Trust Management Tools for Internet Applications

  • Tyrone Grandison
  • Morris Sloman
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2692)


Trust management has received a lot of attention recently as it is an important component of decision making for electronic commerce, Internet interactions and electronic contract negotiation. However, appropriate tools are needed to effectively specify and manage trust relationships. They should facilitate the analysis of trust specification for conflicts and should enable information on risk and experience information to be used to help in decision-making. High-level trust specifications may also be refined to lower-level implementation policies about access control, authentication and encryption. In this paper, we present the SULTAN trust management toolkit for the specification, analysis and monitoring of trust specifications. This paper will present the following components of the toolkit: the Specification Editor, the Analysis Tool, the Risk Service and the Monitoring Service.


Trust Management Tools Trust Specification Trust Analysis Risk Service Trust Monitoring Service 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Blaze, M., J. Feigenbaum and A. D. Keromytis: KeyNote: Trust Management for Public-Key Infrastructures. Security Protocols International Workshop (1998). Cambridge, England.
  2. 2.
    Blaze, M.: Using the KeyNote Trust Management System.: AT&T Research Labs (1999).
  3. 3.
    Blaze, M., J. Feigenbaum, I. J. and K. A.: RFC2704 — The KeyNote Trust Management System (version 2). 1999. http://www.crypto/papers/rfc2704.txt
  4. 4.
    Chu, Y.-H., J. Feigenbaum, B. LaMacchia, P. Resnick and M. Strauss: REFEREE: Trust Management for Web Applications. AT&T Research Labs (1997).
  5. 5.
    Chu, Y.-H.: Trust Management for the World Wide Web. Massachusetts Institute of Technology. MEng Thesis (1997).
  6. 6.
    Jim, T.: SD3: a trust management system with certified evaluation. IEEE Symposium on Security and Privacy (2001). Oakland, California, USA. IEEE Computer Society.
  7. 7.
    Blaze, M., J. Feigenbaum and J. Lacy: Decentralized Trust Management. IEEE Conference on Security and Privacy (1996). Oakland, California, USA.
  8. 8.
    Grandison, T. and M. Sloman: Specifying and Analysing Trust for Internet Applications. 2nd IFIP Conference on e-Commerce, e-Business, e-Government (2002). Lisbon, Portugal.
  9. 9.
    Grandison, T.: Trust Specification and Analysis for Internet Applications. Imperial College of Science, Technology and Medicine, London. MPhil/PhD Report (2001). Google Scholar
  10. 10.
    Verissimo, P. and L. Rodrigues: Distributed Systems for System Architects: Kluwer Academic Publishers, 2001. ISBN: 0-7923-7266-2.Google Scholar
  11. 11.
    Grandison, T. and M. Sloman: A Survey of Trust in Internet Applications. IEEE Communications Surveys and Tutorials 4(4), 2000.
  12. 12.
    Gagnon, E.: SableCC: An Object-Oriented Compiler Framework. MSc. Thesis (1998). McGill University, Montreal, Canada.Google Scholar
  13. 13.
    Jøsang, A.: Artificial Reasoning with Subjective Logic. 2nd Australian Workshop on Commonsense Reasoning (1997).
  14. 14.
    Jøsang, A.: Prospectives for Modelling Trust in Information Security. Australasian Conference on Information Security and Privacy (1997).
  15. 15.
    Jøsang, A.: A subjective metric of authentication. 5th European Symposium on Research in Computer Security (1998).
  16. 16.
    Jøsang, A.: The right type of trust for distributed systems. ACM New Security Paradigms Workshop (1996).
  17. 17.
    Jones, A. J. I. and B. S. Firozabadi: On the characterisation of a Trusting agent — Aspects of a Formal Approach. Workshop on Deception, Trust and Fraud in Agent Societies (2000).Google Scholar
  18. 18.
    Rangan, P.V.: An Axiomatic Basis of Trust in Distributed Systems. Symposium on Security and Privacy (1988). Washington, DC. IEEE Computer Society Press.Google Scholar
  19. 19.
    IBM: IBM Trust Establishment Policy Language. Internet. Technical Report.
  20. 20.
    Chen, R. and W. Yeager: Poblano: A Distributed Trust Model for Peer-to-Peer Networks. Sun Microsystems Technical Report (2000).
  21. 21.
    Winsborough, W., K. Seamons and V. Jones: Automated Trust Negotiation: Managing Disclosure of Sensitive Credentials. Transarc White Paper (1999).Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Tyrone Grandison
    • 1
  • Morris Sloman
    • 1
  1. 1.Department of ComputingImperial College LondonLondonUK

Personalised recommendations