Apply Model Checking to Security Analysis in Trust Management

Reith, Mark; Niu, Jianwei; Winsborough, William H.

doi:10.21236/ada462754

Cited by 5 publications

(4 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the literature, trust and reputation models are analyzed typically through ad-hoc simulation [Kim 2009;Ganeriwal et al 2008;Zhang et al 2007;Kamvar et al 2003], sometimes by means of game theory [Li and Shen 2012], and, only in few cases, via model checking [Aldini 2015;Kwiatkowska et al 2013;He et al 2010;Reith et al 2007]. In most cases, the focus is on the validation of new models, while less attention is devoted to the formal, exhaustive comparison among different models with respect to efficiency requirements and robustness against the attack taxonomy.…”

Section: Conclusion and Related Workmentioning

confidence: 99%

Design and Verification of Trusted Collective Adaptive Systems

Aldini

2018

ACM Trans. Model. Comput. Simul.

View full text Add to dashboard Cite

Collective adaptive systems (CAS) often adopt cooperative operating strategies to run distributed decision-making mechanisms. Sometimes, their effectiveness massively relies on the collaborative nature of individuals’ behavior. Stimulating cooperation while preventing selfish and malicious behaviors is the main objective of trust and reputation models. These models are largely used in distributed, peer-to-peer environments and, therefore, represent an ideal framework for improving the robustness, as well as security, of CAS. In this article, we propose a formal framework for modeling and verifying trusted CAS. From the modeling perspective, mobility, adaptiveness, and trust-based interaction represent the main ingredients used to define a flexible and easy-to-use paradigm. Concerning analysis, formal automated techniques based on equivalence and model checking support the prediction of the CAS behavior and the verification of the underlying trust and reputation models, with the specific aim of estimating robustness with respect to the typical attacks conducted against webs of trust.

show abstract

Section: Conclusion and Related Workmentioning

confidence: 99%

Design and Verification of Trusted Collective Adaptive Systems

Aldini

2018

ACM Trans. Model. Comput. Simul.

View full text Add to dashboard Cite

show abstract

“…Programs that violated a property were not verifiable and flagged for review. Model checking has also been used to verify security properties of access control policies [Gue04,Rei07b].…”

Section: Formal Models Of Security Measurement and Metricsmentioning

confidence: 99%

Directions in security metrics research

Jansen¹

2009

163

View full text Add to dashboard Cite

(ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL's responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Interagency Report discusses ITL's research, guidance, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations. Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.

show abstract

“…We suggest role dependency graphs as a model for our policy because it shows the nature of the delegation chain and how users/principals are introduced into the policy. A role dependency graph (RDG) [17] is a tool for visually depicting and analyzing role-to-role and role-toprincipal relationships.…”

Section: B the Trust Policy Layermentioning

confidence: 99%

The Trust Management Model of Trusted Software

Liao

Nie

et al. 2009

2009 International Forum on Information Technology and Applications

View full text Add to dashboard Cite

The interconnection of software engineering and security engineering has been bringing research challenges and opportunities to us. We propose a layered framework for the trust management model of trusted software, including three layers: the application behavior layer, the trust check engineer layer, and the trust policy layer. The multi-layer approach attempts to organize a complex security design into simpler layers that can be evaluated against security requirements. Each layer has its own form of state information and thus each may be modeled.

show abstract

Apply Model Checking to Security Analysis in Trust Management

Cited by 5 publications

References 5 publications

Design and Verification of Trusted Collective Adaptive Systems

Design and Verification of Trusted Collective Adaptive Systems

Directions in security metrics research

The Trust Management Model of Trusted Software

Contact Info

Product

Resources

About