Open Reputation Systems. Overview OASIS ORMS (Open Reputation Management Systems) introduction Use cases, requirements and model ENISA Paper on Security.

Slides:



Advertisements
Similar presentations
Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.
Advertisements

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Computer Networking Revision Dr Sandra I. Woolley.
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Lecture 1: Overview modified from slides of Lawrie Brown.
TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
ODISSEA Mehdi Kharrazi Kulesh Shanmugasundaram Security Issues.
Wireless Sensor Network Security Anuj Nagar CS 590.
SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.
Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.
Introduction. Contents  Network Management Overview Sample Scenario where NM is Applied 5 Management Functions Importance to Business Processes  Network.
Web services security I
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
Identity Management Report By Jean Carreon and Marlon Gonzales.
SAML Right Here, Right Now Hal Lockhart September 25, 2012.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Internetworking – What is internetworking? Connect multiple networks of one or more organizations into a large, uniform communication system. The resulting.
SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.
Security protocols  Authentication protocols (this lecture)  Electronic voting protocols  Fair exchange protocols  Digital cash protocols.
Security protocols and their verification Mark Ryan University of Birmingham Midlands Graduate School University of Birmingham April 2005 Steve Kremer.
SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.
Csci5233 Computer Security1 Bishop: Chapter 11 An Overview of Cipher Techniques (in the context of networks) ( )
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
1 4/23/2007 Introduction to Grid computing Sunil Avutu Graduate Student Dept.of Computer Science.
Network Security Introduction Light stuff – examples with Alice, Bob and Trudy Serious stuff - Security attacks, mechanisms and services.
Engineering Essential Characteristics Security Engineering Process Overview.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
INTRODUCTION. 1.1 Why the Internet Protocol Multimedia Subsystem 1.2 Where did it come from?
IPSEC : KEY MANAGEMENT PRESENTATION BY: SNEHA A MITTAL(121427)
IB TES Information Technology in a Global Society.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
ITEM #1 reference to retrieval and archiving is removed.
Payment in Identity Federations David J. Lutz Universitaet Stuttgart.
On the Security of Polling Protocols in Peer-to-Peer Systems Bartlomiej Sieka (U. Illinois-Chicago) Ajay D. Kshemkalyani (U. Illinois-Chicago) Mukesh Singhal.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Your Wireless Network has No Clothes* William A. Arbaugh, Narendar Shankar Y.C. Justin Wan University of Maryland Presentation by Eddy Purnomo,
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Computer Science and Engineering 1 Mobile Computing and Security.
Network Security Introduction
Click to edit Master title style © by Nat Sakimura. Coping with Information Asymmetry SESSION G: Managing Risk & Reducing Online Fraud Using New.
Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.
Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg.
Helping the Cause of Medical Device Interoperability Through Standards- based Test Tools DoC/NIST John J. Garguilo January 25,
SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk.
A Security Framework for ROLL draft-tsao-roll-security-framework-00.txt T. Tsao R. Alexander M. Dohler V. Daza A. Lozano.
1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 
CS457 Introduction to Information Security Systems
Talal H. Noor, Quan Z. Sheng, Lina Yao,
SAML New Features and Standardization Status
Federated Identity Management for Scientific Collaborations
Tim Bornholtz Director of Technology Services
ITU-T activity in ICT security
Presentation transcript:

Open Reputation Systems

Overview OASIS ORMS (Open Reputation Management Systems) introduction Use cases, requirements and model ENISA Paper on Security Issues in Reputation Systems Some thoughts on reputation standardisation

OASIS - ORMS Goal: Definition of a portable reputation format Process: Use-case definition for reputation management Reference/standard model Flexible reputation data model Framework and protocol/s for exchanging and porting reputation data (SAML/IDP based) Evaluation algorithms for mapping reputation to risk / risk levels Support for privacy, multiple identities, identity resolution

Use-cases 1 Seller reputation Peer-to-peer Key management Anti-spam/IP reputation

Use-cases 2 Content filtering Avatar Reputation Social Network Peer Reputation Unified Communications (IM, SPIT/SPIM etc…)

Requirements

Modelling Reputation in a Standard -Thoughts

Reputation is an aggregation of opinions about an assertion Assertion – Bob is a good laptop seller Assertion – Bob is a bad husband Score 0.2 – i.e. He is not a good laptop seller Score 1 – i.e. He IS a bad husband

The anatomy of reputation – personal view Assertion – Bob is a good laptop seller

Reputation Thoughts If reputation is an aggregated opinion about an assertion – why not integrate with SAML and IDP infrastructure? Reputation votes should be separated from the algorithm used to compute it Mean score 2 nd order reputation Reputation Context => Same vote set can be interpreted differently

Reputation Thoughts Model must allow for so-called 2 nd order reputations (scores which take into account the reputation of the voter) Rating context should be taken into account – time/date, authentication method/token etc...

Security of Reputation Systems ENISA paper – a security analysis of reputation systems

Typical security vulnerabilities need to be addressed: Collusion–voters agree to target a victim Denial of reputation – campaigns against an individual Whitewashing (cancelling a bad reputation) Sybil attacks (creating multiple identities to vote – e.g. Ebay 1 cent items voted on by seller)

Take home messages ORMS is working towards a global portable reputation standards. Reputation is just another kind of assertion Importance of including features like authentication, privacy, 2 nd order reputation Importance of addressing security issues.

?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.