skip to main content
10.1145/3510547.3517930acmconferencesArticle/Chapter ViewAbstractPublication PagescodaspyConference Proceedingsconference-collections
research-article

Quantifying Trustworthiness in Decentralized Trusted Applications

Published: 28 April 2022 Publication History

Abstract

Decentralized systems play an important role in many modern data processing applications. Due to the distributed nature of these applications, participating system components are often operated by different stakeholders with potentially conflicting interests. To prevent malicious participants from manipulating critical system components, trusted computing technologies such as Trusted Platform Modules (TPMs) or Intel's Software Guard Extensions (SGX) can be employed. These technologies provide hardware-based access control to sensitive data and allow users to remotely verify the integrity of critical software stacks. However, not all trusted computing technologies are equally suitable for all use cases. As different technologies offer different benefits and drawbacks, it becomes quite challenging to determine if the decentralized system can be fully trusted in its current state. In this work we present a methodology for estimating the trustworthiness of decentralized systems that are being protected by trusted computing hardware. Our approach is based on a formal model describing the operational dependencies between distributed system components, as well as the required protection goals for a secure component operation. Based on this model we then show how stakeholders can calculate the trustworthiness of a specific system operation as a subjective probability (degree-of-belief). We then generalize this approach to obtain trust estimations for the entire decentralized system. Finally we demonstrate the application of our proposal using the real-world scenario of distributed usage control as an example.

Supplementary Material

MP4 File (SaT-CPS22-fp16.mp4)
In this presentation of the paper "Quantifying Trustworthiness in Decentralized Trusted Applications", Paul Wagner shows how trustworthiness can be estimated in decentralized systems where remote components are being protected by trusted computing hardware. The presented methodology is based on a formal model describing the operational dependencies between system components and is illustrated by applying it to the use case of distributed usage control.

References

[1]
Jaehwan Ahn, Il-Gu Lee, and Myungchul Kim. 2020. Design and implementation of hardware-based remote attestation for a secure internet of things. Wireless Personal Communications, Vol. 114, 1 (2020), 295--327.
[2]
Frederik Armknecht, Yacine Gasmi, Ahmad-Reza Sadeghi, Patrick Stewin, Martin Unger, Gianluca Ramunno, and Davide Vernizzi. 2008. An efficient implementation of trusted channels based on OpenSSL. In 3rd ACM workshop on Scalable trusted computing. 41--50.
[3]
Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. IACR Cryptology Archive (2016), 86.
[4]
Seyed Asgary Ghasempouri and Behrouz Tork Ladani. 2019. Modeling trust and reputation systems in hostile environments. Future Generation Computer Systems, Vol. 99 (2019), 571--592.
[5]
Jochen Haller. 2008. A bayesian reputation system for virtual organizations. In Negotiation, Auctions, and Market Engineering. Springer, 171--178.
[6]
Omar Hasan. 2017. A Survey of privacy preserving reputation systems . Ph.,D. Dissertation. LIRIS UMR 5205 CNRS/INSA de Lyon/Université Claude Bernard Lyon 1/Université ?.
[7]
Catholijn M Jonker and Jan Treur. 1999. Formal analysis of models for the dynamics of trust based on experiences. In European workshop on modelling autonomous agents in a multi-agent world. Springer, 221--231.
[8]
Audun Jøsang. 2001. A logic for uncertain probabilities. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, Vol. 9, 03 (2001), 279--311.
[9]
Audun Josang and Roslan Ismail. 2002. The beta reputation system. In Proceedings of the 15th bled electronic commerce conference, Vol. 5. 2502--2511.
[10]
Sepandar D Kamvar, Mario T Schlosser, and Hector Garcia-Molina. 2003. The eigentrust algorithm for reputation management in p2p networks. In Proceedings of the 12th international conference on World Wide Web. 640--651.
[11]
Raph Levien. 2009. Attack-resistant trust metrics. In Computing with Social Trust . Springer, 121--132.
[12]
Stephen Paul Marsh. 1994. Formalising trust as a computational concept. (1994).
[13]
OASIS. 2013. eXtensible Access Control Markup Language (XACML) Version 3.0 . Technical Report. http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html Accessed February 2022.
[14]
Jaehong Park and Ravi Sandhu. 2004. The UCON ABC usage control model. ACM Transactions on Information and System Security (TISSEC), Vol. 7, 1 (2004), 128--174.
[15]
Sandro Pinto and Nuno Santos. 2019. Demystifying arm trustzone: A comprehensive survey. ACM Computing Surveys (CSUR), Vol. 51, 6 (2019), 1--36.
[16]
Alexander Pretschner, Manuel Hilty, and David Basin. 2006. Distributed usage control. Commun. ACM, Vol. 49, 9 (2006), 39--44.
[17]
Sebastian Ries. 2007. Certain trust: a trust model for users and agents. In Proceedings of the 2007 ACM symposium on Applied computing. 1599--1604.
[18]
Sebastian Ries. 2009. Extending bayesian trust models regarding context-dependence and user friendly representation. In Proceedings of the 2009 ACM symposium on Applied Computing. 1294--1301.
[19]
Sebastian Ries, Sheikh Mahbub Habib, Max Mühlh"auser, and Vijay Varadharajan. 2011. Certainlogic: A logic for modeling trust and uncertainty. In International conference on trust and trustworthy computing. Springer, 254--261.
[20]
arlton Shepherd, Raja Naeem Akram, and Konstantinos Markantonakis. 2017. Establishing mutually trusted channels for remote sensing devices with trusted execution environments. In Proceedings of the 12th International Conference on Availability, Reliability and Security. 1--10.
[21]
TCG. 2007. TCG Specification Architecture Overview. Specification Revision 1.4 . Technical Report. https://trustedcomputinggroup.org/wp-content/uploads/TCG_1_4_Architecture_Overview.pdf Accessed February 2022.
[22]
TCG. 2019. Trusted Attestation Protocol (TAP) Information Model . Technical Report. https://trustedcomputinggroup.org/wp-content/uploads/TNC_TAP_Information_Model_v1.00_r0.36-FINAL.pdf Accessed February 2022.
[23]
Paul Georg Wagner, Pascal Birnstill, and Jürgen Beyerer. 2018. Distributed usage control enforcement through trusted platform modules and sgx enclaves. In Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies. 85--91.
[24]
Paul Georg Wagner, Pascal Birnstill, and Jürgen Beyerer. 2020. Establishing Secure Communication Channels Using Remote Attestation with TPM 2.0. In International Workshop on Security and Trust Management. Springer, 73--89.
[25]
Yao Wang and Julita Vassileva. 2003. Bayesian network trust model in peer-to-peer networks. In International Workshop on Agents and P2P Computing. Springer, 23--34.
[26]
Ziwang Wang, Yi Zhuang, and Zujia Yan. 2020. TZ-MRAS: A Remote Attestation Scheme for the Mobile Terminal Based on ARM TrustZone. Security and Communication Networks, Vol. 2020 (2020).
[27]
Bin Yu and Munindar P Singh. 2000. A social mechanism of reputation management in electronic communities. In International Workshop on Cooperative Information Agents. Springer, 154--165.
[28]
Bin Yu and Munindar P Singh. 2002. An evidential model of distributed reputation management. In Proceedings of the first international joint conference on Autonomous Agents and Multiagent Systems: Part 1. 294--301.
[29]
Yahui Zhang, Min Zhao, Tingquan Li, and Huan Han. 2020. Survey of Attacks and Defenses against SGX. In 2020 IEEE 5th Information Technology and Mechatronics Engineering Conference (ITOEC). IEEE, 1492--1496.
[30]
Lingli Zhou and Zhenfeng Zhang. 2010. Trusted channels with password-based authentication and TPM-based attestation. In 2010 International Conference on Communications and Mobile Computing, Vol. 1. IEEE, 223--227.
[31]
Runfang Zhou and Kai Hwang. 2007. Powertrust: A robust and scalable reputation system for trusted peer-to-peer computing. IEEE Transactions on parallel and distributed systems, Vol. 18, 4 (2007), 460--473.

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
Sat-CPS '22: Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems
April 2022
124 pages
ISBN:9781450392297
DOI:10.1145/3510547
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 April 2022

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. arm trustzone
  2. decentralized systems
  3. distributed usage control
  4. software guard extensions
  5. trust metrics
  6. trusted computing
  7. trusted platform modules
  8. trustworthiness

Qualifiers

  • Research-article

Funding Sources

Conference

CODASPY '22
Sponsor:

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 143
    Total Downloads
  • Downloads (Last 12 months)13
  • Downloads (Last 6 weeks)1
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media