Reputation-based trust management

Abstract: We propose a formal model for reputation-based trust management. In contrast to credential-based trust management, in our framework an agent's reputation serves as the basis for trust. For example, an access control policy may consider the agent's reputation when deciding whether to offer him a license for accessing a protected resource. The underlying semantic model is an event semantics inspired by the actor model, and assumes that each agent has only partial knowledge of the events that have occurred. Restr… Show more

“…Many reputation-based systems have been proposed in the literature (Jøsang et al [14] provide many references), so we choose to mention only a few typical examples and closely related systems. Kamvar et al present EigenTrust [16], Shmatikov and Talcott propose a license-based framework [28], and the EU project 'SECURE' [4,5] (which also uses event structures for modelling observations [18,22]) can be viewed as a reputation-based system, to name a notable few.…”

“…This is handled simply by "sending formula ψ" to p. Principal p maintains the truth of ψ with respect to its interaction history using the algorithms of last section, and sends the required value to the requesting principal when needed. 7 Another approach is for p to send its entire interaction history so that the verification can be performed locally, e.g., as is done with method exportEvents in the license-based framework of Shmatikov and Talcott [28]. It does not make sense to consider the algorithmic complexity of referencing.…”

“…In the Beta reputation system [13], similar abstractions are performed, obtaining a numerical value in [−1, 1] (with a statistical interpretation). It is not hard to find other examples of such information-abstraction in the reputationsystem literature [14], and the only non-example we are aware of is the framework of Shmatikov and Talcott [28] which we discuss further in the concluding section.…”

“…In these systems, principals keep track of the history of interactions with other principals. The recorded behavioural information is used to guide future decisions about interaction (see references [14,20,25,28] on reputation). This dynamic approach is being investigated as a means of overcoming the above mentioned security problems of globalscale systems.…”

A framework for concrete reputation-systems with applications to history-based access control

“…Many reputation-based systems have been proposed in the literature (Jøsang et al [14] provide many references), so we choose to mention only a few typical examples and closely related systems. Kamvar et al present EigenTrust [16], Shmatikov and Talcott propose a license-based framework [28], and the EU project 'SECURE' [4,5] (which also uses event structures for modelling observations [18,22]) can be viewed as a reputation-based system, to name a notable few.…”

“…This is handled simply by "sending formula ψ" to p. Principal p maintains the truth of ψ with respect to its interaction history using the algorithms of last section, and sends the required value to the requesting principal when needed. 7 Another approach is for p to send its entire interaction history so that the verification can be performed locally, e.g., as is done with method exportEvents in the license-based framework of Shmatikov and Talcott [28]. It does not make sense to consider the algorithmic complexity of referencing.…”

“…In the Beta reputation system [13], similar abstractions are performed, obtaining a numerical value in [−1, 1] (with a statistical interpretation). It is not hard to find other examples of such information-abstraction in the reputationsystem literature [14], and the only non-example we are aware of is the framework of Shmatikov and Talcott [28] which we discuss further in the concluding section.…”

“…In these systems, principals keep track of the history of interactions with other principals. The recorded behavioural information is used to guide future decisions about interaction (see references [14,20,25,28] on reputation). This dynamic approach is being investigated as a means of overcoming the above mentioned security problems of globalscale systems.…”

A framework for concrete reputation-systems with applications to history-based access control

“…A calculus for ubiquitous computing dealing with trust is proposed in [26], a framework allowing LTL model checking. An instance of a formal approach based on the actor model dealing with trust management is [41]. Paradigm, also a transition-based coordination language, provides an architectural view on secure coordination, unlike the other example formalisms mentioned.…”

Architecting Security with Paradigm

Managing Trust in Online Social Networks