Human interactions are often based on mutual trust, so why shouldn't those of machines? One European project has developed a system through which mobile devices can evaluate the trustworthiness of computer networks.

Digital Economy

Trust is an important concept underpinning society. Without it, human interactions would become cumbersome and perhaps even impossible. The application of trust leads naturally to a decentralised approach to security management that can tolerate partial information, albeit one in which there is an inherent element of risk for the trusting entity. We are moving towards the time when there are more things linked by the internet than people. The complexity involved in enabling potentially billions of individual devices to communicate with one another means a decentralised approach will become essential if security systems are not to become unmanageable. However, basing electronic interactions on trust requires not only a thorough understanding of how humans use it to make accurate decisions. A thorough awareness of the implications of this in the computing domain is required, and the risks and challenges this poses to data security and system integrity. The project Secure sought to explore the application of trust-based security systems for mobile and roaming computer infrastructure. The project worked on a framework for trust management. It defined a computational trust model allowing electronic entities to reason about the 'trustworthiness' of other entities for use in security-related decisions. The model would not only enable entities to assess the potential trustworthiness of other entities. It would also balance the benefits and utility against the risks and potential costs to reach a decision on whether or not to trust a particular application or network resource. Secure worked on a formal language for trust policies, including global and local referencing, as well as operational algorithms for distributed computation of policy trust values. By the end of the project, Secure had defined a comprehensive methodology for the evaluation of trust-based security policies, including detailed threat analysis. What's more, it also defined separate evaluation criteria for the decision-making system as a whole and for its individual components. The whole methodology has been successfully tested on a SPAM filtering application. As the domain of trust-based security reaches maturity, the ability to evaluate the effectiveness of various proposed policies becomes crucial. In this respect, Secure could prove to be a valuable tool for the whole scientific community.