The SECURE collaboration model

The SECURE project has shown how trust can be made computationally tractable while retaining a reasonable connection with human and social notions of trust. SECURE has produced a well-founded theory of trust that has been tested and refined through use in real software such as collaborative spam filtering and electronic purse. The software comprises the SECURE kernel with extensions for policy specification by application developers. It has yet to be applied to large-scale, multi-domain distributed systems taking different application contexts into account. The project has not considered privacy in evidence distribution, a crucial issue for many application domains, including public services such as healthcare and police. The SECURE collaboration model has similarities with the trust domain concept, embodying the interaction set of a principal, but SECURE is primarily concerned with pseudonymous entities rather than domain-structured systems

A formal model of trust lifecycle management

The rapid development of collaborative environments over the internet has highlighted new concerns over security and trust in such global computing systems. The global computing infrastructure poses an issue of uncertainty about the potential collaborators. Reaching a trusting decision in such environments encompasses both risk and trust assessments. While much work has been done in terms of modelling trust, the investigation of the management of trust lifecycle issues with consideration of both trust and risk is less examined. Our previous work addressed the dynamic aspects of trust lifecycle with a consideration of trust formation, exploitation, and evolution. In this paper we provide an approach for formalizing these aspects. As part of the formalization of the trust lifecycle,we introduce a notion of attraction to model the effect of new pieces of evidence on our opinion. The formalization described in this paper constitutes the basis of ongoing work to investigate the properties of the model

Privacy, security, and trust issues in smart environments

Recent advances in networking, handheld computing and sensor technologies have driven forward research towards the realisation of Mark Weiser's dream of calm and ubiquitous computing (variously called pervasive computing, ambient computing, active spaces, the disappearing computer or context-aware computing). In turn, this has led to the emergence of smart environments as one significant facet of research in this domain. A smart environment, or space, is a region of the real world that is extensively equipped with sensors, actuators and computing components [1]. In effect the smart space becomes a part of a larger information system: with all actions within the space potentially affecting the underlying computer applications, which may themselves affect the space through the actuators. Such smart environments have tremendous potential within many application areas to improve the utility of a space. Consider the potential offered by a smart environment that prolongs the time an elderly or infirm person can live an independent life or the potential offered by a smart environment that supports vicarious learning

Security models for trusting network appliances

A significant characteristic of pervasive computing is the need for secure interactions between highly mobile entities and the services in their environment. Moreover,these decentralised systems are also characterised by partial views over the state of the global environment, implying that we cannot guarantee verification of the properties of the mobile entity entering an unfamiliar domain. Secure in this context encompasses both the need for cryptographic security and the need for trust, on the part of both parties, that the interaction is functioning as expected. In this paper we make a broad assumption that trust and cryptographic security can be considered as orthogonal concerns (i.e. cryptographic measures do not ensure transmission of correct information). We assume the existence of reliable encryption techniques and focus on the characteristics of a model that supports the management of the trust relationships between two devices during ad-hoc interactions

Trust dynamics for collaborative global computing

Recent advances in networking technology have increased the potential for dynamic enterprise collaborations between an open set of entities on a global scale. The security of these collaborations is a major concern, and requires novel approaches suited to this new environment to be developed. Trust management appears to be a promising approach. Due to the dynamic nature of these collaborations,dynamism in the formation, evolution and exploitation of trust is essential. In this paper we explore the properties of trust dynamics in this context. Trust is formed and evolves according to personal experience and recommendations. The properties of trust dynamics are expressed through a formal model of trust. Specific examples, based on an e-purse application scenario are used to demonstrate these properties

Planning and implementation of effective collaboration in construction projects

The 21st century is now seen as the time for the construction industry to embrace new ways of working if it is to continue to be competitive and meet the needs of its ever demanding clients. Collaborative working is considered by many to be essential if design and construction teams are to consider the whole lifecycle of the construction product. Much of the recent work on collaborative working has focused on the delivery of technological solutions with a focus on web (extranets), CAD (visualisation), and knowledge management technologies. However, it is now recognised that good collaboration does not result from the implementation of information technology solutions alone. The organisational and people issues, which are not readily solved by pure technical systems, need to be resolved. However, approaches that exclusively focus on organisational and people issues will not reap the benefits derived from the use of technology, especially in the context of distributed teams which are the norm in construction. Work currently being undertaken at Loughborough University aims to bring together the benefits enabled by the technology, with the organisational, and its people issues to provide a framework enabling high level strategic decisions to be made to implement effective collaboration. This paper reports on the initial stages of the project: the background to the project, the methodology used, and findings from the literature survey and the requirements capture survey conducted as part of the project

Gathering experience in trust-based interactions

As advances in mobile and embedded technologies coupled with progress in adhoc networking fuel the shift towards ubiquitous computing systems it is becoming increasingly clear that security is a major concern. While this is true of all computing paradigms, the characteristics of ubiquitous systems amplify this concern by promoting spontaneous interaction between diverse heterogeneous entities across administrative boundaries [5]. Entities cannot therefore rely on a specific control authority and will have no global view of the state of the system. To facilitate collaboration with unfamiliar counterparts therefore requires that an entity takes a proactive approach to self-protection. We conjecture that trust management is the best way to provide support for such self-protection measures

Trust realisation in multi-domain collaborative environments

In the Internet-age, the geographical boundaries that have previously impinged upon inter-organisational collaborations have become decreasingly important. Of more importance for such collaborations is the notion and subsequent nature of trust - this is especially so in Grid-like environments where resources are both made available and subsequently accessed and used by remote users from a multitude of institutions with a variety of different privileges spanning across the collaborating resources. In this context, the ability to dynamically negotiate and subsequently enforce security policies driven by various levels of inter-organisational trust is essential. In this paper we present a dynamic trust negotiation (DTN) model and associated prototype implementation showing the benefits and limitations DTN incurs in supporting n-tier delegation hops needed for trust realisation in multi-domain collaborative environments