An Approach to Trust Management Challenges for Critical Infrastructures

  • Ioanna Dionysiou
  • Deborah Frincke
  • David Bakken
  • Carl Hauser
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5141)


The diversity of the kinds of interactions between principals in distributed computing systems, especially critical infrastructures, has expanded rapidly in recent years. However, the state of the art in trust management is not yet sufficient to support this diversity of interactions. This paper presents a rationale and design for much richer trust management than is possible today. It presents a set of requirements for more generalized trust management and an analysis of their necessity. A new trust management framework is presented that supports dynamic and composable trust.


trust management dynamic trust composable trust 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Vacca, J.: Public Key Infrastructure: Building Trusted Applications and Web Services. AUERBACH (2004)Google Scholar
  2. 2.
    Selection, P.F.I.C.: W3C (2005),
  3. 3.
    Winslett, M., Yu, T., Seamons, K., Hess, A., Jacobson, J., Jarvis, R., Smith, B., Yu, L.: The trustbuilder architecture for trust negotiation. IEEE Internet Computing 6, 30–37 (2002)CrossRefGoogle Scholar
  4. 4.
    Herzberg, A., Mass, Y., Michaeli, J., Ravid, Y., Naor, D.: Access control meets public key infrastructure, or: Assigning roles to strangers. In: SP 2000: Proceedings of the 2000 IEEE Symposium on Security and Privacy, p. 2. IEEE Computer Society, Washington (2000)CrossRefGoogle Scholar
  5. 5.
    Group, T.C.: TCG Specification Architecture Overview. In: TCG (2004)Google Scholar
  6. 6.
    Grandison, T.: Trust specification and analysis for internet applications. Technical report, Ph.D. Thesis, Imperial College of Science Technology and Medicine, Department of Computing, London (2001)Google Scholar
  7. 7.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: SP 1996: Proceedings of the 1996 IEEE Symposium on Security and Privacy, p. 164. IEEE Computer Society, Los Alamitos (1996)CrossRefGoogle Scholar
  8. 8.
    Chu, Y.H., Feigenbaum, J., LaMacchia, B., Resnick, P., Strauss, M.: Referee: trust management for web applications. Comput. Netw. ISDN Syst. 29, 953–964 (1997)CrossRefGoogle Scholar
  9. 9.
    Sun Microsystems: Poblano: A Distributed Trust Model for Peer-to-Peer Networks (2000)Google Scholar
  10. 10.
    Blaze, M., Feigenbaum, J., Keromytis, A.D.: Keynote: Trust management for public key infrastructures. In: Proceedings of the 6th International Workshop on Security Protocols, Cambridge, UK (1998)Google Scholar
  11. 11.
    Zimmermann, P.R.: The official PGP User’s Guide. MIT Press, Cambridge (1995)Google Scholar
  12. 12.
    DHS: Protected critical infrastructure information (pcii) program (2006),
  13. 13.
    Force, U.C.P.S.O.T.: Final report on the August 14, 2003 Blackout in the United States and Canada: Causes and RecommendationsÊ (2004)Google Scholar
  14. 14.
    CSI/FBI: Computer Crime and Security Survey (2005)Google Scholar
  15. 15.
    Hauser, C.H., Bakken, D.E., Dionysiou, I., Gjermundrod, K.H., Irava, V.S., Helkey, J., Bose, A.: Security, trust and qos in next-generation control and communication for large power systems. International Journal of Critical Infrastructures (2007)Google Scholar
  16. 16.
    UofS, QinetiQ: Trust issues in pervasive environments. Technical report, University of Southampton and QinetiQ (2003)Google Scholar
  17. 17.
    Grandison, T., Sloman, M.: A survey of trust in internet applications. IEEE Communications Surveys and Tutorials 3, 2–16 (2000)CrossRefGoogle Scholar
  18. 18.
    Dionysiou, I.: Dynamic and Composable Trust for Indirect Interactions, Ph.D. Thesis. Department of Electrical Engineering and Computer Science, Washington State University (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Ioanna Dionysiou
    • 1
  • Deborah Frincke
    • 2
  • David Bakken
    • 3
  • Carl Hauser
    • 3
  1. 1.School of SciencesUniversity of NicosiaNicosiaCyprus
  2. 2.CyberSecurity Group, Pacific Northwest National LaboratoryRichlandUSA
  3. 3.School of Electrical Engineering and Computer ScienceWashington State UniversityPullmanUSA

Personalised recommendations