Presentation is loading. Please wait.

Presentation is loading. Please wait.

01/02/2016Web security and Trust Management 1 Reza Mousoli 2002-4 Web Security and Trust Management.

Published bySteven Lang Modified over 8 years ago

Similar presentations

Presentation on theme: "01/02/2016Web security and Trust Management 1 Reza Mousoli 2002-4 Web Security and Trust Management."— Presentation transcript:

1 01/02/2016Web security and Trust Management 1 Reza Mousoli 2002-4 Web Security and Trust Management

2 01/02/2016Web security and Trust Management 2 Context Rapid technological progress Borderless Internet No regulations No LAN, but WAN Perception of victimless crime

3 01/02/2016Web security and Trust Management 3 Trust a fuzzy word in computer security research Vagueness of common language. objective is, Security in distributed systems. Should Trust in this context be uniform and predictable for the same set of data?? i.e. FIXED.

4 01/02/2016Web security and Trust Management 4 Trusting Behaviour Trusting Intention Situational Decision to Trust Dispositional Trust Trusting Beliefs System Trust Belief Formation Processes Human Trust Model

5 01/02/2016Web security and Trust Management 5 The logic is simple. One has Trusting Beliefs about another, one will be willing to depend on that person (Trusting Intention). If one intends to depend on the person, then one will behave in ways that manifest that intention to depend (Trusting Behaviour)

6 01/02/2016Web security and Trust Management 6 Closed systems security. Distributed system security PKI ad-hoc methods heavily based on the strength of cryptography is the main method of enforcing security on the web. BUT……… Security is only as strong as the weakest link in the chain.

7 01/02/2016Web security and Trust Management 7 Corporations view of Trust IBM, Microsoft, Verisign, RSA, market and sell products that address security and Trust management problems. Product such as IBM ‘s Trust Authority, VeriSign’s Site Trust Services, MS Domain Trust or RSA Clear Trust; define Trust in their own terms

8 01/02/2016Web security and Trust Management 8 Corporations view of trust Generally means authorization,PKI, IPsec, public and private key encryption, SSL, SSO. i.e. Static trust. We need Dynamic Trust Management

9 01/02/2016Web security and Trust Management 9 Buzz Word!

10 01/02/2016Web security and Trust Management 10 VersiSign Trust Authority IBM RSA ClearTrust ® Kyberpass Trust services Entrust Authority ™ HP Trust Services

11 01/02/2016Web security and Trust Management 11 In NT, Trusts were limited to the two domains involved in the Trust and the Trust relationship was one-way. In Windows 2000 and above, all Trusts are transitive and two-way. Both domains in a Trust relationship automatically Trust each other. Windows Trust

12 01/02/2016Web security and Trust Management 12

13 01/02/2016Web security and Trust Management 13 This means that if Domain A trusts Domain B and Domain B trusts Domain C, users from Domain C (when granted the proper permissions) can access resources in Domain A.

14 01/02/2016Web security and Trust Management 14 The Trust-management by Blaze “Does the set C of credentials prove that the request r complies with the local security policy P?” - Trust properties for modelling??? - Transitive? - Symmetric?

15 01/02/2016Web security and Trust Management 15 Trust and Reputation

16 01/02/2016Web security and Trust Management 16 Trust and Reputation

17 01/02/2016Web security and Trust Management 17 Reputation Agents

18 01/02/2016Web security and Trust Management 18 Reputation Model In this model, only 2 ratings by an agent are considered: an “approve” (represented by ‘1’) or “disapprove” (represented by ‘0’) for an object o k in the environment. Let this rating process be represented by: Rating: r :A  O  {1,0} (3.3) where ik r represents the rating by agent a i on object o k. To model the process of opinion sharing between agents, the concept of an encounter is required. An encounter is an event between 2 different agents (a i, a j ) such that the query agent a i asks the response agent a j for a j ’s rating of an object: Encounter: e  E  A 2  O  {0,1}  {  } (3.4)

19 01/02/2016Web security and Trust Management 19 Trust Rating estimates Trust calculation algorithms:- Fuzzy Logic Logic of Uncertainty Bayesian Logic

20 01/02/2016Web security and Trust Management 20 Bayesian Estimate Rating Let xab(i) be the indicator variable for a’s approval of b after the ith encounter between them. If a and b have had n encounters in the past, the proportion of number of approvals of b by a can be modeled with a Beta prior distribution: Let n = total number of encounters between a and b in the past p = number of approvals of b by a in the past q = true proportion of number of approvals for b by a qˆ = estimator for q based on all encounters between a and b

21 01/02/2016Web security and Trust Management 21 Estimate of Approval by the Agent

22 01/02/2016Web security and Trust Management 22 Future Research Trust calculation algorithms Computable elements of trust Simulation and implementation

23 01/02/2016Web security and Trust Management 23 Discussions

Download ppt "01/02/2016Web security and Trust Management 1 Reza Mousoli 2002-4 Web Security and Trust Management."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Virtual Private Networks

Virtual Private Networks
Computer and Network Security Mini Lecture by Milica Barjaktarovic.

Computer and Network Security Mini Lecture by Milica Barjaktarovic.
PKI Implementation in the Real World

PKI Implementation in the Real World
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Core Web Service Security Patterns

Core Web Service Security Patterns
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Windows Server 2003. WHAT IS ACTIVE DIRECTORY? FUNDAMENTALS OF THE ACTIVE DIRECTORY – Benefits of Using the Active Directory in an Enterprise Environment.

Windows Server WHAT IS ACTIVE DIRECTORY? FUNDAMENTALS OF THE ACTIVE DIRECTORY – Benefits of Using the Active Directory in an Enterprise Environment.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 Florina Almenárez, Andrés Marín, Daniel Díaz, Juan Sánchez

Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 Florina Almenárez, Andrés Marín, Daniel Díaz, Juan Sánchez
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.

Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.

By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Similar presentations

Ads by Google