Trust Management in Monitoring Financial Critical Information Infrastructures
The success of Internet-based attacks and frauds targeting financial institutions highlights their inadequacy when facing such threats in isolation. Financial players need to coordinate their efforts by sharing and correlating suspicious activities occurring at multiple, geographically distributed sites. CoMiFin, an European project, is developing a collaborative security framework, on top of the Internet, centered on the Semantic Room abstraction. This abstraction allows financial institutions to share and process high volumes of events concerning massive threats (e.g., Distributed Denial of Service) in a private and secure way. Due to the sensitive nature of the information flowing in Semantic Rooms, and the privacy and security requirements then required, mechanisms ensuring mutual trust among Semantic Room members (potentially competitive financial players) must be provided. This paper focuses on the design and preliminary implementation of a trust management architecture that can be configured with trust and reputation policies and deployed in Semantic Rooms.
KeywordsFinancial critical infrastructures collaborative environment trust reputation monitoring trust metrics
Unable to display preview. Download preview PDF.
- 2.DDoS: National Australia Bank it by DDoS attack, http://www.zdnet.com.au/news/security/soa/National-Australia-Bank-hit-by-DDoS-attack/0,130061744,339271790,00.htm (2010)
- 3.DDoS: Update: Credit card firm hit by DDoS attack, http://www.computerworld.com/securitytopics/security/story/0,10801,96099,00.html (2010)
- 4.Fraud: FBI investigates 9 Million ATM scam (2009), http://www.myfoxny.com/dpp/news/090202_FBI_Investigates_9_Million_ATM_Scam
- 5.Locasto, M.E., Parekh, J.J., Keromytis, A.D., Stolfo, S.J.: Towards collaborative security and p2p intrusion detection. In: IEEE Workshop on Information Assurance and Security. United States Military Academy, West Point (2005)Google Scholar
- 8.CoMiFin: CoMiFin - Communication Middleware for Monitoring Financial Critical Infrastructures (2010), http://www.comifin.eu
- 10.Xie, Y., Sekar, V., Reiter, M.K., Zhang, H.: Forensic analysis for epidemic attacks in federated networks. In: ICNP, pp. 43–53 (2006)Google Scholar
- 12.Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: Above the clouds: A berkeley view of cloud computing. Technical report, University of California, Berkeley (2009)Google Scholar
- 13.Kamvar, S.D., Schlosser, M.T., Garcia-Molina, H.: The eigentrust algorithm for reputation management in p2p networks. In: WWW 2003: Proceedings of the 12th international conference on World Wide Web, pp. 640–651. ACM, New York (2003)Google Scholar
- 16.Gupta, M., Judge, P., Ammar, M.: A reputation system for peer-to-peer networks. In: NOSSDAV 2003: Proceedings of the 13th international workshop on Network and operating systems support for digital audio and video, pp. 144–152. ACM, New York (2003)Google Scholar
- 19.Nagios: Nagios (2010), http://www.nagios.org
- 20.Tivoli: IBM Tivoli Monitoring (2010), http://www-01.ibm.com/software/tivoli/products/monitor/
- 21.Baldoni, R., Doria, L., Lodi, G., Querzoni, L.: Managing reputation in contract-based distributed systems. In: OTM Conferences (1), pp. 760–772 (2009)Google Scholar