Trust Management in Monitoring Financial Critical Information Infrastructures

  • Giorgia Lodi
  • Roberto Baldoni
  • Hisain Elshaafi
  • Barry P. Mulcahy
  • György Csertán
  • László Gönczy
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 45)


The success of Internet-based attacks and frauds targeting financial institutions highlights their inadequacy when facing such threats in isolation. Financial players need to coordinate their efforts by sharing and correlating suspicious activities occurring at multiple, geographically distributed sites. CoMiFin, an European project, is developing a collaborative security framework, on top of the Internet, centered on the Semantic Room abstraction. This abstraction allows financial institutions to share and process high volumes of events concerning massive threats (e.g., Distributed Denial of Service) in a private and secure way. Due to the sensitive nature of the information flowing in Semantic Rooms, and the privacy and security requirements then required, mechanisms ensuring mutual trust among Semantic Room members (potentially competitive financial players) must be provided. This paper focuses on the design and preliminary implementation of a trust management architecture that can be configured with trust and reputation policies and deployed in Semantic Rooms.


Financial critical infrastructures collaborative environment trust reputation monitoring trust metrics 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer Worm. IEEE Security and Privacy 1, 33–39 (2003)CrossRefGoogle Scholar
  2. 2.
  3. 3.
    DDoS: Update: Credit card firm hit by DDoS attack,,10801,96099,00.html (2010)
  4. 4.
    Fraud: FBI investigates 9 Million ATM scam (2009),
  5. 5.
    Locasto, M.E., Parekh, J.J., Keromytis, A.D., Stolfo, S.J.: Towards collaborative security and p2p intrusion detection. In: IEEE Workshop on Information Assurance and Security. United States Military Academy, West Point (2005)Google Scholar
  6. 6.
    Staniford, S., Hoagland, J.A., McAlerney, J.M.: Practical automated detection of stealthy portscans. Journal of Computer Security 10, 105–136 (2002)CrossRefGoogle Scholar
  7. 7.
    Zhou, C.V., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Computer and Security 29, 124–140 (2010)CrossRefGoogle Scholar
  8. 8.
    CoMiFin: CoMiFin - Communication Middleware for Monitoring Financial Critical Infrastructures (2010),
  9. 9.
    Krügel, C., Toth, T., Kerer, C.: Decentralized event correlation for intrusion detection. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 114–131. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Xie, Y., Sekar, V., Reiter, M.K., Zhang, H.: Forensic analysis for epidemic attacks in federated networks. In: ICNP, pp. 43–53 (2006)Google Scholar
  11. 11.
    Cachin, C., Keidar, I., Shraer, A.: Trusting the cloud. SIGACT News 40, 81–86 (2009)CrossRefGoogle Scholar
  12. 12.
    Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: Above the clouds: A berkeley view of cloud computing. Technical report, University of California, Berkeley (2009)Google Scholar
  13. 13.
    Kamvar, S.D., Schlosser, M.T., Garcia-Molina, H.: The eigentrust algorithm for reputation management in p2p networks. In: WWW 2003: Proceedings of the 12th international conference on World Wide Web, pp. 640–651. ACM, New York (2003)Google Scholar
  14. 14.
    Sun, L., Jiao, L., Wang, Y., Cheng, S., Wang, W.: An adaptive group-based reputation system in peer-to-peer networks. In: Deng, X., Ye, Y. (eds.) WINE 2005. LNCS, vol. 3828, pp. 651–659. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Huynh, T.D., Jennings, N.R., Shadbolt, N.R.: An integrated trust and reputation model for open multi-agent systems. Autonomous Agents and Multi-Agent Systems 13, 119–154 (2006)CrossRefGoogle Scholar
  16. 16.
    Gupta, M., Judge, P., Ammar, M.: A reputation system for peer-to-peer networks. In: NOSSDAV 2003: Proceedings of the 13th international workshop on Network and operating systems support for digital audio and video, pp. 144–152. ACM, New York (2003)Google Scholar
  17. 17.
    Zhu, Y., Shen, H.: Trustcode: P2p reputation-based trust management using network coding. In: Sadayappan, P., Parashar, M., Badrinath, R., Prasanna, V.K. (eds.) HiPC 2008. LNCS, vol. 5374, pp. 378–389. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Bachrach, Y., Parnes, A., Procaccia, A.D., Rosenschein, J.S.: Gossip-based aggregation of trust in decentralized reputation systems. Autonomous Agents and Multi-Agent Systems 19, 153–172 (2009)CrossRefGoogle Scholar
  19. 19.
    Nagios: Nagios (2010),
  20. 20.
    Tivoli: IBM Tivoli Monitoring (2010),
  21. 21.
    Baldoni, R., Doria, L., Lodi, G., Querzoni, L.: Managing reputation in contract-based distributed systems. In: OTM Conferences (1), pp. 760–772 (2009)Google Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2010

Authors and Affiliations

  • Giorgia Lodi
    • 1
  • Roberto Baldoni
    • 1
  • Hisain Elshaafi
    • 2
  • Barry P. Mulcahy
    • 2
  • György Csertán
    • 3
  • László Gönczy
    • 3
  1. 1.University of Rome La SapienzaItaly
  2. 2.Waterford Institute of TechnologyIreland
  3. 3.OptXware Research&Development LtdHungary

Personalised recommendations