Peer-to-Peer Networks. In: CCS 2002, Washington, DC, USA, November 18–22 (2002)

    Google Scholar 

  9. Ye, S., Makedon, F., Ford, J.: Collaborative Automated Trust Negotiation in Peer-to-Peer Systems. In: Proceedings of the Fourth International Conference on Peer-to-Peer Computing, August 25–27, 2004, pp. 108–115 (2004)

    Google Scholar 

  10. Khedr, M., Karmouch, A.: Negotiating context Information in Context-Aware Systems. IEEE Intelligent Systems 19(6), 21–29 (2004)

    Article  Google Scholar 

  11. Ryutov, T., Zhou, L., Neuman, C., Leithead, T., Seamons, K.E.: Adaptive Trust Negotiation and Access Control. In: Proceedings of SACMAT 2005, Stockholm, Sweden, June 1–3, 2005, pp. 139–146 (2005)

    Google Scholar 

  12. Marti, S., Garcia-Molina, H.: Identity-Crisis: Anonymity vs. Reputation in P2P Systems. In: Proceedings of The Third International Conference on Peer-to-Peer Computing (P2P 2003), September 1–3, 2003, pp. 134–141 (2003)

    Google Scholar 

  13. Song, S., Hwang, K., Macwan, M.: Fuzzy trust integration for security enforcement in grid computing. In: Jin, H., Gao, G.R., Xu, Z., Chen, H. (eds.) NPC 2004. LNCS, vol. 3222, pp. 9–21. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  14. Azzedin, F., Maheswaran, M.: Towards Trust-Aware Resource Management in Grid Computing Systems. In: Proceedings of the 2nd IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGRID 2002), August 18–21, 2002, pp. 47–54 (2002)

    Google Scholar 

  15. Bussard, L., Roudier, Y., Molva, R.: Untraceable Secret Credentials: Trust Establishment with Privacy. In: Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops (PERCOMW 2004), March 14–17, 2004, pp. 122–126 (2004)

    Google Scholar 

  16. Au, R., Looi, M., Ashley, P.: Automated Cross-organisational Trust Establishment on Extranets. In: Proceedings of Workshop on Information Technology for Virtual Enterprises, ITVE 2001, January 29-30, 2001, pp. 3–11 (2001)

    Google Scholar 

  17. O’Donovan, J., Smyth, B.: Trust in Recommender Systems. In: Proceedings of IUI 2005, San Diego, California, January 9–12, 2005, pp. 167–174 (2005)

    Google Scholar 

  18. Shand, B., Dimmock, N., Bacon, J.: Trust for Ubiquitous, Transparent Collaboration. Wireless Networks 10, 711–721 (2004)

    Article  Google Scholar 

  19. Manchala, D.W.: E-Commerce Trust Metrics and Models. Internet Computing, IEEE 4(2), 36–44 (2000)

    Article  Google Scholar 

  20. Daskapan, S., Vree, W.G., Eldin, A.A.: Trust Metrics for survivable security systems. In: Proceedings of IEEE International Conference on Systems, Man and Cybernetics, October 5-8, 2003, vol. 4, pp. 3128–3135 (2003)

    Google Scholar 

  21. Patrick, P.: Impact of SoA on Enterprie Information Archietctures. In: Proceedings of SIGMOD 2005, Baltimore, Maryland, USA, June 14–16 (2005)

    Google Scholar 

  22. Benatallah, B., Dumas, M., Fauvet, M.-C., Rabhi, F.A., Sheng, Q.-Z.: Overview of some Patterns for Architecting and Managing services. ACM SIGecom Exchanges 3(3), 9–16 (2002)

    Article  Google Scholar 

  23. Baresi, L., Heckel, R., Thone, S., Varro, D.: Modeling and Validation of Service-Oriented Architectures: Application vs. Style. In: Proceedings of ESEC/FSE 2003, Helsinki, Finland, September 1–5 (2003)

    Google Scholar 

  24. Joshi, J.B.D., Bhatti, R., Bertino, E., Ghafoor, A.: Access-control language for Multidomain environments. IEEE Internet Computing 8(6), 40–50 (2004)

    Article  Google Scholar 

  25. Joshi, J.B.D., Bertino, E., Latif, U., Ghafoor, A.: A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering 17(1), 4–23 (2005)

    Article  Google Scholar 

  26. Piromruen, S., Joshi, J.B.D.: An RBAC Framework for Time Constrained Secure Interoperation in Multi-domain Environment. In: Proceedings of IEEE Workshop on Object-oriented Real-time Databases (WORDS 2005) (2005)

    Google Scholar 

  27. Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization, RFC 3281 (April 2002)

    Google Scholar 

  28. Chandran, S.M., Joshi, J.B.D.: LoT-RBAC: A Location and Time-based RBAC Model. In: Proceedings of 6th International Conference on Web Information Systems Engineering, New York City, NY, November 20–22 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Sciences and Telecommunications, University of Pittsburgh, USA

    Suroop Mohan Chandran, Korporn Panyim & James B. D. Joshi

Authors
  1. Suroop Mohan Chandran
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Korporn Panyim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. James B. D. Joshi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Oslo, Norway

    Ketil Stølen

  2. Department of Computer Science, University of Texas, San Antonio, USA

    William H. Winsborough

  3. IIT CNR, Pisa, via Moruzzi, 1, 56125, Pisa, Italy

    Fabio Martinelli

  4. University of Trento, Povo, (Trento), Italy

    Fabio Massacci

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chandran, S.M., Panyim, K., Joshi, J.B.D. (2006). A Requirements-Driven Trust Framework for Secure Interoperation in Open Environments. In: Stølen, K., Winsborough, W.H., Martinelli, F., Massacci, F. (eds) Trust Management. iTrust 2006. Lecture Notes in Computer Science, vol 3986. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11755593_4

Download citation

  • DOI: https://doi.org/10.1007/11755593_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34295-3

  • Online ISBN: 978-3-540-34297-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics