1
|
- Ji Ma
- School of Computer and Information Science
University of South Australia
24th September=
2004,
presented at SKM
|
2
|
- Motivation (background, aims etc)
- A brief introduction =
to the
logic TML
- Theories of trust
- Modeling the dynamics of trust
- A methodology for theory revision
- Conclusion and future work
|
3
|
- Trust and trust management are important issues for digital
communication systems.
- Some general questions regarding trust and agent belief such as:
- Can I trust the system?
- Is the message received through the system reliable?
|
4
|
|
5
|
- Most of the work focu=
s on:
- Trust concept: What is trust?
- &nbs=
p;
(Dimitrakos 2001, Kini & Choobineh 98)
- Specification of trust and reasoning
- &nbs=
p;
(Liu 2001, Liu & Ozols 2002, etc)
- Trust management
- &nbs=
p;
(Blaze 93, Yahalom et al. 93, Josang 2000)
- But not many papers focused on a dynamic theory of trust
|
6
|
- The concept of trust =
theory
is proposed for the
specification of trust (Liu
2001) .
- A trust theory is a set of rules describing trust of agents in a sy=
stem,
and
- established based on the initial trust of agents in a system.
|
7
|
- Trust changes dynamically
- A theory is constructed based on the initial trust of agents in the
system, therefore,
- When agents lose their trust in dynamic environment, the theory nee=
d to
be revised, otherwise it can no longer be used for any security pur=
pose
|
8
|
- Investigate factors that influence trust
- Provide methods and techniques for modeling the dynamics of trust=
li>
- Obtain a general approach to revising and managing a theory of t=
rust
for an agent-based system
|
9
|
- In this paper, we propose
- A method for modeling trust changes and an algorithm to compute the
trust state
- A method for modeling theory changes
- A technique for computing the new theory based on trust changes
- A framework for managing a theory of trust
|
10
|
- TML is an extension o=
f the
first-order logic with
- typed variables, an=
d
- multiple belief ope=
rators
- Belief operator Bi stands for “ag=
ent i believes
that”.
- Every variable must =
be
typed, i.e., it ranges over a certain domain.
|
11
|
- We choose TML, because of
- Its expressive power: TML
can express agent beliefs in a natural way.
- any security system depends on agent beliefs.
- Example: If we have=
li>
- Bjohn Ha=
s(bob, key)
- Bjohn (Has(x, key) ® MayRead(x,doc))
Then, we may derive that
&nbs=
p;
Bjohn MayRead(bob, doc).
|
12
|
- Agents can be human beings, machines, a program, a method or any ot=
her
entities.
- Agents may have their goals, intentions, beliefs, obligations etc.<=
/li>
- They may perform actions (co-operatively sometimes) in a society of
other agents.
|
13
|
- Simple trust model (Liu & Ozols, 2002):
- An agent=
does
not trust anyone but the security mechanisms (as special agents) of=
the
system.
- For reasoning about beliefs, the key is to obtain rules specifying =
such
trust.
- Those rules form a theory, we called it a trust theory.
|
14
|
|
15
|
- security mechanisms of the system include:
- &nbs=
p;
1. agents a1, a2 a3 and a4,
- &nbs=
p;
2. the authentication methods m1, m2, m3 and m4
- &nbs=
p;
3. the physical security environment (consisting of doors and w=
alls),
denoted as pse.
- Thus, agents have an initial trust set:
- &nbs=
p;
{a1, a2, a3, a4, m1, m2, m3, m4, pse}.
|
16
|
- Trust of agents includes:
- trust that a1, a2 a3 and a4 are capable of performing their funct=
ions
as required;
- trust that these authentication methods are reliable;
- trust that there is=
no
problem with pse on the security objective
|
17
|
- Define Predicates:
- At(x, l, t) : =
x is at
the location l at time t,
- ReqToEnter(x,l) : x
requests to enter the location l.
- AuthBy(x,m) : =
the
identity of x is authenticated by m.
|
18
|
- Rules describing the functions of agents a1, a2,
a3,, a4:
- (r1) At(x,O,t) Ù
ReqToEnter( x,E,t) ® (At(x,E,t+1) «
- &nbs=
p; =
(Ba1 AuthBy(x,m1) &Uac=
ute; Ba2 AuthBy(x,m2))).
- (r2) At(x,E,t) Ù
ReqToEnter(x,C, t) ®
- &nbs=
p; =
(At(x,C,t+1) « Ba3 AuthBy(x,m3)).
- (r3) At(x,C,t) Ù
ReqToEnter(x,R, t) ®
- &nbs=
p; =
(At(x,R,t+1) « Ba4 AuthBy(x,m4)).
|
19
|
- Rules related to pse are:
- (r4) At(x,O,t) ® =
At(x,O,t+1)
Ú At(x,=
E,t+1).
- (r5) At(x,E,t) ®
- &nbs=
p;
At(x,E,t+1) Ú At(x,O,t+1) Ú At(x,C,t+1).
- (r6) At(x,C,t) ® =
At(x,C,t+1)
Ú At(xE=
,t+1) Ú At(x,R,t+1).
- (r7) At(x,E,t) Ù At(x,E,t+1)
Ù At(x,=
E,t+2)® At(x,O,t+3).=
li>
- (r8) At(x,C,t) Ù At(x,C,t+1)
Ù At(x,=
C,t+2)® At(x,E,t+3).=
li>
- Thus, we have the the=
ory:
- &nbs=
p;
T =3D{r1, r2, r3, r4, r5, r6, r7, r8}
|
20
|
- Trust changes dynamically. It depends on many factors:
- Modification of the security policy
- Replacement of security mechanisms
- Movement of employees
- Interaction between agents
- accidents
- &nb=
sp;
……
|
21
|
|
22
|
|
23
|
|
24
|
: adding a formula j to a theory
â j: retracting a formula =
j from a theory=
li>
Let T be a theory and s =3D <*1 j1, …,*n jn > be a the=
ory
change to T, where *i
is Å or =
â. Then, the new theo=
ry is:
- T’ =3D T ° s =3D T *1
j1…
*n jn .=
li>
|
25
|
- Minimal change technique:
- T Å j -- is proceeded in two st=
eps:
first remove just enough formulas from T to obtain a theory T’
such that T’ is consistent with j<=
/font>; then add j
to T’.
- T â j -- is proceeded in this way: =
take
out the formulas from T to get T’ such that T’ ⊬ =
j and T’ is an exactl=
y the
subset of T that cannot be expanded without j.
|
26
|
- Example
- Suppose T =3D {p Ú q ® r,
r ® s} and=
a theory
change s =3D &=
lt;Åp, â(r ® s),
Ås>,<=
span
style=3D'mso-spacerun:yes'> then the new theory is
- T’ =3D T=
°
s =3D {p Ú q ® r, p, s}
|
27
|
|
28
|
- Let T0 =3D
{r1,r2,r3,r4,r5,r6,r7,r8} at the state S0. If m1 is not reliabl=
e and
door d1 is permanently closed. Therefore, we have a theory change <=
font
face=3DSymbol>s
=3D <âr1 >.
But, for retracting r1 from T0, we need to add the foll=
owing
formula to it:
(r9) At(x,O,t) Ù ReqToEnter(x,E) =
font>®
&nbs=
p; =
(At(x,E,t+1) « Ba2 AuthBy(x,m2)).
Therefore, the new theory
- &n=
bsp;
T1 =3D {r2,r3,r4,r5,r6,r7,r8,r9}
|
29
|
- We have presented a formal approach to revising a theory of trust.
- These methods and techniques could be useful in the specification a=
nd
management of trust for any systems with communicating agents.
- Future works
- Case studies, finding more applications.
- Trust degree refinement in theory revision
- Investigation of ways to express security properties based on evol=
ving
theories of trust.
|
30
|
- Thanks
- Any Question?
- Email:MAYJY005@students.unisa.edu.au
|