7 research outputs found
Local and Global Trust Based on the Concept of Promises
We use the notion of a promise to define local trust between agents
possessing autonomous decision-making. An agent is trustworthy if it is
expected that it will keep a promise. This definition satisfies most
commonplace meanings of trust. Reputation is then an estimation of this
expectation value that is passed on from agent to agent.
Our definition distinguishes types of trust, for different behaviours, and
decouples the concept of agent reliability from the behaviour on which the
judgement is based. We show, however, that trust is fundamentally heuristic, as
it provides insufficient information for agents to make a rational judgement. A
global trustworthiness, or community trust can be defined by a proportional,
self-consistent voting process, as a weighted eigenvector-centrality function
of the promise theoretical graph
Leaving Town for the Market: The Emergence and Expansion of Social Trust in the Works of Elinor Ostrom and Henry Sumner Maine
This paper uses the evolutionary frame provided by the Victorian jurist Henry Sumner Maine to describe the process by which trust can be seen as the product of a gradual development that starts with small-scale communities and later allows market exchanges to develop themselves. I also argue, using the work of Elinor Ostrom (1990), that trust emerges first within small-scale communities, where first- and second-degree collective action problems need to be resolved. The development of a social disposition to trust is closely linked with an institutional context that encourages individuals to take the externalities of their actions into account. This is made possible by customary mechanisms, as the development of social trust at this stage cannot rely on a mighty “Leviathan”. Therefore, this paper questions the claim that social trust is the product of market exchanges.
Market exchanges might favor the further growth of social trust, hands in hands with the right institutional frame. However, this growth is not just the transposition of a previously acquired disposition to trust. The work of Henry Sumner Maine interestingly underlines the importance of the co-development of institutions and trust, from its origin in small communities to its expansion to market exchanges. Both Ostrom’s and Maine’s perspectives underline the fact that trust and trustworthiness are complementary and question a-rational perspectives on trust. This paper also elaborates on the claim, coming from the literature on contract law, that focusing on sanctioning mechanisms can be highly counterproductive
Security considerations in the open source software ecosystem
Open source software plays an important role in the software supply chain, allowing stakeholders to
utilize open source components as building blocks in their software, tooling, and infrastructure. But
relying on the open source ecosystem introduces unique challenges, both in terms of security and trust,
as well as in terms of supply chain reliability.
In this dissertation, I investigate approaches, considerations, and encountered challenges of stakeholders in the context of security, privacy, and trustworthiness of the open source software supply
chain. Overall, my research aims to empower and support software experts with the knowledge and
resources necessary to achieve a more secure and trustworthy open source software ecosystem. In the
first part of this dissertation, I describe a research study investigating the security and trust practices
in open source projects by interviewing 27 owners, maintainers, and contributors from a diverse set
of projects to explore their behind-the-scenes processes, guidance and policies, incident handling, and
encountered challenges, finding that participants’ projects are highly diverse in terms of their deployed
security measures and trust processes, as well as their underlying motivations. More on the consumer
side of the open source software supply chain, I investigated the use of open source components in
industry projects by interviewing 25 software developers, architects, and engineers to understand their
projects’ processes, decisions, and considerations in the context of external open source code, finding
that open source components play an important role in many of the industry projects, and that most
projects have some form of company policy or best practice for including external code. On the side of
end-user focused software, I present a study investigating the use of software obfuscation in Android
applications, which is a recommended practice to protect against plagiarism and repackaging. The
study leveraged a multi-pronged approach including a large-scale measurement, a developer survey, and
a programming experiment, finding that only 24.92% of apps are obfuscated by their developer, that
developers do not fear theft of their own apps, and have difficulties obfuscating their own apps. Lastly,
to involve end users themselves, I describe a survey with 200 users of cloud office suites to investigate
their security and privacy perceptions and expectations, with findings suggesting that users are generally
aware of basic security implications, but lack technical knowledge for envisioning some threat models.
The key findings of this dissertation include that open source projects have highly diverse security
measures, trust processes, and underlying motivations. That the projects’ security and trust needs are
likely best met in ways that consider their individual strengths, limitations, and project stage, especially
for smaller projects with limited access to resources. That open source components play an important
role in industry projects, and that those projects often have some form of company policy or best
practice for including external code, but developers wish for more resources to better audit included
components.
This dissertation emphasizes the importance of collaboration and shared responsibility in building and maintaining the open source software ecosystem, with developers, maintainers, end users,
researchers, and other stakeholders alike ensuring that the ecosystem remains a secure, trustworthy, and
healthy resource for everyone to rely on
Proceedings of the 3rd International Workshop on Formal Aspects in Security and Trust (FAST2005)
The present report contains the pre-proceedings of the third international Workshop on Formal Aspects in Security and Trust (FAST2005), held in Newcastle upon Tyne, 18-19 July 2005. FAST is an event affliated with the Formal Methods 2005 Congress (FM05). The third international Workshop on Formal Aspects in Security and Trust (FAST2005) aims at continuing the successful effort of the previous two FAST workshop editions for fostering the cooperation among researchers in the areas of security and trust. The new challenges offered by the so-called ambient intelligence space, as a future paradigm in the information society, demand for a coherent and rigorous framework of concepts, tools and methodologies to provide user\u27s trust&confidence on the underlying communication/interaction infrastructure. It is necessary to address issues relating to both guaranteeing security of the infrastructure and the perception of the infrastructure being secure. In addition, user confidence on what is happening must be enhanced by developing trust models effective but also easily comprehensible and manageable by users
Formal Aspects in Security and Trust
his book constitutes the thoroughly refereed post-proceedings of the Third International Workshop on Formal Aspects in Security and Trust, FAST 2005, held in Newcastle upon Tyne, UK in July 2005. The 17 revised papers presented together with the extended abstract of 1 invited paper were carefully reviewed and selected from 37 submissions. The papers focus on formal aspects in security and trust policy models, security protocol design and analysis, formal models of trust and reputation, logics for security and trust, distributed trust management systems, trust-based reasoning, digital assets protection, data protection, privacy and ID issues, information flow analysis, language-based security, security and trust aspects in ubiquitous computing, validation/analysis tools, web service security/trust/privacy, GRID security, security risk assessment, and case studies
Trustworthiness by Default
We present a framework for reasoning about trustworthiness, with application to conflict resolution and belief formation at various degrees of reliability. On the basis of an assignment of relative trustworthiness to sets of information sources, a lattice of degrees of trustworthiness is constructed; from this, a priority structure is derived and applied to the problem of forming the right opinion in the presence of possibly conflicting information. Consolidated with an unquestioned knowledge base, this provides an unambiguous account of what an agent should believe, conditionally on which information sources are trusted. Applications in multi-agent doxastic logic are sketched