Contenu connexe Similaire à Alan hartman trust measurement and management - seserv se workshop june 2012 Similaire à Alan hartman trust measurement and management - seserv se workshop june 2012 (20) Alan hartman trust measurement and management - seserv se workshop june 20121. © 2009 IBM Corporation
Trust Measurement and Management
Alan Hartman – IBM Haifa Research Lab
20 June 2012
Open Research Issues
2. © 2009 IBM Corporation
Agenda
Motivation
Defining Trust
Relationship between Risk and Trust
Basic Trust Management Scenario
More Complex Scenarios
2
3. © 2009 IBM Corporation
3
Why measure and manage trust?
Distrust and caution are the parents of security. - Benjamin
Franklin
The trust of the innocent is the liar’s most useful tool. -
Stephen King
Trust, but verify. – Ronald Reagan
4. © 2009 IBM Corporation
Definition of trust
Trust is: An expectation about a future behaviour of
another person … depending on the degree of trust
and the extent of the associated risk (Kasselbaum
Ph. D. Thesis in Sociology)
Trust is: A function with three parameters:
–Trust(Trustee, Trustor, ActivityOutcome), whose
value is the probability (degree of trust) that
Trustor believes that Trustee will produce
ActivityOutcome in the future
4
5. © 2009 IBM Corporation
Relationship between trust and risk
Rational behavior: If the payoff is positive, then take the
risk
Also rational: If the worst case is too awful, don’t take the
risk
5
Working Hypothesis: A decision (by the Trustor) on whether to offer
the Trustee the opportunity to participate in an Activity with the
Trustor is based on both Trust and Risk
Payoff is: a measure of the expected utility to the
Trustor associated with all possible outcomes of an
activity.
Payoff(Trustor, Activity) = sum over all Outcomes
(Trust( Trustee, Trustor, ActivityOutcome ) * Value(Outcome))
6. © 2009 IBM Corporation
Academic Interest in Trust
Sociology
–Who trusts the Internet?
–What are the factors that influence a person to trust
interactions in cyberspace?
Economics
–What motivates trust and cooperation?
–What reputation and incentive mechanisms to promote
trust?
Management
–Creating and maintaining trust – as part of leadership
Computer Science
–Creating trust in computing infrastructure and services
6
7. © 2009 IBM Corporation
Basic Trust Management Scenario
7
1. Build Trust
2. Shake Trust
3. Restore Trust
8. © 2009 IBM Corporation
Building Trust
8
Trustor A trusts Trustee B to produce Outcome C with confidence level P0
9. © 2009 IBM Corporation
ShakingTrust
An Event E occurs which
causes P0 to decrease to P'
which is below the threshold
Pt determined by Trustee B
9
10. © 2009 IBM Corporation
Trust Restoration
Trustee B takes mitigation
action M and measures new
trust level P ''
10
11. © 2009 IBM Corporation
Basic Scenario For Trust Management
1) Initial condition: Trustor A trusts Trustee B to
produce outcome C with confidence level P0
2) Either an Event E occurs which causes P0 to
decrease to P' which is below the threshold Pt
determined by Trustee B Or P0 < Pt in the first
place
3) Loop on i:
I. B takes mitigation action Mi and measures
confidence level Pi (Assume Mi are ordered
in decreasing order of cost effectiveness)
II. Until Pi >= Pt, or no cost effective mitigation
actions remain in the arsenal of B
12. © 2009 IBM Corporation
Research Challenges for Trust Management
• How to measure P for a given A, B, and C
• How to determine an appropriate threshold Pt for a
given A, B, C
• What are appropriate mitigation actions Mi for a
given A, B, C, E
• How to detect and report trust breach events E
• How to measure cost effectiveness of Mi
• When to give up – i.e. what is the law of
diminishing returns in the context of A, B, C, E,
and P0, P1, P2, ...Pi
13. © 2009 IBM Corporation
Measuring Trustworthiness of ICT Systems
Quantifying Trustworthiness
Using Quantifiable Properties*
Dependability
Security
Performability
13 *University of Kansas, Resilinets Wiki
14. © 2009 IBM Corporation
Measuring Trustworthiness of Individuals or
Organizations
14
Quantifiable Properties
Trustworthy actions
Observed
Reported by trusted source
Evidence
Trustworthy reputation
Reputation measure
Trusted reputation system
Membership of trusted organization
Trusted guarantor
15. © 2009 IBM Corporation
Mutual trust scenario
Alice trusts BigBank to maintain the integrity of
her credit card with P=99%
BigBank trusts Alice to be honest with it with
Q=95%
E is an unauthorized credit card transaction
from Alice's account – reported to BigBank by
Alice (P'=85%, Q'=75%)
What actions should Alice and BigBank take to
rebuild mutual trust?
What is the protocol for mutual trust
negotiation?
16. © 2009 IBM Corporation
B2B trust scenario
OmahaInsurance is negotiating with IBM to
outsource their health insurance claims
processing
Trust is held between IBM and Omaha and
also between Omaha and its customers
Event = break in to IBM office in Bangalore
Action C is contract negotiation between IBM
and Omaha
17. © 2009 IBM Corporation
Trust me, I’m a doctor
18
Notes de l'éditeur We want to be secure and not the dupe of liars and dissemblersTrust is essential for many aspects of society, not just business A joke in search of a punch line:What is the difference between a sociologist and a mathematician? Value = the value to the trustor of the particular OutcomePayoff = expected value to the trustor over the long term with repeated occurrences of the ActivityRationality = average case behaviourBUT if the worst case causes catastrophic consequences (with very low probability), then risk averse players will not take it, even if the expected value over the long term is positive Trying to add my input as a mathematician Dependability is that property of a computer system such that reliance can justifiably be placed on the service it delivers. It generally includes the notions of availability (ability to use a system or service) and reliability (continuous operation of a system or service), as well as integrity, maintainability, and safety. Security is the property of a system and measures taken such that it protects itself from unauthorised access or change, subject to policy. Security properties include AAA (auditability, authorisability, authenticity), confidentiality, and nonrepudiation. Security shares with dependability the properties of availability and integrity. Performability is that property of a computer system such that it delivers performance required by the service, as described by QoS (quality of service) measures.