• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 33
  • 2
  • 2
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • Tagged with
  • 56
  • 56
  • 22
  • 15
  • 12
  • 11
  • 11
  • 10
  • 10
  • 9
  • 9
  • 9
  • 9
  • 8
  • 8
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
31

A privacy-preserving reputation scheme for trust management on VANETs applications / Um esquema de reputação preservando a privacidade para o gerenciamento de confiança em aplicações VANETs

Luz Marina Santos Jaimes 10 August 2017 (has links)
Vehicles will use pseudonyms instead of relying on long-term certificates to provide security and privacy. Pseudonyms are short-term public key certificates that do not contain identity-linking information about the vehicle. However, there is a constant risk that authorised vehicles may send fake messages or behave selfishly, and this can affect the performance of the Vehicular Ad hoc NETwork (VANET). In this context, trust management is another important component of security services in VANETs, which provides a unified system for establishing a relationship between the nodes and helps by keeping record of the behaviour of the vehicles. Nevertheless, it is a challenging task to monitor the evolving pattern of the vehicular behaviour, since communication between the vehicles is anonymous. It is not easy to find a balanced solution that meets the requirements of security, privacy, and trust management in VANET. In view of this, we put forward a Preserving-Privacy Reputation Scheme (PPRS) applied to VANETs, in which a reputation server through a Roadside Unit receives feedback about the behaviour of the vehicles. The server updates and certifies the reputation of the vehicles by matching their anonymous identities with their real ones. Our scheme introduces geographical areas of security, in which the security of an area can be adapted to higher or lower levels depending on the reputation of the vehicles. In addition, complex reputation is examined, in which the reputation of a vehicle is linked to several behavioural factors. A further key area that is explored is the performance evaluation of PPRS which is conducted through a set of simulations in a grid scenario, based on an opportunistic message forwarding application. The results showed the effectiveness of PPRS in terms of assessing the behaviour of the vehicles and taking measures against the misbehaving vehicles. We used SUMO to simulate the mobility model; OMNET++ and Veins supported the simulation of the network model. In addition, Crypto++ was used to implement the elliptical curve cryptographic functions of signature and verification of messages, as recommended by the security standards. Finally, we employ a pseudonym changing strategy in which the reputation is discretised at two levels of reputation. The strategy was implemented in a realistic traffic simulation scenario, and was compared with the so called status and synchronous strategies through a serie of simulations. The results showed that the number of pseudonyms used in our strategy is lower than the strategies mentioned above, and maintains the rate of success of changing pseudonym achieved by the synchronous strategy. / Os veículos usarão pseudônimos em vez de certificados de longo prazo para fornecer segurança e privacidade. Os pseudônimos são certificados de chaves públicas de curto prazo que não contêm informação da identidade do veículo. No entanto, existe risco que veículos autorizados possam enviar mensagens falsas ou se comportar de maneira egoísta, e isso pode afetar o desempenho das redes veiculares (VANETs). Nesse contexto, o gerenciamento de confiança é um importante serviço de segurança nas VANETs, o qual fornece um sistema unificado para estabelecer relações entre os nós e ajuda a manter um registro do comportamento dos veículos. No entanto, é uma tarefa desafiante monitorar o padrão evolutivo do comportamento veicular, já que a comunicação entre os veículos é anônima. Não é uma tarefa fácil encontrar uma solução equilibrada que atenda aos requisitos de segurança, privacidade e gerenciamento de confiança em VANET. Em vista disso, apresentamos um Esquema de Reputação Preservando a Privacidade (ERPP) aplicado a VANETs, no qual um servidor de reputação através de uma unidade de acostamento recebe avaliações sobre o comportamento dos veículos. O servidor atualiza e certifica a reputação dos veículos relacionando seus identidades anônimas com as reais. ERPP introduz áreas geográficas de segurança, na qual a segurança de uma área pode ser adaptada a níveis mais elevados ou mais baixos dependendo da reputação dos veículos. Além, uma reputação complexa é examinada, na qual a reputação de um veículo está vinculada a vários fatores do comportamento. Uma outra área que é explorada é a avaliação de desempenho do ERPP o qual é conduzida através de simulações em um cenário urbano, com base na aplicação de encaminhamento oportunista de mensagens. Os resultados mostraram a eficácia do ERPP em termos de avaliar o comportamento dos veículos e tomar medidas contra os veículos mal comportados. Utilizamos SUMO para simular o modelo de mobilidade; OMNET++ e Veins suportaram o modelo de red; and Crypto++ foi usado para implementar as funções criptográficas de curvas elípticas de assinatura e verificação de mensagens como recomendam os padrões de segurança. Finalmente, empregamos uma estratégia de mudança de pseudônimo na qual a reputação é discretizada em dois níveis de reputação. A estratégia foi implementada em um cenário de simulação de tráfego realista e foi comparada com as estratégias nomeadas de estado e síncrona mediante simulações. Os resultados mostraram que o número de pseudônimos utilizados em nossa estratégia é menor que os esquemas mencionados, e mantém a taxa de sucesso de mudança de pseudônimo alcançada pela estratégia síncrona.
32

Secured trust and reputation system : analysis of malicious behaviors and optimization / Gestion de la confiance et de la réputation sécurisée : analyse des attaques possibles et optimisation

Bradai, Amira 29 September 2014 (has links)
Les mécanismes de réputation offrent un moyen nouveau et efficace pour assurer le niveau nécessaire de confiance qui est indispensable au bon fonctionnement de tout système critique. Ce fonctionnement consiste à collecter les informations sur l’historique des participants et rendent public leur réputation. Le système guide les décisions en tenant compte de ces informations et ainsi faire des choix plussécurisés. Des mécanismes de réputation en ligne sont présents dans la plupart des sites e-commerce disponibles aujourd’hui. Les systèmes existants ont été conçus avec l’hypothèse que les utilisateurs partagent les informations honnêtement. Mais, beaucoup de systèmes de réputation sont en général un sujet d’attaque par les utilisateurs malveillants. L’attaque peut affecter la coopération, l’agrégation et l’´évaluation. Certains utilisateurs veulent utiliser les ressources du réseau, mais ne veulent pas contribuer en retour. Autres manipulent les évaluations de la confiance et donnent une mauvaise estimation. Nous avons vu récemment de plus en plus que ça devient évident que certains utilisateurs manipulent stratégiquement leurs évaluations et se comportent d’une façon malhonnête. Pour une protection adéquate contre ces utilisateurs, un système sécurisé pour la gestion de la réputation est nécessaire. Dans notre système, une entité centrale existe et peut agréger les informations. Cependant, Les réseaux pair à pair n’ont pas de contrôle central ou un référentiel ce qui rend la tâche plus difficile. Ainsi, le système de gestion de la réputation doit effectuer toutes les tâches de manière distribuée. Lorsque ce genre des systèmes est mis en œuvre, les pairs essaient de plus en plus de manipuler les informations. Cette thèse décrit les moyens pour rendre les mécanismes de réputation plus sécurisé en analysant les risques et en fournissant un mécanisme de défense. Différents types de comportements malveillants existent et pour chacun d’eux, nous présentons une analyse complète, des simulations et un exemple d’utilisation réel / Reputation mechanisms offer a novel and effective way of ensuring the necessary level of trust which is essential to the functioning of any critical system. They collect information about the history (i.e., past transactions) of participants and make public their reputation. Prospective participants guide their decisions by considering reputation information, and thus make more informative choices. Online reputation mechanisms enjoy huge success. They are present in most e-commerce sites available today, and are seriously taken into consideration by human users. Existing reputation systems were conceived with the assumption that users will share feedback honestly. But, such systems like those in peer to peer are generally compromise of malicious users. This leads to the problem in cooperation, aggregation and evaluation. Some users want to use resources from network but do not want to contribute back to the network. Others manipulate the evaluations of trust and provide wrong estimation. We have recently seen increasing evidence that some users strategically manipulate their reports and behave maliciously. For proper protecting against those users, some kind of reputation management system is required. In some system, a trusted third entity exists and can aggregate the information. However, Peer-to-peer networks don’t have any central control or repository. Large size of distributed and hybrid networks makes the reputation management more challenging task. Hence reputation management system should perform all the tasks in distributed fashion. When these kinds of systems are implemented, peers try to deceive them to take maximum advantage. This thesis describes ways of making reputation mechanisms more trustworthy and optimized by providing defense mechanism and analysis. Different kinds of malicious behaviors exist and for each one, we present a complete analysis, simulation and a real use case example in distributed and non-distributed way
33

Friendship based trust model to secure routing protocols in mobile Ad Hoc networks

Shabut, Antesar R.M., Dahal, Keshav P., Awan, Irfan U. January 2014 (has links)
No / Trust management in mobile ad hoc networks (MANETs) has become a significant issue in securing routing protocols to choose reliable and trusted paths. Trust is used to cope with defection problems of nodes and stimulate them to cooperate. However, trust is a highly complex concept because of the subjective nature of trustworthiness, and has several social properties, due to its social origins. In this paper, a friendship-based trust model is proposed for MANETs to secure routing protocol from source to destination, in which multiple social degrees of friendships are introduced to represent the degree of nodes' trustworthiness. The model considers the behaviour of nodes as a human pattern to reflect the complexity of trust subjectivity and different views. More importantly, the model considers the dynamic differentiation of friendship degree over time, and utilises both direct and indirect friendship-based trust information. The model overcomes the limitation of neglecting the social behaviours of nodes when evaluating trustworthiness. The empirical analysis shows the greater robustness and accuracy of the trust model in a dynamic MANET environment.
34

Trust Management for P2P application in Delay Tolerant Mobile Ad-hoc Networks. An Investigation into the development of a Trust Management Framework for Peer to Peer File Sharing Applications in Delay Tolerant Disconnected Mobile Ad-hoc Networks.

Qureshi, Basit I. January 2011 (has links)
Security is essential to communication between entities in the internet. Delay tolerant and disconnected Mobile Ad Hoc Networks (MANET) are a class of networks characterized by high end-to-end path latency and frequent end-to-end disconnections and are often termed as challenged networks. In these networks nodes are sparsely populated and without the existence of a central server, acquiring global information is difficult and impractical if not impossible and therefore traditional security schemes proposed for MANETs cannot be applied. This thesis reports trust management schemes for peer to peer (P2P) application in delay tolerant disconnected MANETs. Properties of a profile based file sharing application are analyzed and a framework for structured P2P overlay over delay tolerant disconnected MANETs is proposed. The framework is implemented and tested on J2ME based smart phones using Bluetooth communication protocol. A light weight Content Driven Data Propagation Protocol (CDDPP) for content based data delivery in MANETs is presented. The CDDPP implements a user profile based content driven P2P file sharing application in disconnected MANETs. The CDDPP protocol is further enhanced by proposing an adaptive opportunistic multihop content based routing protocol (ORP). ORP protocol considers the store-carry-forward paradigm for multi-hop packet delivery in delay tolerant MANETs and allows multi-casting to selected number of nodes. Performance of ORP is compared with a similar autonomous gossiping (A/G) protocol using simulations. This work also presents a framework for trust management based on dynamicity aware graph re-labelling system (DA-GRS) for trust management in mobile P2P applications. The DA-GRS uses a distributed algorithm to identify trustworthy nodes and generate trustable groups while isolating misleading or untrustworthy nodes. Several simulations in various environment settings show the effectiveness of the proposed framework in creating trust based communities. This work also extends the FIRE distributed trust model for MANET applications by incorporating witness based interactions for acquiring trust ratings. A witness graph building mechanism in FIRE+ is provided with several trust building policies to identify malicious nodes and detect collusive behaviour in nodes. This technique not only allows trust computation based on witness trust ratings but also provides protection against a collusion attack. Finally, M-trust, a light weight trust management scheme based on FIRE+ trust model is presented.
35

Trust Management for A Decentralized Service Exposure Marketplace

Beder, Ahmed Aly January 2020 (has links)
Enabling trust between entities to collaborate, without the necessity of a third-partymediator is a challenging problem. This problem is highlighted when the collaborationinvolves a complicated process, spans multiple systems, and encompasses a largenumber of entities. This is the case in a decentralized service exposure marketplace.In this work, we design and implement a Proof-Of-Concept (PoC) suite of servicesto enable a blockchain to become the anchor of trust for a decentralized serviceexposure marketplace. We first formalize the necessary requirements to enable trustbetween a consortium of entities hosting the marketplace. We then follow with athreat model against the identified requirement, highlighting misbehaviour from thedifferent entities. Finally, we propose a model, Trust Engine, which facilitates thetrust management process and mitigates the identified threats. We showcase a proofof-concept of our model, utilizing a combination of smart contracts (hyperledgerfabric), blockchain, and service mesh technology (Istio). The Trust Engine successfullyidentifies the misbehaviour, documents it in the blockchain, and enforces policesto remediate the misbehaviour. Furthermore, we examined each component in oursuggested system to identify the performance bottleneck. Lastly, we discuss thelimitations of our suggested model with regards to other service mesh deploymentmodels as well as potential future work and improvements. / Det är ett utmanande problem att möjliggöra förtroende mellan enheter för attsamarbeta, utan nödvändighet av en tredjepartsförmedlare. Detta problem belysesnär samarbetet innebär en komplicerad process, spänner över flera system ochomfattar ett stort antal enheter. Detta är fallet i en decentraliserad marknadsplatsför exponering av tjänster. I detta arbete designar och implementerar vi en PoCkollektionav tjänster för att möjliggöra en blockchain till att bli en förankring fören decentraliserad marknadsplats för serviceexponering. Vi formaliserar först denödvändiga kraven för att möjliggöra förtroende mellan ett konsortium av enhetersom är värd för marknadplatsen. Vi följer sedan med en hotmodell mot detidentifierade kravet, och belyser feluppförande från de olika enheterna. Slutligenföreslår vi en modell, Trust Engine, som underlättar förtroendeshanteringsprocessenoch mildrar de identifierade hoten. Vi presenterar ett konceptvalidering av vårmodell med en kombination av smarta kontrakt (hyperledger fabric), blockchain ochservicenätsteknologi (Istio). Trust Engine identifierar feluppförandet, dokumenterardet i blockkedjan och verkställer riktlinjer för att fixa feluppförandet. Vidareundersökte vi varje komponent i vårt föreslagna system för att identifiera flaskhalsenför prestanda. Slutligen diskuterar vi begränsningarna i vår föreslagna modell medavseende på andra modeller för distribution av servicenät samt potentiellt framtidaarbete och förbättringar.
36

從資訊技術服務管理基礎架構的觀點探討電子商務網站的信任管理程序-以某電子商務公司為例

賴居正 Unknown Date (has links)
台灣整體網路購物市場在2008年達到2430億新台幣的市場規模,但整體上而言,已獲利的業者仍未超過3成。從消費者的角度來看,5000多家的電子商店固然提供了更多的選擇,但是由於網際網路的匿名性,對於網路彼端看不到、摸不著的商家是否值得信任,往往是消費者決定是否進行購物行為的重要依據。 本研究探討資訊科技服務管理與網站信任管理之關係,以個案研究的方法進行研究,歸納出電子商務業者如何透過資訊科技服務管理的架構,達成管理消費者對電子商務網站信任的目標。 研究結果顯示,資訊科技服務管理架構的服務策略對於電子商務網站信任建立程序的企業層次信任有直接的影響,企業電子商務網站的服務策略初期與企業品牌越相關,越能加強消費者對網站之信任,且企業電子商務網站的服務策略中後期跨出企業原本產業,深化網站會員價值才能加強消費者對網站之信任;而資訊科技服務管理架構的服務設計、服務移轉與服務維運,則會影響電子商務網站信任建立程序的網站層次信任,其客服中心的設計能增加消費者的體驗信任,電子商務網站的交易安全性與系統穩定性,能維持消費者的信任,而電子商務網站危機處理流程的妥善與否,影響消費者的信任;最後,資訊科技服務管理架構的服務策略對於電子商務網站信任建立程序的認證信任方面,電子商務網站業者持續改善本身的服務,可透過第三公正單位的認證,在特定領域取得消費者的信任。
37

SAFE: A Declarative Trust-Agile System with Linked Credentials

Thummala, Vamsidhar January 2016 (has links)
<p>Secure Access For Everyone (SAFE), is an integrated system for managing trust</p><p>using a logic-based declarative language. Logical trust systems authorize each</p><p>request by constructing a proof from a context---a set of authenticated logic</p><p>statements representing credentials and policies issued by various principals</p><p>in a networked system. A key barrier to practical use of logical trust systems</p><p>is the problem of managing proof contexts: identifying, validating, and</p><p>assembling the credentials and policies that are relevant to each trust</p><p>decision. </p><p>SAFE addresses this challenge by (i) proposing a distributed authenticated data</p><p>repository for storing the credentials and policies; (ii) introducing a</p><p>programmable credential discovery and assembly layer that generates the</p><p>appropriate tailored context for a given request. The authenticated data</p><p>repository is built upon a scalable key-value store with its contents named by</p><p>secure identifiers and certified by the issuing principal. The SAFE language</p><p>provides scripting primitives to generate and organize logic sets representing</p><p>credentials and policies, materialize the logic sets as certificates, and link</p><p>them to reflect delegation patterns in the application. The authorizer fetches</p><p>the logic sets on demand, then validates and caches them locally for further</p><p>use. Upon each request, the authorizer constructs the tailored proof context</p><p>and provides it to the SAFE inference for certified validation.</p><p>Delegation-driven credential linking with certified data distribution provides</p><p>flexible and dynamic policy control enabling security and trust infrastructure</p><p>to be agile, while addressing the perennial problems related to today's</p><p>certificate infrastructure: automated credential discovery, scalable</p><p>revocation, and issuing credentials without relying on centralized authority.</p><p>We envision SAFE as a new foundation for building secure network systems. We</p><p>used SAFE to build secure services based on case studies drawn from practice:</p><p>(i) a secure name service resolver similar to DNS that resolves a name across</p><p>multi-domain federated systems; (ii) a secure proxy shim to delegate access</p><p>control decisions in a key-value store; (iii) an authorization module for a</p><p>networked infrastructure-as-a-service system with a federated trust structure</p><p>(NSF GENI initiative); and (iv) a secure cooperative data analytics service</p><p>that adheres to individual secrecy constraints while disclosing the data. We</p><p>present empirical evaluation based on these case studies and demonstrate that</p><p>SAFE supports a wide range of applications with low overhead.</p> / Dissertation
38

A trust framework for multi-organization environments / Un système de confiance pour les environnements multi-organisationnels

Toumi, Khalifa 01 April 2014 (has links)
De nos jours, la propagation rapide des technologies de communication, de stockage de données et des web services encouragent les entreprises à collaborer entre elles formant ainsi un environnement multi-organisationnels. Ces entreprises participent à cet environnement afin de profiter des opportunités offertes tels que: (1) la possibilité d'utilisation des ressources et des services externes et professionnels (2) la réduction du temps de production et (3) les bénéfices résultant des effets de synergie. Toutefois, cette collaboration n'est pas parfaite. Des nombreux problèmes peuvent apparaître tels que l'utilisation malveillante des ressources, la divulgation des données ou des services inadéquats. Par conséquent, la sécurité est une préoccupation importante des participants. Les principaux défis de sécurité pour un participant sont la gestion de la confiance et le contrôle d'accès. Dans cette thèse, nous avons abordé en particulier ces deux domaines et nous proposons une nouvelle approche de gestion de la confiance pour les systèmes mutli-organisationnels. Notre approche est divisée en quatre parties. Tout d'abord, nous avons défini un modèle de confiance basé sur la notion des vecteurs. Ces derniers sont composés d'un ensemble de paramètres qui permettent de fournir un degré de confiance sous certaines conditions. Dans notre approche, nous envisageons deux types de vecteurs. D'une part, un vecteur lié à une relation entre un utilisateur et une organisation et d'autre part un vecteur qui relie deux organisations. De plus, nous avons montré comment évaluer et partager ces vecteurs entre les organisations, et comment utiliser les informations évaluées pour améliorer la sécurité. Concernant notre deuxième contribution, nous avons intégré ce nouveau modèle de confiance dans le modèle de contrôle d'accès OrBAC (Organization Based Access Control). Cette intégration a donné naissance à notre modèle TRUST-OrBAC. En outre, nous avons appliqué cette solution à un cas d'étude de collaboration entre des entreprises. Troisièmement, nous avons proposé une nouvelle ontologie de confiance basée sur des concepts de contrôle d'accès. Cette ontologie sera utilisée pour partager les degrés de confiance entre les participants et pour définir l'équivalence entre leurs objectifs. Ainsi, comment définir cette relation de confiance, comment comprendre l'objectif de la confiance d'un demandeur, et comment évaluer la valeur de la recommandation sont toutes des problématiques auxquelles nous avons essayé de répondre dans le cadre de ce travail. Quatrièmement, nous avons amélioré notre travail par la conception d'une approche de test passif afin d'évaluer le comportement d'un utilisateur. Cette contribution a été basée sur l'outil de test MMT (Montimage Monitoring Tool). Finalement, nous avons conçu une architecture sécurisée d'un système distribué en se basant sur nos contributions / The widespread of inexpensive communication technologies, distributed data storage and web services mechanisms currently urge the collaboration among organizations. Partners are participating in this environment motivated by several advantages such as: (1) the ability to use external and professional resources, services and knowledge, (2) the reduction of time-consuming requirements and (3) the benefaction of experts experience. However, this collaboration is not perfect since several problems can arise such as the misuse of resources, disclosure of data or inadequate services. Therefore, security is an important concern of the participants. In particular trust management and access control are one of the major security issues for an organization. This thesis addresses these two areas in particular. It proposes a novel and comprehensive trust framework for Multi-Organization Environments. Our approach is organized in four parts. First, we propose a vector based model approach for defining trust vectors. These vectors evaluate a set of requirements, under conditions, and provide a degree of confidence. In our approach, we consider two different types of vectors. On the one hand, a vector that links a user to an organization and, on the other hand, a vector that links two organizations. We also show how these vectors are evaluated and shared among the different organizations, and how we combine the provided trust information in order to enhance the security. Second, the TRUST-OrBAC model was designed to add the previous trust approach to the ORBAC model. Moreover, this solution was applied with a real collaboration network between companies. Third, we present a trust ontology methodology based on access control concepts. This ontology will be used to share the trust beliefs between participants and to make equivalence between their trust objectives. How to define this trust relationship, how to understand the trust objective of a requester, and how to evaluate the recommendation value is addressed in this thesis. Fourth, we improve our work by designing a passive testing approach in order to evaluate the behavior of a user. This contribution is based on the monitoring tool MMT. Finally the entire architecture of our system is proposed
39

Infrastructure de gestion de la confiance sur internet / Trust management infrastructure for internet

Vu, Van-Hoan 03 December 2010 (has links)
L'établissement de la confiance est un problème qui se pose en permanence dans la vie quotidienne. Nous avons toujours besoin d'évaluer la confiance que l'on a en quelqu'un avant de décider d'entreprendre une action avec. Il s'agit bien évidemment d'une question très importante pour les applications de l'Internet où il est de plus en plus rare d'engager une transaction avec des personnes ou des entités que l'on connaîtrait au préalable. La confiance est un élément clé pour le développement et le bon fonctionnement des applications d’e-commerce et par extension de tous les services qui amènent à des interactions avec des inconnus.Le but de cette thèse est de proposer une infrastructure de gestion de la confiance qui permette à chaque participant d'exprimer sa propre politique de confiance ; politique qui guidera le comportement des applications qui fournissent ou qui permettent d'accéder à des services. Cette infrastructure met en œuvre des mécanismes de négociation qui vont permettre d'établir une confiance mutuelle entre les différents participants d'une transaction. Un des points importants de notre proposition est d'offrir un langage d'expression des politiques qui permet d'utiliser toutes les sources d'informations disponibles telles que les qualifications (credentials), la notion de réputation, de recommandation, de risque pour exprimersa politique de confiance. / Trust establishment is an important problem which often arises everyday. We need to assess the trust in someone or something before making decisions on their actions. It is also a very important problem for Internet applications where participants of a system are virtual entities. The trust establishment is a key factor for e-commerce applications and services which involve interactions with unknown users.The objective of this thesis is to build an infrastructure for trust management which allows each participant to express his own security policy. The security policy is a way for the participant to define his own access control to his own resources and services. The infrastructure provides a trust negotiation mechanism that allows two participants to establish a mutual trust between them for interactions.The important point of our proposal of an infrastructure for trust management is that we use all available information such as credentials (signed certificates), reputations, recommendations or risk information about the peer to make decisions on trust. All these factors are expressed in the security policy by using our proposed policy language.
40

A trust framework for multi-organization environments

Toumi, Khalifa 01 April 2014 (has links) (PDF)
The widespread of inexpensive communication technologies, distributed data storage and web services mechanisms currently urge the collaboration among organizations. Partners are participating in this environment motivated by several advantages such as: (1) the ability to use external and professional resources, services and knowledge, (2) the reduction of time-consuming requirements and (3) the benefaction of experts experience. However, this collaboration is not perfect since several problems can arise such as the misuse of resources, disclosure of data or inadequate services. Therefore, security is an important concern of the participants. In particular trust management and access control are one of the major security issues for an organization. This thesis addresses these two areas in particular. It proposes a novel and comprehensive trust framework for Multi-Organization Environments. Our approach is organized in four parts. First, we propose a vector based model approach for defining trust vectors. These vectors evaluate a set of requirements, under conditions, and provide a degree of confidence. In our approach, we consider two different types of vectors. On the one hand, a vector that links a user to an organization and, on the other hand, a vector that links two organizations. We also show how these vectors are evaluated and shared among the different organizations, and how we combine the provided trust information in order to enhance the security. Second, the TRUST-OrBAC model was designed to add the previous trust approach to the ORBAC model. Moreover, this solution was applied with a real collaboration network between companies. Third, we present a trust ontology methodology based on access control concepts. This ontology will be used to share the trust beliefs between participants and to make equivalence between their trust objectives. How to define this trust relationship, how to understand the trust objective of a requester, and how to evaluate the recommendation value is addressed in this thesis. Fourth, we improve our work by designing a passive testing approach in order to evaluate the behavior of a user. This contribution is based on the monitoring tool MMT. Finally the entire architecture of our system is proposed

Page generated in 0.0228 seconds