Extracting trust information from security system of a service
Introduction
Having sufficient information is a precondition for making decisions about any property of services in emerging open environments. Emerging open environments are expected to have a large number of services and entities. Entities should obtain or extract sufficient information for making decisions about services. Depending on the goal of each entity, the amount of sufficient information for making decisions may change. Therefore, entities should obtain information based on their needs.
Since the diversity of services increases in open environments, trust to the security of services has become a significant issue. Security properties in computer science are defined as authentication, confidentiality, integrity, and availability (Chivers, 1994, Sun et al., 2008, Subashini and Kavitha, 2011). On the other hand, trust has been investigated in various fields of science, such as philosophy and computer science (Massa, 2007, Hussain et al., 2006) however there is no agreement about the definition and properties of trust.
Trust to the security system of a service by an entity is a significant problem in open environments. The security system of a service is a set of security mechanisms that are implemented according to the security policy of the service. A security policy is a collection of rules that allow or disallow security related actions and events in a service (Kagal et al., 2001, Li et al., 2007, Patz et al., 2001). On the other hand, a security mechanism implements security policies in the system.
An entity should trust to security systems of services to interact with them in emerging open environments. Therefore, assessing the trust of the security system of a service according to needs of an entity is becoming a significant issue. Additionally, each entity needs a trust assessment model and information for making trust assessments related to the security system of a service.
In literature, there are many trust computation models that can be applied for assessing the trust of the security system of a service based on the needs of an entity. On the other hand, obtaining information related to the security system of a service according to needs of an entity is not clearly addressed. One entity may gather information for trust computations from other entities and services. The entity may also extract information directly from the security system of a service.
Existing trust models do not provide a solution to extract trust information related to the security system of a service according to needs of a specific entity. Our motivation is the lack of a model for extracting trust information from the security system of a service based on the needs of a specific entity in open environments.
In this paper, we propose a model for extracting trust information from the security system of a service in emerging open environments. Trust information is extracted from the security system of a service based on the needs of an entity, the security policy of the entity, and the security policy of the service. The proposed model has been applied to the security system of a management service of patients' account as a case study. The proposed model has been evaluated experimentally with simulations in the case study. We can summarize the contributions of our work as below.
- •
We represent the security policy of an entity and the security policy of a service with sets of atomic units according to needs of the entity. The set representation of security policies provides a way to demonstrate the needs of a specific entity from the security system of a particular service in emerging open environments.
- •
We propose a novel model for extracting trust information from the security system of a service. The model considers needs of an entity from the security system of a specific service. An entity can extract trust information related to a specific security property and the whole security system of a service by using the model.
The rest of the paper is organized as follows. Section 2 is a brief overview of trust and trust models. We examine some trust related works in Section 3. We present our model for extracting trust information in Section 4. In Section 5, Dental Clinic Patient Service is presented as a case study to show contributions of model. The paper is concluded in Section 6.
Section snippets
Trust and trust models
In this section, we review how trust is defined in different contexts and examine the issue of trust management in computer science. We also examine main trust models. Further, we present our trust definition related to the security system of a service based on the needs of a specific entity to reflect the significance of extracted information for trust computations.
Overview of trust related work
Trust has been investigated over many years and still attracting academicians as an emerging research field. In this section, we examine some existing trust research related to security in computer science. Particularly, we concentrate to examine existing works that contain models for extracting or obtaining information for trust computations. The goal of this section is to show the difference of our model from existing trust research.
Trust propagation is significant for an entity to obtain
Extracting trust information
In open environments, each entity has its own needs from the security system of a service to establish trust. Entities in such environments are expected to compute the trust of the security system of a service based on their present needs. On the other hand, trust computations necessitate information so entities have to extract information. Moreover, the entities have to represent their needs from a security system formally and the security system has to be represented in a formal manner.
Case study: dental clinic patient service
We have simulated the proposed model with a case study and have conducted several experiments. The case study and experiments have two objectives. The first objective is to illustrate the applicability of the proposed model on a realistic application. The second objective is to show the effects of changes in a security policy and in a security system to extracting trust information. Therefore, the case study is about extracting trust information from a dental clinic patient service according to
Conclusion
Open environments are expected to support a large number of various services that interact with many different autonomous entities. Such diversity of services leads to trust problems in entities related to security systems of services. Moreover, the trust problems create new research challenges in emerging open environments. One such challenge is to obtain information related to the security system of a service for trust computations. In this paper, we have studied the challenge of obtaining
Acknowledgments
This work is supported by the Turkish State Planning Organization (DPT) under the TAM Project, number 2007K120610.
References (38)
- et al.
A three-layered model to implement data privacy policies
Computer Standards & Interfaces
(2008) Why trust is bad for security
Electronic Notes in Theoretical Computer Science
(2006)- et al.
A survey of trust and reputation systems for online service provision
Decision Support Systems
(2007) - et al.
Trust management systems for wireless sensor networks: Best practices
Computer Communications
(2010) - et al.
A survey on security issues in service delivery models of cloud computing
Journal of Network and Computer Applications
(2011) A formal apparatus for modeling trust in computing environments
Mathematical and Computer Modelling
(2009)- Andert D, Wakefield R, Weise J. Trust modeling for security architecture development. Technical Report, Sun...
- et al.
A model of security information flow on entities for trust computation
- et al.
Secure knowledge management: confidentiality, trust, and privacy
IEEE Transactions on Systems, Man, and Cybernetics – Part A: Systems and Humans
(2006) - et al.
Decentralized trust management
Trust and suspicion
The Journal of Conflict Resolution
Trust management in emergency networks
Can we trust trust?
A survey of trust in internet applications
IEEE Communications Survey
Propagation of trust and distrust
Comparative analysis of trust and security
Autonomic trust extraction for trustworthy service discovery in urban computing
Cited by (32)
Internet of Things security: A survey
2017, Journal of Network and Computer ApplicationsCitation Excerpt :They then proposed a type of security IoT architecture. In contrast to Liu and Wang (2010) and Yan et al. (2014) who only provided several non-practicable ideas for handling trust in the IoT, Bahtiyar and Çaǧlayan (2012) introduced a trust model that focuses on extracting trust data and provides formal security policies for the IoT devices/entities when required. They attempted to provide a formal security policy for an entity on how to extract trust data from a secured system for service.
Security analysis of computer networks: Key concepts and methodologies. Key concepts and methodologies.
2015, Modeling and Simulation of Computer Networks and Systems: Methodologies and ApplicationsTrust assessment of security for e-health systems
2014, Electronic Commerce Research and ApplicationsCitation Excerpt :We represent the security system of an e-healthcare service from an entity point of view with atomic units. Each entity generates information about all atomic units of an e-healthcare service by observations and obtaining information from other entities as in (Bahtiyar and Çağlayan 2012). An entity can observe only security mechanisms of an e-healthcare service as the security system of the service.
A Web Service trust evaluation model based on small-world networks
2014, Knowledge-Based SystemsCitation Excerpt :However, there lack effective solutions to evaluating the trustworthiness. To evaluate the degree of trust, trust information is required to be extracted from the security component of a service based on the needs of an entity, the security policy of the entity, and the security policy of the service [27]. Based on environmental context, a trust computation model is proposed by Ding et al.
Security similarity based trust in cyber space
2013, Knowledge-Based SystemsCitation Excerpt :Jøsang et al. defines reliability trust as a feeling of relative security that affects decision making [18]. We follow the trust definition in [19], where trust is defined as the security expectation of an entity from a service according to available security evaluation information of that entity. There are three general models of trust that determine the degree of trust relationship between two entities.
A social network-based trust-aware propagation model for P2P systems
2013, Knowledge-Based SystemsCitation Excerpt :So, trust as a security mechanism in computer science is early applied in Distributed Artificial Intelligence by Marsh [31], and Trust management is proposed to use to resolve network service problems by Blaze [8]. Until to now, trust as an important security mechanism protecting against malicious users in network applications is actually applied and researched [5,15,30,44,45]. Trust originally being a social concept is representative of belief or expectation.