Trust: Benefits, Models, and Mechanisms

  • Vipin Swarup
  • Javier Thayer Fábrega
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1603)

Abstract

Trust provides many practical benefits in open distributed systems. It enables cooperation between pairs of entities, provides a safe and inexpensive basis for lowering access barriers to secured resources, and facilitates complex transactions among multiple entities. In this paper, we describe a wide range of notions and aspects of trust in open systems, with particular focus on trust between autonomous entities. We argue for computational models and mechanisms that enable trust between entities to be produced, manipulated and degraded and we summarize the state-of-the-art from this perspective.

Keywords

Mobile Agent Social Trust Trust Relationship Computer Security Access Barrier 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    M. Abadi, M. Burrows, B. Lampson, and G. Plotkin. A calculus for access control in distributed systems. A CM Transactions on Programming Languages and Systems, 15(4):706–734, October 1993.CrossRefGoogle Scholar
  2. [2]
    S. Berkovits, J. D. Guttman, and V. Swarup. Authentication for mobile agents. Lecture Notes in Computer Science 1419, Special issue on Mobile Agents and Security, 1998.Google Scholar
  3. [3]
    T. Beth, M. Borcherding, and B. Klein. Valuation of trust in open networks. In D. Gollman, editor, Proceedings of the European Symposium on Research in Computer Security (ESORICS), LNCS 875, pages 3–18. Springer Verlag, 1994.Google Scholar
  4. [4]
    A. Birrell, B. Lampson, R. Needham, and M. Shroeder. A global authentication service without global trust. In Proceedings of the IEEE Symposium on Security and Privacy, pages 223–230, 1986.Google Scholar
  5. [5]
    M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In Proceedings of the IEEE Symposium on Security and Privacy, pages 164–173, 1996.Google Scholar
  6. [6]
    B. Borcherding and M. Borcherding. Covered trust values in distributed systems. In Proceedings of the Working Conference on Multimedia and Communication Security, pages 24–31. Chapman & Hall, 1995.Google Scholar
  7. [7]
    Michael Burrows, Martin Abadi, and Roger Needham. A logic of authentication. Proceedings of the Royal Society, Series A, 426(1871):233–271, December 1989. Also appeared as SRC Research Report 39 and, in a shortened form, in ACM Transactions on Computer Systems 8, 1 (February 1990), 18–36.MATHMathSciNetGoogle Scholar
  8. [8]
    G. Edjlali, A. Acharya, and V. Chaudhary. History-based access control for mobile code. In Proceedings of the ACM Conference on Computer and Communications Security, 1998.Google Scholar
  9. [9]
    C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. M. Thomas, and T. Ylonen. Simple public key certificate. Internet Draft (Work in Progress), November 1998.Google Scholar
  10. [10]
    C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. M. Thomas, and T. Ylonen. SPKI certificate theory. Internet Draft (Work in Progress), November 1998.Google Scholar
  11. [11]
    D. Farmer and W. Venema. SATAN Overview, 1995. http://www.fish.com/.
  12. [12]
    W. M. Farmer, J. D. Guttman, and V. Swarup. Security for mobile agents: Authentication and state appraisal. In Proceedings of the European Symposium on Research in Computer Security (ESORICS), LNCS 1146, pages 118–130, 1996.Google Scholar
  13. [13]
    F. Fukuyama. Trust: The Social Virtues and the Creation of Prosperity. Free Press, June 1996.Google Scholar
  14. [14]
    S. Garfinkel. PGP: Pretty Good Privacy. O’Reilly and Associates, 1994.Google Scholar
  15. [15]
    E. Gerck. Towards a real-world model of trust: reliance on received information. MCG, 1998. http://www.mcg.org.br/trustdef.htm.
  16. [16]
    J. D. Guttman. Filtering postures: Local enforcement for global policies. In Proceedings of the IEEE Symposium on Security and Privacy, 1997.Google Scholar
  17. [17]
    A. Josang. A model for trust in security systems. In Proceedings of the Second Nordic Workshop on Secure Computer Systems, 1997.Google Scholar
  18. [18]
    R. M. Kramer and T. R. Tyler, editors. Trust in Organizations: Frontiers of Theory and Research. Sage Publications, February 1996.Google Scholar
  19. [19]
    B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10(4):265–310, November 1992.CrossRefGoogle Scholar
  20. [20]
    R. Levien and A. Aiken. Attack-resistant trust metrics for public key certification. In Proceedings of the 7th USENIX Security Symposium, 1998.Google Scholar
  21. [21]
    S.P. Marsh. Formalising Trust as a Computational Concept. PhD thesis, Department of Computer Science and Mathematics, University of Sterling, April 1994.Google Scholar
  22. [22]
    U. Maurer. Modeling a public-key infrastructure. In Proceedings of the European Symposium on Research in Computer Security (ESORICS), LNCS 1146, pages 118–130. Springer Verlag, 1996.Google Scholar
  23. [23]
    D.H. McKnight and N.L. Chervany. The meanings of trust. Working paper, Carlson School of Management, University of Minnesota, 1996. http://www.misrc.umn.edu/wpaper/wp96-04.htm.
  24. [24]
    B. A. Misztal. Trust in Modern Societies: The Search for the Bases of Social Order. Polity Press, December 1995.Google Scholar
  25. [25]
    P. Venkat Rangan. An axiomatic basis of trust in distributed systems. In Proceedings of the IEEE Symposium on Security and Privacy, pages 204–210, 1988.Google Scholar
  26. [26]
    J.M. Reagle. Trust in a cryptographic economy and digital security deposits: Protocols and policies. Master’s thesis, Technology and Policy Program, Massachusetts Institute of Technology, May 1996.Google Scholar
  27. [27]
    J.M. Reagle. Trust in electronic markets: The convergence of cryptographers and economists. First Monday, 1(2), August 1996. http://www.firstmonday.dk/issues/issue2/markets/index.html.
  28. [28]
    M. K. Reiter and S. G. Stubblebine. Path independence for authentication in large-scale systems. In Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 57–66, 1997.Google Scholar
  29. [29]
    M. K. Reiter and S. G. Stubblebine. Toward acceptable metrics of authentication. In Proceedings of the IEEE Symposium on Security and Privacy, pages 3–18, 1997.Google Scholar
  30. [30]
    T. Sander and C. Tschudin. Towards mobile cryptography. In Proceedings of the IEEE Symposium on Security and Privacy, 1998.Google Scholar
  31. [31]
    A. Tarah and C. Huitema. Associating metrics to certification paths. In Proceedings of the European Symposium on Research in Computer Security (ESORICS), LNCS 648, pages 175–189. Springer Verlag, 1992.Google Scholar
  32. [32]
    Bernard Williams. Formal structures and social reality. In D. Gambetta, editor, Trust: Making and Breaking Cooperative Relations, pages 3–13. Basil Blackwell, 1988.Google Scholar
  33. [33]
    R. Yahalom, B. Klein, and Th. Beth. Trust relationships in secure systems-a distributed authentication perspective. In Proceedings of the IEEE Symposium on Security and Privacy, 1993.Google Scholar
  34. [34]
    R. Yahalom, B. Klein, and Th. Beth. Trust-based navigation in distributed systems. Computing Systems, 7(1):45–73, 1994.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Vipin Swarup
    • 1
  • Javier Thayer Fábrega
    • 1
  1. 1.The MITRE CorporationBedfordUSA

Personalised recommendations