IoMT AUTHENTICATION AND AUTHORIZATION ACCESS CONTROL BASED ON MULTIPARTY TRUST NEGOTIATION

Allouzi, Maha Ali

19 April 2022

No description available.

Computer Science

Trust Estimation of Real-Time Social Harm Events

Pandey, Saurabh Pramod

08 1900

Indiana University-Purdue University Indianapolis (IUPUI) / Social harm involves incidents resulting in physical, financial, and emotional hardships such as crime, drug overdoses and abuses, traffic accidents, and suicides. These incidents require various law-enforcement and emergency responding agencies to coordinate together for mitigating their impact on the society. With the advent of advanced networking and computing technologies together with data analytics, law-enforcement agencies and people in the community can work together to proactively reduce social harm. With the aim of effectively mitigating social harm events in communities, this thesis introduces a distributed web application, Community Data Analytic for Social Harm (CDASH). CDASH helps in collecting social harm data from heterogenous sources, analyzing the data for predicting social harm risks in the form of geographic hotspots and conveying the risks to law-enforcement agencies. Since various stakeholders including the police, community organizations and citizens can interact with CDASH, a need for a trust framework arises, to avoid fraudulent or mislabeled incidents from misleading CDASH. The enhanced system, called Trusted-CDASH (T-CDASH), superimposes a trust estimation framework on top of CDASH. This thesis discusses the importance and necessity of associating a degree of trust with each social harm incident reported to T-CDASH. It also describes the trust framework with different trust models that can be incorporated for assigning trust while examining their impact on prediction accuracy of future social harm events. The trust models are empirically validated by running simulations on historical social harm data of Indianapolis metro area.

Social harm

Trust management

Hotspots

Data cross validation

Decentralized Trust-Based Access Control for Dynamic Collaborative Environments

Adams, William Joseph

10 April 2006

The goal of this research was to create a decentralized trust-based access control (TBAC) system for a dynamic collaborative environment (DCE). By building a privilege management infrastructure (PMI) based on trust, user access was determined using behavior grading without the need for pre-configured, centrally managed role hierarchies or permission sets. The PMI provided TBAC suitable for deployment in a rapidly assembled, highly fluid, collaborative environment. DCEs were assembled and changed membership as required to achieve the goals of the group. A feature of these environments was that there was no way of knowing who would join the group, no way of refusing anyone entry into group, and no way of determining how long members would remain in the group. DCEs were formed quickly to enable participants to share information while, at the same time, allowing them to retain control over the resources that they brought with them to the coalition. This research progressed the state of the art in the fields of access control and trust management. The Trust Management System developed through this research effectively implemented a decentralized access control scheme. Each resource owner independently evaluated the reputation and risk of network members to make access decisions. Because the PMI system used past behavior as an indication of future performance, no a priori user or resource configuration was required. / Ph. D.

Wireless Security

Trust Management

Dynamic Collaboration

Access Control

The Explanatory Power of Reciprocal Behavior for the Inter-Organizational Exchange Context

Pieperhoff, Martina

January 2018

In order to create sustainable competitive advantages, organizations are embedded in dyadic exchange relationships, which depend on the coordination of the behavior of the actors involved. Often, coordinated behavior is explained by trust. Since trust develops in a process of reciprocal responses to presumed trustworthy behavior, it is a reciprocity-based concept. While inter-organizational exchange relationships can appear in different stages (forming, establishing, broken), different reciprocity types (direct, indirect, negative) can be distinguished. The study links reciprocal behavior to different stages of inter-organizational exchange relationships in order to investigate reciprocity as a possible coordination mechanism of behavior and thus explore the basis of coordination of trust-based behavior. Qualitative Comparative Analysis as a set-theoretic approach is applied to analyze the empirical data consisting of 78 qualitative semi-structured interviews with managers of small-, medium- and large-sized companies. The results show that different reciprocity types become effective in different stages of an inter-organizational exchange relationship: For forming inter-organizational exchange relationships indirect reciprocal behavior, besides direct reciprocity, becomes effective while in establishing inter-organizational exchange relationships, direct reciprocal behavior is evident. Negative reciprocal behavior leads to a break up of relationships. Using these results, on the one hand, the concept of trust can be sharpened by deepening the understanding of the trust-building mechanisms and on the other hand, reciprocity can be seen as coordination mechanism in exchange relationships of different stages. In doing so, with this knowledge, relationships can be coordinated towards a long-term orientation in order to create sustainable advantages.

Trust negotiation policy management for service-oriented applications

Skogsrud, Halvard, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2006

Service-oriented architectures (SOA), and in particular Web services, have quickly become a popular technology to connect applications both within and across enterprise boundaries. However, as services are increasingly used to implement critical functionality, security has become an important concern impeding the widespread adoption of SOA. Trust negotiation is an approach to access control that may be applied in scenarios where service requesters are often unknown in advance, such as for services available via the public Internet. Rather than relying on requesters' identities, trust negotiation makes access decisions based on the level of trust established between the requester and the provider in a negotiation, during which the parties exchange credentials, which are signed assertions that describe some attributes of the owner. However, managing the evolution of trust negotiation policies is a difficult problem that has not been sufficiently addressed to date. Access control policies have a lifecycle, and they are revised based on applicable business policies. Additionally, because a trust relationship established in a trust negotiation may be long lasting, their evolution must also be managed. Simply allowing a negotiation to continue according to an old policy may be undesirable, especially if new important constraints have been added. In this thesis, we introduce a model-driven trust negotiation framework for service-oriented applications. The framework employs a model for trust negotiation, based on state machines, that allows automated generation of the control structures necessary to enforce trust negotiation policies from the visual model of the policy. Our policy model also supports lifecycle management. We provide sets of operations to modify policies and to manage ongoing negotiations, and operators for identifying and managing impacts of changes to trust negotiation policies on ongoing trust negotiations. The framework presented in the thesis has been implemented in the Trust-Serv prototype, which leverages industry specifications such as WS-Security and WS-Trust to offer a container-centric mechanism for deploying trust negotiation that is transparent to the services being protected.

security

web services

trust negotiation

trust management

modeling

SOA

service-oriented applications

A simulation-based methodology for the assessment of server-based security architectures for mobile ad hoc networks (MANETs)

Darwish, Salaheddin

January 2015

A Mobile Ad hoc Network (MANET) is typically a set of wireless mobile nodes enabled to communicate dynamically in a multi-hop manner without any pre-existing network infrastructure. MANETs have several unique characteristics in contrast to other typical networks, such as dynamic topology, intermittent connectivity, limited resources, and lack of physical security. Securing MANETs is a critical issue as these are vulnerable to many different attacks and failures and have no clear line of defence. To develop effective security services in MANETs, it is important to consider an appropriate trust infrastructure which is tailored to a given MANET and associated application. However, most of the proposed trust infrastructures do not to take the MANET application context into account. This may result in overly secure MANETs that incur an increase in performance and communication overheads due to possible unnecessary security measures. Designing and evaluating trust infrastructures for MANETs is very challenging. This stems from several pivotal overlapping aspects such as MANET constraints, application settings and performance. Also, there is a lack of practical approaches for assessing security in MANETs that take into account most of these aspects. Based on this, this thesis provides a methodological approach which consists of well-structured stages that allows the exploration of possible security alternatives and evaluates these alternatives against dimensions to selecting the best option. These dimensions include the operational level, security strength, performance, MANET contexts along with main security components in a form of a multidimensional security conceptual framework. The methodology describes interdependencies among these dimensions, focusing specifically on the service operational level in the network. To explore these different possibilities, the Server-based Security Architectures for MANETs (SSAM) simulation model has been created in the OMNeT++ simulation language. The thesis describes the conceptualisation, implementation, verification and validation of SSAM, as well as experimentation approaches that use SSAM to support the methodology of this thesis. In addition, three different real cases scenarios (academic, emergency and military domains) are incorporated in this study to substantiate the feasibility of the proposed methodology. The outcome of this approach provides MANET developers with a strategy along with guidelines of how to consider the appropriate security infrastructure that satisfies the settings and requirements of given MANET context.

004.6

Řízení důvěry v P2P sítích / Trust Management Systems in P2P Networks

Novotný, Miroslav

January 2012

The architecture of certain class of services, such as distributed computing, distributed storages or content delivering networks shifts from the traditional client-server model to more scalable and robust peer to peer networks. Providing proper protection to such complex, open and anonymous systems is very complicated. Malicious peers can cooperate and develop sophisticated strategies to bypass existing security mechanisms. Recently, many trust management systems for P2P networks have been proposed. However, their effectiveness is usually tested only against simple malicious strategies. Moreover, a complex comparison of resistance of a particular method is missing. In this thesis, we (1) propose a new trust management system called BubbleTrust and (2) develop a simulation framework for testing trust management systems against various malicious strategies. Our simulation framework defines several criteria which determine the success of each malicious strategy in the network with a given system. We present results of four trust management systems that represent main contemporary approaches and BubbleTrust.

Status and Exploration of Wealth Management Services of China’s Trust Industry

January 2015

abstract: With years of continuous Chinese economic growth and accelerating aging population, better serving the changing demands in wealth management has become the new market development directions. As evidenced in international experiences, the embedded nature of privacy and isolation of managed assets in the trust business have demonstrated built-in consistency with the needs of high-end wealth management and inheritance; hence, trust has become a very fitting vehicle for wealth management. By 2014, total assets under trust management have reached RMB14trillion. However, there is as yet a massive gap between the current service levels received by high net worth individuals and their requirements; a gap that is adverse in establishing a stable customer service relationship; which eventually hinders the vigorous development of the overall industry. With modeling the gaps in service levels as the basic foundation, this paper first and foremost starts with the discussion on the issues in listening to service needs. This paper conducted customer surveys in such categories as customer expected and perceived service quality, service level design and standards, service provided in accordance with the design, and service commitment actually fulfilled. By correlation and regression analyses, this paper analyzed the characteristics of high net worth population, concluding that high net worth individuals with different gender, profession, age exhibit varying needs, preferences and other determining factors in wealth management. This Paper has designed wealth management service standards and value-added asset allocation systems; the Paper has structured a systematic and disciplined framework in wealth management, which serves as a guideline in the implementation of leading wealth management and in the establishment of superior trust management services. It serves as an impetus for the trust industry to thrive as the leader in China’s wealth management domain, enhance industry brand image, accumulate stable customer segments and develop sustainable market core competencies. / Dissertation/Thesis / Doctoral Dissertation Business Administration 2015

Business

Finance

customer service relationship

superior trust management service

trust business

wealth managemennt

A trust-based adaptive access control model for wireless sensor networks

Maw, Htoo Aung

January 2015

Wireless Sensor Networks (WSNs) have recently attracted much interest in the research community because of their wide range of applications. One emerging application for WSNs involves their use in healthcare where they are generally termed Wireless Medical Sensor Networks (WMSNs). In a hospital, fitting patients with tiny, wearable, wireless vital sign sensors would allow doctors, nurses and others to continuously monitor the state of those in their care. In the healthcare industry, patients are expected to be treated in reasonable time and any loss in data availability can result in further decline in the patient's condition or can even lead to death. Therefore, the availability of data is more important than security concerns. The overwhelming priority is to take care of the patient, but the privacy and confidentiality of that patient's medical records cannot be neglected. In current healthcare applications, there are many problems concerning security policy violations such as unauthorised denial of use, unauthorised information modification and unauthorised information release of medical data in the real world environment. Current WSN access control models used the traditional Role-Based Access Control (RBAC) or cryptographic methods for data access control but the systems still need to predefine attributes, roles and policies before deployment. It is, however, difficult to determine in advance all the possible needs for access in real world applications because there may be unanticipated situations at any time. This research proceeds to study possible approaches to address the above issues and to develop a new access control model to fill the gaps in work done by the WSN research community. Firstly, the adaptive access control model is proposed and developed based on the concept of discretionary overriding to address the data availability issue. In the healthcare industry, there are many problems concerning unauthorised information release. So, we extended the adaptive access control model with a prevention and detection mechanism to detect security policy violations, and added the concept of obligation to take a course of action when a restricted access is granted or denied. However, this approach does not consider privacy of patients' information because data availability is prioritised. To address the conflict between data availability and data privacy, this research proposed the Trust-based Adaptive Access Control (TBA2C) model that integrates the concept of trust into the previous model. A simple user behaviour trust model is developed to calculate the behaviour trust value which measures the trustworthiness of the users and that is used as one of the defined thresholds to override access policy for data availability purpose, but the framework of the TBA2C model can be adapted with other trust models in the research community. The trust model can also protect data privacy because only a user who satisfies the relevant trust threshold can get restricted access in emergency and unanticipated situations. Moreover, the introduction of trust values in the enforcement of authorisation decisions can detect abnormal data access even from authorised users. Ponder2 is used to develop the TBA2C model gradually, starting from a simple access control model to the full TBA2C. In Ponder2, a Self-Managed Cell (SMC) simulates a sensor node with the TBA2C engine inside it. Additionally, to enable a full comparison with the proposed TBA2C model, the Break-The-Glass Role Based Access Control (BTGRBAC) model is redesigned and developed in the same platform (Ponder2). The proposed TBA2C model is the first to realise a flexible access control engine and to address the conflict between data availability and data privacy by combining the concepts of discretionary overriding, the user behaviour trust model, and the prevention and detection mechanism.

610.28

Dynamic Trust Management for Mobile Networks and Its Applications

Bao, Fenye

05 June 2013

Trust management in mobile networks is challenging due to dynamically changing network environments and the lack of a centralized trusted authority. In this dissertation research, we design and validate a class of dynamic trust management protocols for mobile networks, and demonstrate the utility of dynamic trust management with trust-based applications. Unlike existing work, we consider social trust derived from social networks in addition to traditional quality-of-service (QoS) trust derived from communication networks to obtain a composite trust metric as a basis for evaluating trust of nodes in mobile network applications. Untreated in the literature, we design and validate trust composition, aggregation, propagation, and formation protocols for dynamic trust management that can learn from past experiences and adapt to changing environment conditions to maximize application performance and enhance operation agility. Furthermore, we propose, explore and validate the design concept of application-level trust optimization in response to changing conditions to maximize application performance or best satisfy application requirements. We provide formal proof for the convergence, accuracy, and resiliency properties of our trust management protocols. To achieve the goals of identifying the best trust protocol setting and optimizing the use of trust for trust-based applications, we develop a novel model-based analysis methodology with simulation validation for analyzing and validating our dynamic trust management protocol design. The dissertation research provides new understanding of dynamic trust management for mobile wireless networks. We gain insight on the best trust composition and trust formation out of social and QoS trust components, as well as the best trust aggregation and propagation protocols for optimizing application performance. We gain insight on how a modeling and analysis tool can be built, allowing trust composition, aggregation, propagation, and formation designs to be incorporated, tested and validated. We demonstrate the utility of dynamic trust management protocol for mobile networks including mobile ad-hoc networks, delay tolerant networks, wireless sensor networks, and Internet of things systems with practical applications including misbehaving node detection, trust-based survivability management, trust-based secure routing, and trust-based service composition. Through model-based analysis with simulation validation, we show that our dynamic trust management based protocols outperform non-trust-based and Bayesian trust-based protocols in the presence of malicious, erroneous, partly trusted, uncertain and incomplete information, and are resilient to trust related attacks. / Ph. D.

mobile networks

trust management

adaptive control

Optimization

secure routing

intrusion detection

performance analysis