Abstract
Recent years see an increasing concern over the trustworthiness of Internet-based software. By analyzing the trustworthiness of Internet-based software and the nature of the Internet, applications, we point out that, on the one hand, due to the openness and dynamic nature of the Internet, the identity trustworthiness and the capability trustworthiness of the software are facing serious challenges; on the other hand, in order to ensure the trustworthiness of the whole system, emerging computing paradigms based on the collaboration of autonomous software need some impacts on the behavior of the software. Here we put forward a conceptual model for the trustworthiness of Internet-based software, and propose a trustworthy assurance framework for Internet-based virtual computing environment (iVCE). This framework deals with the trustworthy properties of software on identity, capability and behavior in a combinated way. The authorization management in inter-domain computing environment, assurance on high availability of service and incentive mechanism for autonomic collaboration are taken as three core mechanisms of iVCE trustworthy assurance.
Similar content being viewed by others
References
Anderson J P. Computer Security Technology Planning Study, ESD-TR-73-51, Vol. I, AD-758 206, ESD/AFSC, Hanscom AFB, Bedford, MA., October, 1972
ISO/IEC. Information Technology-Security Techniques-Evaluation Criteria for IT Security, Part 1: Introduction and General Model. 2nd ed. 2005-10-01 (available at URL: http://standards.iso.org/ittf/PubliclyAvailableStandards/c040612_ISO_IEC_15408-1_2005(E).zip, accessed on April 14, 2006)
Trusted Computing Group. TCG Architecture Overview. V1. 2, 28 April 2004 (available at URL: https://www.trustedcomputinggroup.org/specs/IWG/TCG_1_0_Architecture_Overview.pdf, accessed on April 14, 2006)
Gates B. Trustworthy Computing. Wired News, Jan. 17, 2002 (available at URL: http://www.wired.com/news/business/0,1367,49826,00.html, accessed on April 14, 2006)
Lin C, Peng X H. Research on trustworthy networks. Chin J Comp (in Chinese), 2005, 28(5): 751–758
Algirdas A, Jean-Claude L, Brian R, et al. Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 2004, 1(1): 11–33
Friedman B, Kahn P H Jr, Howe D C. Trust online. Communications of the ACM, 2000, 43(12): 34–40
Lazowska E D, Patterson D A. Distributed computing. Science, 2005, 308(6) (available at URL: http://www.sciencemag.org/sciext/computers/, accessed on April 14, 2006)
Bernardo E A, Huberman A. Free Riding on Gnutella. Tech Rept: SSL-00-63, XeroxPARC, 2000. 8
Hardin. The tragedy of the commons. Science, 1968, 162: 1243–1248
Feldmany M, Laiz K. Quantifying disincentives in peer-to-peer networks. In: Proceeding of Workshop on Economics of Peer-to-Peer Systems. LNCS 2735. Berkeley, CA: Springer-Verlag, 2003. 117–122
Yin G, Wang H M, Shi D X, et al. Towards more controllable and practical delegation. In: Mathematical Methods, Models and Architectures for Computer Networks Security Workshop (MMM-ACNS’05), St. Petersburg, Russia, LNCS 3685, 2005, 245–258
Axelrod R. The Evolution of Cooperation. New York: Basic Books, 1984
Obreiter P, Nimis J. A Taxonomy of incentive patterns—the design space of incentives for cooperation. In: Proc. of the Second International Workshop on Agents and P2P Computing. LNCS 2872. Melbourne: Springer-Verlag, 2003. 678–685
Golle P, Leyton-Brown K, Incentives for sharing in peer-to-peer networks. In: Proc. of the Third ACM Conference on Electronic Commerce. LNCS 2232. Tampa, Florida: Springer-Verlag, 2001. 75–82.
Blaze M, Feigenbaum J, Strauss M. Compliance checking in the policymaker trust management system. In: Proceedings of the Financial Cryptography’98. Anguilla: Springer-Verlag, 1998. 254–274
Blaze M, Feigenbaum J, Lacy J. Decentralized trust management. In: IEEE Symposium on Security and Privacy, Oakland, CA 1996, 164–173
Blaze M, Feigenbaum J, Ioannidis J, et al. RFC 2704: The KeyNote trust management system version 2, Network Working Group, IETF, September, 1999
Ellison C M, Frantz B, Lampson B, et al. SPKI Certificate Theory. IETF RFC 2693, September, 1999
Li N H, Delegation Logic: A Logic-based Approach to Distributed Authorization. PhD thesis. New York: New York University, 2000
Li N H, Mitchell J C, William H W. Design of a role-based trust management framework. In: Proceedings of IEEE Symposium on Security and Privacy. Berkeley, CA: IEEE Computer Society Press, 2002. 114–130
Moritz Y B, Peter S. Cassandra: Flexible trust management, applied to electronic health records. In: Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW’04), Asilomar, Pacific Grove, CA, USA, June 2004, 10–13
Xu F. Trust management in open coordination software environment (in Chinese). PhD Thesis, Nanjing: Nanjing University, 2003
Hong F, Zhu X, Wang S B. Delegation depth control in trust-management system. In: Proceedings of the 19th International Conference on Advanced Information Networking and Applications (AINA’05), Taipei, Taiwan, March 2005, 411–414
Avizienis A. Design of fault-tolerant computers. In: Fall Joint Computer Conference, AFIPS Conf. Proc. Washington D.C.: Thompson Books, 1967, 31: 733–43
Min Y H. Twenty-five years of fault-tolerant computing. Chin J Comp (in Chinese), 1995, 18(12): 930–943
OMG. Common Object Request Broker Architecture (CORBA), v2.6. 2001. 12
Narasimhan P, Reverte C F, Ratanotayanon S, et al. Middleware for embedded adaptive dependability. In: Proc. of IEEE Workshop on Large Scale Real-Time and Embedded Systems, Austin, TX, December 2002
Nisan N, Ronen A. Algorithmic mechanism design. Games and Economic Behavior, 2001, 35: 166–196
Feigenbaum J, Papadimitriou C, Shenker S, Distributed Algorithmic Mechanism Design: Recent Results and Future Directions, Proceedings of the 6th International Workshop on Discrete Algorithms and Methods for Mobile Computing and Communications, New York: ACM Press, 2002. 1–13
Sami R. Distributed algorithmic mechanism design. PhD Thesis. Yale University, 2003
Kelly T, Chan Y M, Jamin S, et al. Biased replacement policies for web caches: Differential quality-of-service and aggregate user value. In: Proceedings of the 4th International Web Caching Workshop, San Diego, California, March 1999, 1–10
Abdul-Rahman A, Hailes S. Supporting trust in virtual communities. In: Proc. of 33rd Hawaii International Conference on System Sciences, Maui, Hawaii, IEEE Computer Society, January 2000
Kamvar S D, Schlosser M T, Garcia-Molina H. The EigenTrust Algorithm for Reputation Management in P2P Networks. In: Proc. of the 20th International World Wide Web Conference (WWW2003), Budapest, HUNGARY, ACM, May 2003
Christin N, Weigend A, Chuang J. Content availability, pollution and poisoning in file sharing peer-to-peer networks. In: Proceedings of ACM Conference on Electronic Commerce (EC’05), Hong Kong, ACM, 2005. 68–77
Khopkar T, Li X, Resnick P. Self-selection, slipping, salvaging, slacking, and stoning: the impacts of negative feedback at eBay. In: Proceedings of ACM Conference on Electronic Commerce (EC’05), Hong Kong, ACM, 2005. 223–231
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wang, H., Tang, Y., Yin, G. et al. Trustworthiness of Internet-based software. SCI CHINA SER F 49, 759–773 (2006). https://doi.org/10.1007/s11432-006-2024-4
Received:
Accepted:
Issue Date:
DOI: https://doi.org/10.1007/s11432-006-2024-4