Skip to main content
SpringerLink
Log in

An adaptable distributed trust management framework for large-scale secure service-based systems

  • Published:
Computing Aims and scope Submit manuscript

    We’re sorry, something doesn't seem to be working properly.

    Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.

Abstract

A major advantage of service-based computing systems is the ability to enable rapid formation of large-scale distributed systems by composing available services to achieve the system goals, regardless of the programming languages and platforms used to develop and/or run these services. For these systems, which often involve communications among multiple organizations over various networks, high confidence and adaptability are of primary concern to ensure that users can access these systems anywhere and anytime through various devices, knowing that their security and privacy are well protected under various situations. In this paper, an adaptable distributed trust management framework for large-scale service-based systems is presented. This framework includes a meta-model with a formal specification language for situation-aware security policies, and tools for generating and deploying security agents to evaluate and enforce trust decisions based on security policies, credentials and situational information. With this framework, large-scale service-based systems can incorporate distributed trust management to meet their trustworthiness requirements under various situations.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Booth D, Haas H, McCabe F (2004) Web services architecture. http://www.w3.org/TR/ws-arch/. Accessed 15 Jan 2013

  2. Francois J, Bernard B, Philippe N, Armando W, Jerker D, Jens E, Rumen K, Stamatis K, Petr S, Marcel T (2012) Technologies for SOA-based distributed large scale process monitoring and control systems. In: Proceedings of IECON 38th annual conference on IEEE industrial electronics society, pp 5799–5804. doi:10.1109/IECON.2012.6389589

  3. IBM Web Services Architecture Team (2000) IBM web services architecture overview. https://www.ibm.com/developerworks/library/w-ovr/. Accessed 15 Jan 2013

  4. Papazoglou MP (2003) Service-oriented computing: concepts, characteristics and directions. In: Proceedings of 4th international conference on web information systems engineering, pp 3–12. doi:10.1109/WISE.2003.1254461

  5. Blaze M, Feigenbaum J, Ioannidis J, Keromytis A (1999) The keyNote trust management system (version 2). RFC2704. http://tools.ietf.org/html/rfc2704. Accessed 15 Jan 2013

  6. Blaze M, Feigenbaum J, Strauss M (1998) Compliance checking in the policyMaker trust management system. In: Proceedings of 2nd international conference of financial cryptography, pp 254–274. doi:10.1007/BFb0055488

  7. Chu Y, Fengenbaun J, LaMacchia B, Resnick P, Strauss M (1997) REFEREE: trust management for web applications. World Wide Web J 2(3):127–139. doi:http://www.comp.nus.edu.sg/~cs6203/guidelines/topic7/referee-trust-management.pdf

    Google Scholar 

  8. Gavriloaie R, Nejdl W, Olmedilla D, Seamons K, Winslett M (2004) No registration needed: how to use declarative policies and negotiation to access sensitive resources on the semantic web. In: 1st European semantic web symposium, vol 3053, pp 342–356. doi:10.1007/978-3-540-25956-5_24

  9. Jim T (2001) SD3: a trust management system with certified evaluation. In: IEEE symposium on security and privacy, pp 106–115. doi:10.1109/SECPRI.2001.924291

  10. Li N, Mitchell J (2003) RT: a role-based trust management framework. In: Proceedings of 3rd DARPA information survivability conference and exposition, vol 1, pp 201–212. doi:10.1109/DISCEX.2003.1194885

  11. Townend P, Venters C, Lau L, Djemame K, Dimitrova V, Marshall A, Xu J, Dibsdale C, Taylor N, Austin J, McAvoy J, Fletcher M, Hobson S (2012) A framework for improving trust in dynamic service-oriented systems. In: Proceedings of IEEE 15th international symposium on object/component/service-oriented real-time distributed computing workshops, pp 136–141. doi:10.1109/ISORCW.2012.33

  12. Naedele M (2003) Standards for XML and web services security. IEEE Comput 36(4):96–98. doi:10.1109/MC.2003.1193234

    Article  Google Scholar 

  13. Nakamur Y, Hada S, Neyama R (2002) Towards the integration of web services security on enterprise environments. In: Proceedings of symposium on applications and the internet (SAINT) workshops, pp 166–175. doi:10.1109/SAINTW.2002.994567

  14. WS-Security 1.1 (2006) OASIS web services security. https://www.oasis-open.org/committees/wss/. Accessed 15 Jan 2013

  15. WS Security Policy 1.2 (2006) OASIS web services security. http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html. Accessed 15 Jan 2013

  16. Paik I, Komiya R (2012) Active situation awareness on web APIs for information on social network services. In: Proceedings of IEEE 1st international conference on services economics, pp 68–69. doi:10.1109/SE.2012.15

  17. Yau SS, Huang D, Gong H, Davulcu H (2005) Situation-awareness for adaptable service coordination in service-based systems. In: Proceedings of 29th annual internationl computer software and application conference, pp 107–112. doi:10.1109/COMPSAC.2005.141

  18. Yau SS, Huang D, Gong H, Yao Y (2006) Support for situation-awareness in trustworthy ubiquitous computing application software. J Softw Pract Eng 36(9):893–921. doi:10.1109/COMPSAC.2006.30

    Article  Google Scholar 

  19. Yau SS, Gong H, Huang D, Gao W, Zhu L (2006) Automated agent synthesis for situation awareness in service-based systems. In: Proceedings of 30th annual international computer software and application conference, pp. 503–510. doi:10.1109/COMPSAC.2006.30

  20. Yau SS, Gong H, Huang D, Gao W, Zhu L (2008) Specification, decomposition and agent synthesis for situation-aware service-based systems. J Syst Softw 81(10):1663–1680. doi:10.1016/j.jss.2008.02.035

    Article  Google Scholar 

  21. Yau SS, Huang D (2013) Development of situation-aware applications in services and cloud computing environments. Int J Softw Inform 7(1):21–39

    Google Scholar 

  22. Blaze M, Kannan S, Lee I, Sokolsky O, Smith M, Keromytis A, Lee W (2009) Dynamic trust management. Computer 42(2):44–52. doi:10.1109/MC.2009.51

    Article  Google Scholar 

  23. AlNemr R, Meinel C (2008) Getting more from reputation systems: a context-aware reputation framework based on trust centers and agent lists. In: Proceedings of 3rd international multi-conference on computing in the global information technology, pp 137–142. doi:10.1109/ICCGI.2008.45

  24. Singh A, Liu L (2003) TrustMe: anonymous management of trust relationships in decentralized P2P systems. In: Proceedings of 3rd international conference on peer-to-peer computing, pp 142–149. doi:10.1109/PTP.2003.1231514

  25. Theodorakopoulos G, Baras JS (2006) On trust models and trust evaluation metrics for ad hoc networks. IEEE J Sel Areas Commun 24(2):318–328. doi:10.1109/JSAC.2005.861390

    Article  Google Scholar 

  26. Xiong L, Liu L (2004) PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities. IEEE Trans Knowl Data Eng 16(7):843–857. doi:10.1109/TKDE.2004.1318566

    Article  Google Scholar 

  27. Conner W, Iyengar A, Mikalsen T, Rouvellou I, Nahrstedt K (2009) A trust management framework for service-oriented environments. ACM track: web engineering/session: service oriented development, pp 891–900. doi:10.1145/1526709.1526829

  28. Cheng A, Friedman E (2005) Sybilproof reputation mechanisms. In: Proceedings of ACM workshop on economics of peer-to-peer systems, pp 128–132. doi:10.1145/1080192.1080202

  29. Douceur JR (2002) The Sybil attack. In: Proceedings of 1st international workshop on peer-to-peer systems (IPTPS), vol 2429. Springer, Berlin, pp 251–260. ISBN: 3-540-44179-4

  30. Survey (2005) E-crime watch survey 2005. http://www.cert.org/archive/pdf/ecrimesurvey05.pdf. Accessed 15 Jan 2013

  31. OASIS (2012) Security assertion markup language (SAML) version 2.0. https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security. Accessed 16 Jan 2013

  32. OASIS (2004) eXtensible access control markup language (XACML) version 2.0. http://docs.oasis-open.org/xacml/access_control-xacml-2_0-core-spec-cd-04.pdf. Accessed 16 Jan 2013

  33. Bhargavan K, Fournet C, Gordon AD (2004) A semantics for web services authentication. In: Proceedings of 31st ACM SIGPLAN-SIGACT symposium on principles of programming languages, vol 39, pp 198–209. doi:10.1145/982962.964018

  34. Bertino E, Bonatti PA, Ferrari E, Sapino ML (2000) Temporal authorization bases: from specification to integration. J Comput Secur 8(4):309–354. ISSN: 0926–227X

    Google Scholar 

  35. Jajodia S, Pamarati S (2001) Flexible supporting for multiple access control policies. ACM Trans Database Syst 26(2):214–260. doi:10.1145/383891.383894

    Article  MATH  Google Scholar 

  36. Joshi JBD, Bertino E, Latif U, Ghafoor A (2005) A generalized temporal role-based access control model. IEEE Trans Knowl Data Eng 17(1):4–23. doi:10.1109/TKDE.2005.1

    Article  Google Scholar 

  37. Reiter R (1980) A logic for default reasoning. Artif Intell 13:81–132. doi:http://dl.acm.org/citation.cfm?id=42646

    Article  MathSciNet  MATH  Google Scholar 

  38. Uszok A et al (2003) KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement. In: Proceedings of IEEE 4th international workshop on policies for distributed systems and networks, pp 93–96. doi:10.1109/POLICY.2003.1206963

  39. Baader F, Calvanese D, McGuinness DL, Nardi D, Patel-Schneider PF (2003) The description logic handbook. Cambridge University Press, Cambridge

    MATH  Google Scholar 

  40. Kraft R (2002) Designing a distributed access control processor for network services on the web. In: Proceedings of ACM workshop on XML. Security, pp 36–52. doi:10.1145/764792.764799

  41. W3C (2004) Web services architecture. W3C working group note. http://www.w3.org/TR/ws-arch/. Accessed on 16 Jan 2013

  42. Bharadwaj R (2003) Secure middleware for situation-aware Naval \(\text{ C }^{2}\) and combat systems. In: Proceedings of 9th internationall workshop on future trends of distributed computing system, pp 233–240. doi:10.1109/FTDCS.2003.1204342

  43. Bharadwaj R (2002) SOL: a verifiable synchronous language for reactive systems. Proc Synchron Lang Appl Program 65(5):140–154. doi:10.1016/S1571-0661(05)82565-4

    Google Scholar 

  44. Yau SS, Davulcu H, Mukhopadhyay S, Gong H, Huang D, Singh P, Gelgi F (2007) Automated situation-aware service composition in service-oriented computing. Int J Web Serv Res 4(4):59–82. doi:10.4018/jwsr.2007100103

    Article  Google Scholar 

  45. Yau SS, Gupta S, Karim F, Ahamed S, Wang Y, Wang B (2003) A smart classroom for enhancing collaborative learning using pervasive computing technology. In: Proceedings of 6th WFEO world congress on engineering education & 2nd ASEE international colloquium on engineering education (ASEE2003), Paper No. 2521

  46. OMG (2003) MDA guide version 1.0. http://www.omg.org/mda/mda_files/MDA_Guide_Version1-0.pdf. Accessed 15 Jan 2013

Download references

Acknowledgments

This work reported here was supported in part by the Department of Defense/Office of Naval Research under the Multidisciplinary University Research Initiative, Contract No. N00014-04-1-0723. We would like to thank Ramesh Bharadwaj of US Naval Research Laboratory, Supratik Mukhopadhyay of Louisiana State University, Hasan Davulcu and Dazhi Huang of Arizona State University for many helpful discussions.

Author information

Authors and Affiliations

  1. Information Assurance Center, and School of Computing, Informatics and Decision Systems Engineering, Arizona State University, Tempe, AZ, 85287-8809, USA

    Stephen S. Yau, Yisheng Yao & Arun Balaji Buduru

Authors
  1. Stephen S. Yau
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yisheng Yao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Arun Balaji Buduru
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stephen S. Yau.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Yau, S.S., Yao, Y. & Buduru, A.B. An adaptable distributed trust management framework for large-scale secure service-based systems. Computing 96, 925–949 (2014). https://doi.org/10.1007/s00607-013-0354-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00607-013-0354-9

Keywords

Mathematics Subject Classification

Search

Navigation