It is Time to Build Trust
De Montfort University's Professor Hussein Zedan argues the necessity to exchange information with others in open IT environments, where organisations form ad-hoc collaborations with unknown partners, whose long-term intentions are difficult to predict, poses a major challenge to agencies, including the military, involved in disaster relief and humanitarian aid
It is widely accepted that the ability to form multi-organizational IT networks rapidly is crucial to humanitarian aid, disaster relief, and large urgent projects. Designing and implementing the IT network's conversation space, the abilty to exchange information with others, is the central challenge.
We have seen a move from traditionally isolated and closed IT systems towards more networked applications where organisations increasingly share and exchange information. Organisations nowadays cooperate with a very limited number of carefully selected and trusted partners, which has huge security implications on these networked environments. It is anticipated that this trend will continue, leading to open IT environments where organisations form ad-hoc collaborations with partners whose long-term intentions are unknown and difficult to predict.
The dynamics of these ad-hoc collaborations and the increased number of partners and information poses two fundamental problems:
1) agility and speed of the formation of these collaborations and
2) the assessment of the trustworthiness of the involved partners.
These are major concerns for applications in, for example, the military domain where it is desirable to increase situational awareness through collaboration and to decrease the length of the decision-making cycle. The move towards autonomous IT systems, that can to some degree participate in collaborations at their own discretion provides a solution, as their agility to adapt and reconfigure to new, unforeseen conditions can overcome these problems.
This autonomy, however, leads to entirely new challenges for the security of these IT systems which are best addressed by introducing the notion of a trust management system that intertwines with the system's security mechanisms.
Trust and Security are not incompatible concepts. Some aspects of trust rely heavily on the existence of sound security mechanisms. One example is the adequate protection and handling of meta-information, for example log-files that are associated with trust. Equally, security decisions can be also influenced by trust as an access control policy may depend on the trust-level that the system has in the entities that are requesting access to secured data. Fundamental to our work at De Montfort University is that both trust and security are governed by policies. These policies express constraints on the functional behaviour of the system. Crucially, the policies are allowed to change according to time and/or the occurrence of events. For example, the following policies illustrate such changes "you are allowed to be overdrawn by up to £100 in the first week of every month" and "in the case of bankruptcy, customers are not allowed to be overdrawn". The second policy will replace the first policy in the event of bankruptcy.
As a result existing security mechanisms must be able to cope with the dynamics of trust. Policies that govern the access to resources will change as a result of trust-evaluations.
Trust is a fundamental concept in human behaviour, and has governed collaboration between humans and organisations for millennia. The ultimate aim of our trust management system is to transfer such forms of collaboration to future autonomous systems scenarios. Trust in computing is the attempt to formalise, implement and utilise trust models borrowed from social sciences to govern and control the interactions between a set of autonomous entities in an open IT environment.
In such environments, entities are owned by different providers, some of which are benevolent, and others that have different interests in the overall objective of the system. The interactions between the entities are based on the trust that these entities have in each other, the uncertainty of the assessment and the risk that is involved.
We view the system as a collection of autonomous entities. The trust management system itself is encapsulated within each entity. The trust management system consists of a trust- and a risk engine that are controlled by policies
- The trust engine assesses the trust and uncertainty of information and behaviours. It represents a subjective trust/uncertainty view of the environment. The main tasks are to update of trust and uncertainty values as well as maintaining trust relevant meta-information over time, based on observations of its environment.
- The risk engine does evaluate the risk that is associated with a trust decision and thus provides an independent measure for the decision making.
We are confident that our work will in the future enable disaster relief organisations and the military to communicate and collaborate rapidly on an ad hoc basis with other organisations, some of them previously unknown to each other, making critical decisions on a truly trustworthy basis.
Professor Hussein Zedan is the Technical Director of the Software Technology Research Laboratory at De Montfort University
Trust can also propagate between entities. This form of propagation is mostly associated with the notion of reputation. In addition, trust policies control how trust information is communicated and what meta-information may be transmitted and provide the link to existing security mechanisms.
