Building trust into computing environments
In the digital world, a huge amount of interactions may take place between complete strangers. These interactions involve risk since there is no prior information about the likely behaviour of a prospective collaborator. Traditional security policies based strictly on authentication are too complex, often assuming the presence of skilled system administrators. Trust has been seen as a predictor of an entity's future behaviour based on past experience. The SECURE project provided a computational version of trust to be used for the design of dynamic and self-configuring security mechanisms. This computational trust model captures human intuitions about trust and allows reasoning about trust and risk. In the SECURE system a trust value reflects the reliability and trustworthiness of an entity, based on its observed behaviour. The trust value together with the cost or benefit of the possible outcomes of a transaction is the data used for risk analysis automatically performed by the system. When there is no record of interaction between entities the system provides the ability to request recommendations from others in order to form a trust value based on their experience. The SECURE project developed a framework encompassing algorithms for trust management. This framework is written in the Java programming language and has been evaluated for a mail proxy SPAM filter that employs SECURE. However, the generic structure of the framework allows the further evaluation of the overall approach in a number of application scenarios. This provides a platform for the scientific community for experimentation on trust-based security policies.
