A Trust Management Framework for Service-Oriented Environments William Conner, Arun Iyengar, Thomas Mikalsen, Isabelle Rouvellou, and Klara Nahrstedt 18 th International World Wide Web Conference 1

Outline Background and motivation Trust management framework Performance evaluation Related work Conclusion 2

Distributed Computing Platforms Many options available for deploying distributed applications P2P systems Gnutella for file sharing PPLive for media streaming Computational grids Open Science Grid for scientific research Computing clouds IBM Blue Cloud, Google App Engine, and Amazon Web Services for web applications 3

Trust Management Parties in distributed transactions often concerned with trust Client perspective: server selection Server perspective: access control ClientServer Buying / Selling (eBay) Download / Upload (P2P) Request / Response (Web) INVITE / OK (SIP) 4

Trust Management Credential-based trust management Exchange credentials prior to transaction Suitable when parties are known directly or indirectly Not our focus Reputation-based trust management Gather feedback ratings on prior transactions Suitable for open environments when parties are unknown to each other 5

Trust Management Service (TMS) Reputation-based Server-side access control for distributed infrastructures Enable sharing of reputation feedback from many sources Enable simultaneous use of different reputation metrics 6

Target Environment Service-hosting infrastructure Computing cloud would be an example Many external clients sending requests Many different services fulfilling requests 7

Security Assumptions No Sybil attacks XRep and PeerTrust share this assumption Secure communications within infrastructure Public key cryptography Attacks characterized by negative feedback Other Web-based attacks outside scope Bad feedback implicitly handled by reputation metrics 8

Collecting Reputation Feedback External Client CHosted Service STMS REQUEST REPLY H 1 = (C,S,Fdbk 1,Attrs 1 ) TMS Records (C,S,Fdbk 1,Attrs 1 ) TMS Records (C,S,Fdbk 1,Attrs 1 ) (C,S,Fdbk 2,Attrs 2 ) H 2 = (C,S,Fdbk 2,Attrs 2 ) H = service invocation history record C = client invoking service S = invoked service Fdbk = feedback value between -1 and 1 Attrs = trust-related attributes 9

Feedback Example 10

Assessing Trust External Client CHosted Service STMS REQUEST REPLY TMS Records H 1 = (C,S,Fdbk 1,Attrs 1 ) H 2 = (C,S,Fdbk 2,Attrs 2 ) (C,F S ) Rep C,S = F S ({H 1,H 2 }) GRANT if Rep C,S T S DENY, otherwise C = client invoking service S = invoked service F S = reputation scoring function for S Rep C,S = reputation of C according to S T S = minimum trust threshold for S 11

Custom Reputation Metrics TMS supports flexible reputation metrics Select from library of available scoring functions Define user-specific scoring function eBay reputation metric Summation of feedback ratings PeerTrust reputation metric satisfaction credibilitytransaction context community context 12

Distributed TMS Multiple TMS nodes organized into DHT Consistent hashing used for load balancing Replication on successor nodes for availability Hosted Service S TMS 1 TMS 0 TMS 2 13

Consistent Hashing Apply cryptographic hash function to client identifier to get hash value hash C Example hash functions: SHA-1, MD5 Assign hash C to numerically closest TMS identifier hash C Similar to Chord DHT hash C node crash

Replication TMS nodes might crash Stored records unavailable Reports reassigned based on consistent hash Enhance availability of TMS records Replicate TMS records on up to k nodes where k = 0,…,N-1 Similar to successor replication on Chord 15

Replication Probability of losing record Assume nodes fail independently with probability p Assume replication factor k Prob = p k successor node

Trust Value Caching External Client CHosted Service STMS REQUEST REPLY (C,F S ) Rep C,S = F S ({H 1,H 2 }) Additional processing and round trip 17

Trust Value Caching Observation Q: Is it necessary to re-evaluate trust each time? A: Depends on scoring function and client activity since last evaluation Example eBay is scoring function used Client has 5 transactions since last evaluation If Rep C = 100, then always grant If Rep C = -100, then always deny 18

Trust Value Caching TMS periodically updates services on client activity levels Maintain frequency count for each client Create Bloom histogram to approximate frequency count Services estimate upper and lower bound on client reputation TMS only contacted if re-evaluation necessary 19

Trust Value Caching 20

Performance Evaluation Integrated TMS into Supply Chain Management application Retailers Warehouses Manufacturers Measured latency and throughput through experiments Trusted ILLIAC (LAN environment) PlanetLab (WAN environment) 21

Performance Evaluation 22

Latency 23

Throughput 24

Related Work Online auctions Buyers and sellers rate each other eBay is best known example P2P file sharing Avoid bogus or malicious content XRep [Damiani et al. 02], EigenTrust [Kamvar et al. 03], and PeerTrust [Xiong and Liu 04] Web service selection Clients send requests to most reputable services Examples include [Zeng et al. 03, Kalepu et al. 04, Park et al. 05] 25

Conclusion Trust management framework Reputation-based Server-side access control Enable sharing of feedback Enable flexible trust assessments Reasonable latency and throughput overhead 26