Trust Management and Accountability for Internet Security
Liu, Wayne W. (author)
Aggarwal, Sudhir (professor directing thesis)
Foo, Simon (university representative)
Duan, Zhenhai (committee member)
De Medeiros, Breno (committee member)
Yuan, Xin (committee member)
Department of Computer Science (degree granting department)
Florida State University (degree granting institution)
2011
text
Adversarial yet interacting interdependent relationships in information sharing and service provisioning have been a pressing issue of the Internet. Such relationships exist among autonomous software agents, in networking system peers, as well as between service users and providers. Traditional ad hoc security approaches effective in countering specific attacks or threats may be too powerful for addressing unspecific risks of potential conflicts, doubts, aversion or hostility exudate from such relationships. Trust management is important in this regard, as it borrows from social sciences the concept of trust to supplement traditional security in dealing with such risks and relationships. However, trust management seems to be constrained to a secondary role by traditional security in certain applications (such as e-commerce, ad hoc networks etc.) or functions (such as confidentiality, integrity etc.) that are specific but narrowly defined. As today's Internet environment calls for a fundamental civil approach to security, we think trust management need be more comprehensive and coherent, not only to help trusters attain their specific notions of security but also help them contribute to the generic, "real" Internet security. So we borrow from social sciences yet another important concept, accountability, to complement trust management and bring a holistic sense to security---foiling its fragmented unilateral notions. Since organizations that own or control servers on the Internet often must play an intermediary role for civil authorities, we think trust management should help them improve their accountability in managing their trust relationships with users and peers. Designing such a trust management system hence is a priority. We revamp a trust management design for Internet servers to leverage organizations' civil roles to improve accountability in their trust relationships with users, peers and authorities based on four principles: identification, authorization, attestation and retribution. Those principles are crucial for servers to bring deterrence and recourse to enforce responsibility so they can trust better, putting reliance on responsible users and peers while holding rogue users or peers responsible. But these principles are also crucial for servers to establish their autonomy in self-regulation and altruistic improvement to bring in civility and morality so they can be trustworthy leaders or allies and account for others. Our trust management thus can improve servers' trust both ways that it helps organizations uphold accountability via their servers on both holding to account and giving account aspects of accountability. Technically, it provides a unified framework to manage servers' trust relationships and maintain their security together thus helps to improve security conditions for users and peers. As a result, accountability is not just upheld unilaterally via servers' autonomous policies and credentials but also multilaterally via their cooperation with each other in the collectively established accountability of the Internet.
Internet Security, Trust Management, Accountability
June 24, 2011.
A Dissertation Submitted to the Department of Computer Science in Partial FulfiLlment of the Requirements for the Degree of Doctor of Philosophy.
Includes bibliographical references.
Florida State University
FSU_migr_etd-1105
This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). The copyright in theses and dissertations completed at Florida State University is held by the students who author them.