Presentation is loading. Please wait.

Presentation is loading. Please wait.

Generic Reliability Trust Model Glenn Mahoney Wendy Myrvold Gholamali (Ali) Shoja Department of Computer Science, University of Victoria

Similar presentations


Presentation on theme: "Generic Reliability Trust Model Glenn Mahoney Wendy Myrvold Gholamali (Ali) Shoja Department of Computer Science, University of Victoria"— Presentation transcript:

1 Generic Reliability Trust Model Glenn Mahoney Wendy Myrvold Gholamali (Ali) Shoja Department of Computer Science, University of Victoria Email: {gmahoney,wendym,gshoja}@cs.uvic.ca Presented at: Third Annual Conference on Privacy, Security and Trust (PST’05) St. Andrews, New Brunswick October 12-14, 2005

2 Generic Reliability Trust Model, Glenn Mahoney, PST'052 Agenda Problem and Background –Abstract computational trust model Generic Reliability Trust Model –Definition –Metric –Algorithms –Experimental results –Comparison to other trust models. Conclusion

3 Generic Reliability Trust Model, Glenn Mahoney, PST'053 Problem… Just because your connection is secure, it doesn’t mean you can trust who you are connected to. (Channel) security ≠ trust

4 Generic Reliability Trust Model, Glenn Mahoney, PST'054 Problem: (Lack of) Trust in Networks Economic activity involving –operations on digital objects, –network-mediated interactions between digital entities. Trust as a prerequisite for value-based interaction. Limited and/or application-specific capabilities for automated handling of trust. Security  trust.

5 Generic Reliability Trust Model, Glenn Mahoney, PST'055 Example: eBay An effectively anonymous community of ad-hoc buyers and sellers. Created in 1995; by 2002 had: –61.7 million registered users, –638 million listed items, –facilitated $14.9 billion dollars (US) in gross sales. ``The key to eBay's success is trust. Trust between the buyers and sellers who make up the eBay community. And trust between the user and eBay, the company.'' -- eBay Web Site

6 Generic Reliability Trust Model, Glenn Mahoney, PST'056 Alice Tom Sally Fred Sue Bob Network M1M1 M2M2 Channel Goal: create a generalized, decentralized, application-independent trust reasoning capability for use in ad-hoc, network-mediated environments -- a simulant useful for trust- related decisions. Distributed entities exchanging messages. Practical goal: Computational Trust (not human trust)

7 Generic Reliability Trust Model, Glenn Mahoney, PST'057 Abstract Trust Model Entities Subjects of trust. Trust Value Some quantification or measure of assertions/beliefs, and value result of metrics; e.g. boolean, real, discrete, probability. Roots of Trust Irreducible beliefs; assumptions made by all entities about whom to trust. Direct Trust Localized belief about others; asymmetric. Indirect Trust Subjective belief derived from the beliefs of others; conditional transitivity. Subject- matter “A trusts B” is shorthand for “A trusts B about X under certain conditions”. Trust Metric Defines how a to calculate some trust value based on direct and indirect trust (evidence); typically chain-of- proof, arithmetic, or probabilistic.

8 Generic Reliability Trust Model, Glenn Mahoney, PST'058 The Generic Reliability Trust Model (GRTM) Definition Metric Algorithms

9 Generic Reliability Trust Model, Glenn Mahoney, PST'059 Reliability Reliability theory is the study of the performance of a system of failure-prone elements. Given the graph G=( V(G), E(G) ), where p e is the probability that edge e is operational, Rel(G) =

10 Generic Reliability Trust Model, Glenn Mahoney, PST'0510 Trust Graph A trust graph is a labeled digraph G=( V(G), E(G) ) V(G) represents the entities E(G) represents statements or beliefs Each arc e=(u,v) in E(G) represents a trust statement or belief by u about v, and has a label : l  0 is a trust level (generally, amount of indirect trust) c is a confidence value, c  [0,1] c e = p e is the probability of operation of this arc/link. A trust metric defines the operational criteria -- what edges are required for any trust to exist. The reliability model is used to calculate a value: Trust(G) = Rel(G)

11 Generic Reliability Trust Model, Glenn Mahoney, PST'0511 Example Trust Graph Alice trusts Sally with a confidence of 0.8, and at the level 2, etc. Assumes common subject matter. Need something more to say whether Alice trusts Bob. 2,.8 Alice Sally Tom Bob Sue 2,.8 0,.8 1,.8 0,.8

12 Generic Reliability Trust Model, Glenn Mahoney, PST'0512 Generalized Operational Criteria Can also represent a trust graph as a set of statements: The derived statement for the arc e=(u,v) with label is There are transitivity rules R for derived statements given a trust graph G and vertices s (source) and t (target or sink). A state S in E(G) is operational iff the derived statement exists in the reflexive, transitive closure of S, under R.

13 Generic Reliability Trust Model, Glenn Mahoney, PST'0513 Hop-count Limited Transitive Trust (HLTT) Let i>0, j ≥ 0, and k=min(i-1, j), If and are derived statements then is a derived statement. E.g. Given and then.

14 Generic Reliability Trust Model, Glenn Mahoney, PST'0514 Example The HLTT transitivity rule produces the following minimal operational states for trust from Alice to Bob: S 1 = { (Alice,Sally), (Sally,Sue), (Sue,Bob) } S 2 = { (Alice,Tom), (Tom,Bob) } 2 Alice Sally Tom Bob Sue 2 0 1 0 0

15 Generic Reliability Trust Model, Glenn Mahoney, PST'0515 Exact Algorithms Inclusion-exclusion: First, find all possible operational states T, k=|T|. –Exponential in time and memory Then, calculate probability using inclusion-exclusion. –Enumerate all 2 k -1 subsets, alternately add and subtract product of probabilities of the union of arcs in the k-subsets Factoring: Recursively simplify the graph G: Rel(G) = p e Rel(G * e) + (1-p e )Rel(G - e); –Still enumerates 2 k -1 subsets (worst-case), but does not require pre-generation of operational states  All exact methods are #P-complete

16 Generic Reliability Trust Model, Glenn Mahoney, PST'0516 Example Recall, S 1 ={ (Alice, Sally), (Sally, Sue), (Sue, Bob) } S 2 ={ (Alice, Tom), (Tom, Bob) } Assume p e is 0.8, Trust(G,HLTT,Alice,Bob) is = Pr(S 1 ) + Pr(S 2 ) - Pr(S 1  S 2 ) =.512 +.64 -.327 =.824

17 Generic Reliability Trust Model, Glenn Mahoney, PST'0517 Approximation Use the inclusion-exclusion approach but truncate the computation: During search phase - –Discard candidate operational states if probability product falls below some threshold or maximum time limit reached. –Stop if a single operational state exceeds minimum desired confidence. After search phase - –Prune operational states to some maximum number before performing inclusion-exclusion. During inclusion-exclusion phase - –Stop if lower-bound meets the desired confidence.  The result will be less-or-equal to exact result.

18 Generic Reliability Trust Model, Glenn Mahoney, PST'0518 SimulatedTrust Graph Data Straightforward representation in XML using the semantics of Graph eXchange Language (GXL). Generate graph data using a random power law (RPLG): –Generate desired number of vertices –Randomly generate arcs between vertices such that the probability there exists some vertex of degree k is roughly Prob(degree k) ~  k -  –where  = 0.7 and  = 0.8.

19 Generic Reliability Trust Model, Glenn Mahoney, PST'0519 Performance of Approximation

20 Generic Reliability Trust Model, Glenn Mahoney, PST'0520 Comparison GRTM+ HLTTMahoneyDecentralized, probabilistic metric, generalized subject-matter, belief statements. X.509 PKIIETFCentralized, chain-of-proof metric; restrictive subject-matter of identity authentication; digital certificates. PGPZimmerman, et.al. Decentralized, chain-of-proof metric; restrictive subject-matter of public key authentication; digital certificates. Trust Management Blaze, Feigenbaum, Lacy Partially decentralized, chain-of-proof metric; subject-matter focus on access control and delegation; digital certificates. Distributed Trust Abdul- Rahman, Hailes Decentralized model; arithmetic trust metric; exchange of recommendations; some subject-matter flexibility. Network FlowLevien, AikenGeneralized model; network-flow metric test for chain-of-proof sufficiency; generalized certificates. Bayesian Network Wang, Vassileva Generalized model; arithmetic trust metric; subject-matter flexibility and adaptation using Bayesian networks. Maurer Confidence Valuation MaurerSomewhat generalized; probabilistic trust metric; restrictive subject- matter of a certificate chain-of-proof system evaluation.

21 Generic Reliability Trust Model, Glenn Mahoney, PST'0521 Conclusion

22 Generic Reliability Trust Model, Glenn Mahoney, PST'0522 Summary of Results New trust model: Generic reliability trust model (GRTM) –Appling reliability model to solve problem of computational trust New trust metric: Hop-count limited transitive trust (HLTT) Practical approximation Trust graph simulation as a scale-free network: –Random power-law graphs (RPLG) –XML/GXL representation

23 Generic Reliability Trust Model, Glenn Mahoney, PST'0523 Potential Application Areas eCommerce Reputation systems Agent-Based Systems (Social Agents) Delegated Rights Computer-based collaboration Distributed resource management / Grids Ad-hoc networking

24 Generic Reliability Trust Model, Glenn Mahoney, PST'0524 Future Research Use GRTM+HLTT within some application Trust model quality measure? Improve approximation techniques Use of multiple subject-matters Distrust? Standardized representation and exchange protocol Trust establishment in ad-hoc networks

25 Generic Reliability Trust Model Glenn Mahoney Wendy Myrvold Gholamali (Ali) Shoja Department of Computer Science, University of Victoria Email: {gmahoney,wendym,gshoja}@cs.uvic.ca Presented at: Third Annual Conference on Privacy, Security and Trust (PST’05) St. Andrews, New Brunswick October 12-14, 2005

26 Generic Reliability Trust Model, Glenn Mahoney, PST'0526 additional material

27 Generic Reliability Trust Model, Glenn Mahoney, PST'0527 Trust Definition (informal) Trust is one's reasonable expectation of a positive outcome in a situation where there is less than full control over the actions of the participants.

28 Generic Reliability Trust Model, Glenn Mahoney, PST'0528 References [colbourn87] Colbourn, C. “The Combinatorics or Network Reliability”, Oxford University Press, 1987

29 Generic Reliability Trust Model, Glenn Mahoney, PST'0529 Network Reliability… “…is some measure of the ability of a network to carry out a desired network operation.” [colbourn87] Operational Criterion is the distinguishing feature of different metrics Probability of “operation” of the arc e.

30 Generic Reliability Trust Model, Glenn Mahoney, PST'0530 An example of 2-terminal reliability Rel Alice,Bob = Prob( any path from Alice to Bob ) = 1-Prob( all paths failed ) = 1 – (1 -.81)(1 -.81) =.9639

31 Generic Reliability Trust Model, Glenn Mahoney, PST'0531 XML/GXL Representation MCVs Power law random graph, size 10, alph=0.7, beta=0.8, maxLevel=4, fixed conf=0.8, generated Thu Apr 22 09:31:48 PDT 2004 by models.algo.GraphGen … 4 0.8 …

32 Generic Reliability Trust Model, Glenn Mahoney, PST'0532 Implementation Verification Three types of input data sets: –Manually created examples. –Generated complete graphs. –Generated RPLGs. Compare results: –Two exact algorithms. –Manual calculations. –Examples in Maurer's paper. –2-terminal reliability –Setting approximation parameters to product exact result. Inspect debug/trace output.

33 Generic Reliability Trust Model, Glenn Mahoney, PST'0533 Verification Example: D.Shier Example from section 4.1 of D.Shier,"Network Reliability and Algebraic Structures",1991. 4 pathsets: {(s,a),(a,t)} {(s,a),(a,b),(b,c),(c,t)} {(s,b),(b,c),(c,t)} {(s,b),(b,c),(c,a),(a,t)} p=0.6, Rel(s,t)=0.53971 D:\gmahoney\projects\UVic\trust_modeling\source>java dtrust.maintest runverify

34 Generic Reliability Trust Model, Glenn Mahoney, PST'0534 Verification Example: D.Shier (2) ********************* **** Test Run #1**** ********************* runTest: model=null, options= s t -uprob comb -noapprox -maxloop -1 -nosubsetr runTest: inputdata=testcases\MCVs\shier_example_4_1.xml runTest: graph note= Example take from section 4.1 of D.Shier,"Network Reliability and Algebraic Structures",1991.4 pathsets: {(s,a),(a,t)}{( s,a),(a,b),(b,c),(c,t)}{(s,b),(b,c),(c,t)}{(s,b),(b,c),(c,a),(a,t)} p=0.6, Rel(s,t)=0.53971 runTest: graph Shier Example 4.1 vertices=5 arcs=7 runTest: start calculation......calculation completed; result=[TrustMetricBasic: conf=0.539712, local=s, remote=t, subject=ID, model=MCVs] algorithm results: time Fri Dec 10 14:52:00 PST 2004 datafile testcases\MCVs\shier_example_4_1.xml graph id Shier Example 4.1 vertices 5 arcs 7 completed Exhaustive support search with Uprobability using ksubset generation allow approx(p) false total loops 44 elapsed(ms) 60 Memory usage summary: max 282344 average 261256 - Exhaustive Search counters - MSS count 4 elapsed(support) 10 elapsed(prob) 10 loops(support) 12 loops(prob) 32 dropped subsets 0 total elements 13 elements reduced 0 uprob type ksubset generation - MCVs Exhaustive counters - num minpath 4 num MSS 4 loop count(path) 12 *************************** **** End of Test Run #1**** *************************** ********************* **** Test Run #2**** ********************* runTest: model=null, options= s t -noapprox runTest: inputdata=testcases\MCVs\shier_example_4_1.xml runTest: graph note= Example take from section 4.1 of D.Shier,"Network Reliability and Algebraic Structures",1991.4 pathsets: {(s,a),(a,t)}{( s,a),(a,b),(b,c),(c,t)}{(s,b),(b,c),(c,t)}{(s,b),(b,c),(c,a),(a,t)} p=0.6, Rel(s,t)=0.53971 runTest: graph Shier Example 4.1 vertices=5 arcs=7 runTest: start calculation......calculation completed; result=[TrustMetricBasic: conf=0.539712, local=s, remote=t, subject=ID, model=MCVs] algorithm results: time Fri Dec 10 14:52:00 PST 2004 datafile testcases\MCVs\shier_example_4_1.xml graph id Shier Example 4.1 vertices 5 arcs 7 completed Factoring calculation successful. allow approx(p) false total loops 49 elapsed(ms) 30 - Factoring counters - selection method random - MCVs Model counters - generic 0 supportExists 98 - MCVs Transitivity counters - full passes 25 inner loops 471 *************************** **** End of Test Run #2**** ***************************

35 Generic Reliability Trust Model, Glenn Mahoney, PST'0535 General Characteristics of Potential Application Value-based interaction, Involving human proxies or digital agents, Using open, distributed, or ad-hoc architectures, Require flexibility and maximization of the number of potential interactors, Desire to leverage pools of local or private knowledge, High-control, high-security solutions are inappropriate.

36 Generic Reliability Trust Model, Glenn Mahoney, PST'0536 Inclusion-Exclusion Example: Sets From set theory; |E1  E2  E3| = |E1| + |E2| + |E3| - |E1  E2| - | E1  E3| - |E2  E3| + |E1  E2  E3|

37 Generic Reliability Trust Model, Glenn Mahoney, PST'0537 Inclusion-Exclusion applied to operational probabilities Another way to derive the inclusion-exclusion algorithm:

38 Generic Reliability Trust Model, Glenn Mahoney, PST'0538 Factoring Example Alice Sally Tom Bob Sally Alice,Tom Bob Sally Alice,Tom Bob Alice,Tom,Sally Bob Alice Sally Tom Bob Alice Sally Tom,Bob Alice,Sally Tom,Bob Alice Sally Tom Bob Alice,Sally Tom Bob

39 Generic Reliability Trust Model, Glenn Mahoney, PST'0539 Primary Graph Reductions Irrelevant – do not contribute to any operational state; remove Series – sequence of edges are required simultaneously; combine with axiom of probability: P(A  B) = P(A)P(B) Parallel – network is operational if any of these edges are operational; combine with axiom of probability: P(A  B) = P(A) + P(B) – P(A  B) Sequential reduction Parallel reduction

40 Generic Reliability Trust Model, Glenn Mahoney, PST'0540 Related Research Projects ProjectInstitutionsLead Researchers KeyNoteYale University, Columbia University, AT&T Research Labs Joan Feigenbaum, Matt Blaze STRONGMANUniversity of Pennsylvania, Columbia University Angelos Keromytis, Michael Greenwald PeerTrustGeorgia Institute of TechnologyLing Liu P-GridSwiss Federal Institute of Technology Karl Aberer Social Agents, ACORN National Research CouncilSteve Marsh


Download ppt "Generic Reliability Trust Model Glenn Mahoney Wendy Myrvold Gholamali (Ali) Shoja Department of Computer Science, University of Victoria"

Similar presentations


Ads by Google