7,146 research outputs found
Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments
Decentralized systems are a subset of distributed systems where multiple
authorities control different components and no authority is fully trusted by
all. This implies that any component in a decentralized system is potentially
adversarial. We revise fifteen years of research on decentralization and
privacy, and provide an overview of key systems, as well as key insights for
designers of future systems. We show that decentralized designs can enhance
privacy, integrity, and availability but also require careful trade-offs in
terms of system complexity, properties provided, and degree of
decentralization. These trade-offs need to be understood and navigated by
designers. We argue that a combination of insights from cryptography,
distributed systems, and mechanism design, aligned with the development of
adequate incentives, are necessary to build scalable and successful
privacy-preserving decentralized systems
Trustee: A Trust Management System for Fog-enabled Cyber Physical Systems
In this paper, we propose a lightweight trust management system (TMS) for fog-enabled cyber physical systems (Fog-CPS). Trust computation is based on multi-factor and multi-dimensional parameters, and formulated as a statistical regression problem which is solved by employing random forest regression model. Additionally, as the Fog-CPS systems could be deployed in open and unprotected environments, the CPS devices and fog nodes are vulnerable to numerous attacks namely, collusion, self-promotion, badmouthing, ballot-stuffing, and opportunistic service. The compromised entities can impact the accuracy of trust computation model by increasing/decreasing the trust of other nodes. These challenges are addressed by designing a generic trust credibility model which can countermeasures the compromise of both CPS devices and fog nodes. The credibility of each newly computed trust value is evaluated and subsequently adjusted by correlating it with a standard deviation threshold. The standard deviation is quantified by computing the trust in two configurations of hostile environments and subsequently comparing it with the trust value in a legitimate/normal environment. Our results demonstrate that credibility model successfully countermeasures the malicious behaviour of all Fog-CPS entities i.e. CPS devices and fog nodes. The multi-factor trust assessment and credibility evaluation enable accurate and precise trust computation and guarantee a dependable Fog-CPS system
Recommended from our members
Generating citizen trust in e-government using a trust verification agent: A research note
Generating Citizen Trust in e-Government using a Trust Verification AgentThis is an eGISE network paper. It is motivated by a concern about the extent to which trust issues inhibit a citizenâs take-up of online public sector services or engagement with public decision and
policy making. A citizenâs decision to use online systems is influenced by their willingness to trust the environment and agency involved. This project addresses one aspect of individual âtrustâ decisions by
providing support for citizens trying to evaluate the implications of the security infrastructure provided by the agency. Based on studies of the way both groups (citizens and agencies) express their concerns and concepts in the security area, the project will develop a software tool â a trust
verification agent (TVA) - that can take an agencyâs security statements (or security audit) and infer how effectively this meets the security concerns of a particular citizen. This will enable citizens to state
their concerns and obtain an evaluation of the agencyâs provision in appropriate âcitizen friendlyâ language. Further, by employing rule-based expert systems techniques the TVA will also be able to explain its evaluation.Engineering and Physical Sciences Research Council, UK (grant GR/T27020/01
Recommended from our members
Generating citizen trust in e-government using a trust verification agent: A research note
Generating Citizen Trust in e-Government using a Trust Verification AgentThis is an eGISE network paper. It is motivated by a concern about the extent to which trust issues inhibit a citizenâs take-up of online public sector services or engagement with public decision and policy making. A citizenâs decision to use online systems is influenced by their willingness to trust the environment and agency involved. This project addresses one aspect of individual âtrustâ decisions by
providing support for citizens trying to evaluate the implications of the security infrastructure provided by the agency. Based on studies of the way both groups (citizens and agencies) express their concerns and concepts in the security area, the project will develop a software tool â a trust
verification agent (TVA) - that can take an agencyâs security statements (or security audit) and infer how effectively this meets the security concerns of a particular citizen. This will enable citizens to state
their concerns and obtain an evaluation of the agencyâs provision in appropriate âcitizen friendlyâ
language. Further, by employing rule-based expert systems techniques the TVA will also be able to explain its evaluation.Engineering and Physical Sciences Research Council-UK (grant GR/T27020/01
Trusted operational scenarios - Trust building mechanisms and strategies for electronic marketplaces.
This document presents and describes the trusted operational scenarios, resulting from the research and work carried out in Seamless project. The report presents identified collaboration habits of small and medium enterprises with low e-skills, trust building mechanisms and issues as main enablers of online business relationships on the electronic marketplace, a questionnaire analysis of the level of trust acceptance and necessity of trust building mechanisms, a proposal for the development of different strategies for the different types of trust mechanisms and recommended actions for the SEAMLESS project or other B2B marketplaces.trust building mechanisms, trust, B2B networks, e-marketplaces
Electronic security - risk mitigation in financial transactions : public policy issues
This paper builds on a previous series of papers (see Claessens, Glaessner, and Klingebiel, 2001, 2002) that identified electronic security as a key component to the delivery of electronic finance benefits. This paper and its technical annexes (available separately at http://www1.worldbank.org/finance/) identify and discuss seven key pillars necessary to fostering a secure electronic environment. Hence, it is intended for those formulating broad policies in the area of electronic security and those working with financial services providers (for example, executives and management). The detailed annexes of this paper are especially relevant for chief information and security officers responsible for establishing layered security. First, this paper provides definitions of electronic finance and electronic security and explains why these issues deserve attention. Next, it presents a picture of the burgeoning global electronic security industry. Then it develops a risk-management framework for understanding the risks and tradeoffs inherent in the electronic security infrastructure. It also provides examples of tradeoffs that may arise with respect to technological innovation, privacy, quality of service, and security in designing an electronic security policy framework. Finally, it outlines issues in seven interrelated areas that often need attention in building an adequate electronic security infrastructure. These are: 1) The legal framework and enforcement. 2) Electronic security of payment systems. 3) Supervision and prevention challenges. 4) The role of private insurance as an essential monitoring mechanism. 5) Certification, standards, and the role of the public and private sectors. 6) Improving the accuracy of information on electronic security incidents and creating better arrangements for sharing this information. 7) Improving overall education on these issues as a key to enhancing prevention.Knowledge Economy,Labor Policies,International Terrorism&Counterterrorism,Payment Systems&Infrastructure,Banks&Banking Reform,Education for the Knowledge Economy,Knowledge Economy,Banks&Banking Reform,International Terrorism&Counterterrorism,Governance Indicators
S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX
Function-as-a-Service (FaaS) is a recent and already very popular paradigm in
cloud computing. The function provider need only specify the function to be
run, usually in a high-level language like JavaScript, and the service provider
orchestrates all the necessary infrastructure and software stacks. The function
provider is only billed for the actual computational resources used by the
function invocation. Compared to previous cloud paradigms, FaaS requires
significantly more fine-grained resource measurement mechanisms, e.g. to
measure compute time and memory usage of a single function invocation with
sub-second accuracy. Thanks to the short duration and stateless nature of
functions, and the availability of multiple open-source frameworks, FaaS
enables non-traditional service providers e.g. individuals or data centers with
spare capacity. However, this exacerbates the challenge of ensuring that
resource consumption is measured accurately and reported reliably. It also
raises the issues of ensuring computation is done correctly and minimizing the
amount of information leaked to service providers.
To address these challenges, we introduce S-FaaS, the first architecture and
implementation of FaaS to provide strong security and accountability guarantees
backed by Intel SGX. To match the dynamic event-driven nature of FaaS, our
design introduces a new key distribution enclave and a novel transitive
attestation protocol. A core contribution of S-FaaS is our set of resource
measurement mechanisms that securely measure compute time inside an enclave,
and actual memory allocations. We have integrated S-FaaS into the popular
OpenWhisk FaaS framework. We evaluate the security of our architecture, the
accuracy of our resource measurement mechanisms, and the performance of our
implementation, showing that our resource measurement mechanisms add less than
6.3% latency on standardized benchmarks
Tutorial: Identity Management Systems and Secured Access Control
Identity Management has been a serious problem since the establishment of the Internet. Yet little progress has been made toward an acceptable solution. Early Identity Management Systems (IdMS) were designed to control access to resources and match capabilities with people in well-defined situations, Todayâs computing environment involves a variety of user and machine centric forms of digital identities and fuzzy organizational boundaries. With the advent of inter-organizational systems, social networks, e-commerce, m-commerce, service oriented computing, and automated agents, the characteristics of IdMS face a large number of technical and social challenges. The first part of the tutorial describes the history and conceptualization of IdMS, current trends and proposed paradigms, identity lifecycle, implementation challenges and social issues. The second part addresses standards, industry initia-tives, and vendor solutions. We conclude that there is disconnect between the need for a universal, seamless, trans-parent IdMS and current proposed standards and vendor solutions
Enforcing trustworthy cloud SLA with witnesses: A game theoryâbased model using smart contracts
There lacks trust between the cloud customer and provider to enforce traditional cloud SLA (Service Level Agreement) where the blockchain technique seems a promising solution. However, current explorations still face challenges to prove that the off-chain SLO (Service Level Objective) violations really happen before recorded into the on-chain transactions. In this paper, a witness model is proposed implemented with smart contracts to solve this trust issue. The introduced role, âWitnessâ, gains rewards as an incentive for performing the SLO violation report, and the payoff function is carefully designed in a way that the witness has to tell the truth, for maximizing the rewards. This fact that the witness has to be honest is analyzed and proved using the Nash Equilibrium principle of game theory. For ensuring the chosen witnesses are random and independent, an unbiased selection algorithm is proposed to avoid possible collusions. An auditing mechanism is also introduced to detect potential malicious witnesses. Specifically, we define three types of malicious behaviors and propose quantitative indicators to audit and detect these behaviors. Moreover, experimental studies based on Ethereum blockchain demonstrate the proposed model is feasible, and indicate that the performance, ie, transaction fee, of each interface follows the design expectations
- âŠ