Tatyana Ryutov
USC Information Sciences Institute
http://www.isi.edu/~tryutov
Tatyana Ryutov
USC Information Sciences Institute
http://www.isi.edu/~tryutov
Thursday, October 6, 2005
2:00 pm PDT
11th Floor Conference Room (1137)
Trust based security for collaborative and loosely
managed environments
Traditionally, security for stand-alone computers and small scale networks is accomplished by the means of authentication and identity based access controls. These mechanisms are inadequate for the increased flexibility required by open distributed environments, such as P2P, grids, virtual organizations, coalitions, e-commerce, etc.
In such environments management of security is complicated by lack of face-to-face communication, lack of a single authority from which policies originate, and often insufficient information about participants. Another concern is the need to understand and support the competitive or even adversarial interactions that are characteristic to e-business and inter-organizational interactions in general.
We suggest enhancing security by the addition of trust. In this talk, we consider three trust based approaches that provide effective security for collaborative and loosely managed environments.
Initial Trust Formation framework supports on-demand creation of trust relationships (or agreements) within the context of cross-institutional virtual organizations (VOs). The framework serves as a foundation for implementing an automated system that facilitates the establishment of VO agreements, considerably reduces the effort for setting up a VO and consequently reduces the VO's time for operation. The framework captures the relationship between the initial participants' behaviors, expectations, obligations and agreements, making sure that in implementing a system, one does not overlook the important aspects of the agreement structure and negotiation.
Adaptive Trust Negotiation and Access Control framework addresses the problem
of access control in open systems where requesters and providers reside in different
security domains. The framework allows us to detect and thwart certain attacks
on electronic transactions, adapt information disclosure and security policies
according to a suspicion level associated with the requester,
and to support cost effective trust negotiation.
Automated Defense Validation and Dissemination architecture deploys policy-based vulnerability mitigation prescription management across control points within an administrative domain. The architecture protects the loosely managed end systems by propagating defensive capabilities automatically while ensuring that the deployment of the defenses does not itself create vulnerabilities for a system. The system supports correlation of prescribed activities from multiple sources based on trust and local policy.