Closed-loop feedback computation model of dynamical reputation based on the local trust evaluation in business-to-consumer e-commerce

Trust and reputation are important factors that influence the success of both traditional transactions in physical social networks and modern e-commerce in virtual Internet environments. It is difficult to define the concept of trust and quantify it because trust has both subjective and objective characteristics at the same time. A well-reported issue with reputation management system in business-to-consumer (BtoC) e-commerce is the “all good reputation” problem. In order to deal with the confusion, a new computational model of reputation is proposed in this paper. The ratings of each customer are set as basic trust score events. In addition, the time series of massive ratings are aggregated to formulate the sellers’ local temporal trust scores by Beta distribution. A logical model of trust and reputation is established based on the analysis of the dynamical relationship between trust and reputation. As for single goods with repeat transactions, an iterative mathematical model of trust and reputation is established with a closed-loop feedback mechanism. Numerical experiments on repeated transactions recorded over a period of 24 months are performed. The experimental results show that the proposed method plays guiding roles for both theoretical research into trust and reputation and the practical design of reputation systems in BtoC e-commerce

Privacy-Aware and Reliable Complex Event Processing in the Internet of Things - Trust-Based and Flexible Execution of Event Processing Operators in Dynamic Distributed Environments

The Internet of Things (IoT) promises to be an enhanced platform for supporting a heterogeneous range of context-aware applications in the fields of traffic monitoring, healthcare, and home automation, to name a few. The essence of the IoT is in the inter-networking of distributed information sources and the analysis of their data to understand the interactions between the physical objects, their users, and their environment. Complex Event Processing (CEP) is a cogent paradigm to infer higher-level information from atomic event streams (e.g., sensor data in the IoT). Using functional computing modules called operators (e.g., filters, aggregates, sequencers), CEP provides for an efficient and low-latency processing environment. Privacy and mobility support for context processing is gaining immense importance in the age of the IoT. However, new mobile communication paradigms - like Device-to-Device (D2D) communication - that are inherent to the IoT, must be enhanced to support a privacy-aware and reliable execution of CEP operators on mobile devices. It is crucial to preserve the differing privacy constraints of mobile users, while allowing for flexible and collaborative processing. Distributed mobile environments are also susceptible to adversary attacks, given the lack of sufficient control over the processing environment. Lastly, ensuring reliable and accurate CEP becomes a serious challenge due to the resource-constrained and dynamic nature of the IoT. In this thesis, we design and implement a privacy-aware and reliable CEP system that supports distributed processing of context data, by flexibly adapting to the dynamic conditions of a D2D environment. To this end, the main contributions, which form the key components of the proposed system, are three-fold: 1) We develop a method to analyze the communication characteristics of the users and derive the type and strength of their relationships. By doing so, we utilize the behavioral aspects of user relationships to automatically derive differing privacy constraints of the individual users. 2) We employ the derived privacy constraints as trust relations between users to execute CEP operators on mobile devices in a privacy-aware manner. In turn, we develop a trust management model called TrustCEP that incorporates a robust trust recommendation scheme to prevent adversary attacks and allow for trust evolution. 3) Finally, to account for reliability, we propose FlexCEP, a fine-grained flexible approach for CEP operator migration, such that the CEP system adapts to the dynamic nature of the environment. By extracting intermediate operator state and by leveraging device mobility and instantaneous characteristics, FlexCEP provides a flexible CEP execution model under varying network conditions. Overall, with the help of thorough evaluations of the above three contributions, we show how the proposed distributed CEP system can satisfy the requirements established above for a privacy-aware and reliable IoT environment

Formal Methods for Wireless Systems

I sistemi wireless sono costituiti da dispositivi che comunicano tra loro per mezzo di un canale radio. Questo paradigma di rete presenta molti vantaggi, ma la presenza del canale radio lo rende intrinsecamente vulnerabile. Di conseguenza, in tale ambito la sicurezza rappresenta un tema importante. I meccanismi di sicurezza messi a punto per i sistemi cablati presentano molti limiti quando vengono utilizzati in una rete wireless. I problemi principali derivano dal fatto che essi operano in modo centralizzato e sotto l'ipotesi di un “mondo chiuso”. Pertanto tecniche formali sono necessarie per stabilire una connessione matematicamente rigorosa tra la modellazione e gli obiettivi di sicurezza. Nella presente tesi si applica il formalismo ben noto del "process calculus" per modellare le principali caratteristiche della comunicazione wireless. Il contributo scientifico è essenzialmente teorico. Verrà proposto un primo process calculus per modellare il passaggio del tempo nei sistemi wireless. Verranno dimostrate alcune interessanti proprietà relative al tempo. Inoltre verrà presentata una rigorosa trattazione dei problemi di collisione. Verranno fornite anche “equivalenze comportamentali” (behavioural equivalence) e verranno dimostrate una serie di leggi algebriche. L'usabilità del calcolo verrà mostrata modellando il Carrier Sense Multiple Access, un diffuso protocollo di livello MAC in cui un dispositivo ascolta il canale prima di trasmettere. Verranno poi analizzati alcuni aspetti di sicurezza, in particolare verrà proposto un modello di trust per le reti ad hoc mobili. Tali reti sono costituite da nodi mobili che comunicano senza l’ausilio di altre infrastrutture. Le reti di tale calcolo verranno modellate come sistemi multilivello perché le relazioni di trust associano ai nodi livelli di sicurezza in base al loro comportamento. Tale modello di trust verrà incluso in un process calculus per reti ad hoc che sarà dotato di equivalenze comportamentali a partire dalle quali verrà sviluppata una "teoria osservazionale" (observational theory). Saranno garantiti sia alcune interessanti proprietà relative alla sicurezza, come la safety in presenza di nodi compromessi, sia risultati di non interferenza. Tale calcolo verrà utilizzato per analizzare una versione “sicura” di un algoritmo per il leader election nelle reti ad hoc. Verrà fornita anche una codifica del protocollo di routing per reti ad hoc chiamato endairA. Infine, il calcolo sul trust verrà esteso con aspetti legati al tempo, per spiegare la relazione tra tempo e trust. Infine quest’ultimo calcolo verrà applicato per dare una codifica del protocollo di routing per reti ad hoc chiamato ARAN.Wireless systems consist of wireless devices which communicate with each other by means of a radio frequency channel. This networking paradigm offers much convenience, but because of the use of the wireless medium it is inherently vulnerable to many threats. As a consequence, security represents an important issue. Security mechanisms developed for wired systems present many limitations when used in a wireless context. The main problems stem from the fact that they operate in a centralised manner and under the assumption of a \closed world". Formal techniques are therefore needed to establish a mathematically rigorous connection between modelling and security goals. In the present dissertation we apply the well-known formalism of process calculus to model the features of wireless communication. The scientic contributions are primarily theoretical.We propose a timed process calculus modelling the communication features of wireless systems and enjoying some desirable time properties. The presence of time allows us to reason about communication collisions. We also provide behavioural equivalences and we prove a number of algebraic laws. We illustrate the usability of the calculus to model the Carrier Sense Multiple Access scheme, a widely used MAC level protocol in which a device senses the channel before transmitting. We then focus on security aspects, in particular we propose a trust model for mobile ad hoc networks, composed only of mobile nodes that communicate each other without relying on any base station. We model our networks as multilevel systems because trust relations associate security levels to nodes depending on their behaviour. Then we embody this trust model in a process calculus modelling the features of ad hoc networks. Our calculus is equipped with behavioural equivalences allowing us to develop an observational theory. We ensure safety despite compromised nodes and non interference results. We then use this calculus to analyse a secure version of a leader election algorithm for ad hoc networks. We also provide an encoding of the endairA routing protocol for ad hoc networks. Finally, we extend the trust-based calculus with timing aspects to reason about the relationship between trust and time. We then apply our calculus to formalise the routing protocol ARAN for ad hoc networks

TACKLING INSIDER THREATS USING RISK-AND-TRUST AWARE ACCESS CONTROL APPROACHES

Insider Attacks are one of the most dangerous threats organizations face today. An insider attack occurs when a person authorized to perform certain actions in an organization decides to abuse the trust, and harm the organization by causing breaches in the confidentiality, integrity or availability of the organization’s assets. These attacks may negatively impact the reputation of the organization, its productivity, and may incur heavy losses in revenue and clients. Preventing insider attacks is a daunting task. Employees need legitimate access to effectively perform their jobs; however, at any point of time they may misuse their privileges accidentally or intentionally. Hence, it is necessary to develop a system capable of finding a middle ground where the necessary privileges are provided and insider threats are mitigated. In this dissertation, we address this critical issue. We propose three adaptive risk-and-trust aware access control frameworks that aim at thwarting insider attacks by incorporating the behavior of users in the access control decision process. Our first framework is tailored towards general insider threat prevention in role-based access control systems. As part of this framework, we propose methodologies to specify risk-and-trust aware access control policies and a risk management approach that minimizes the risk exposure for each access request. Our second framework is designed to mitigate the risk of obligation-based systems which are difficult to manage and are particularly vulnerable to sabotage. As part of our obligation-based framework, we propose an insider-threat-resistant trust computation methodology. We emphasize the use of monitoring of obligation fulfillment patterns to determine some psychological precursors that have high predictive power with respect to potential insider threats. Our third framework is designed to take advantage of geo-social information to deter insider threats. We uncover some insider threats that arise when geo-social information is used to make access control decisions. Based on this analysis, we define an insider threat resilient access control approach to manage privileges that considers geo-social context. The models and methodologies presented in this dissertation can help a broad range of organizations in mitigating insider threats