Confiance

7656 mots 31 pages
An Evidence Based Architecture for Efficient, Attack-Resistant Computational Trust Dissemination in Peer-to-Peer Networks
David Ingram
University of Cambridge Computer Laboratory, 15 JJ Thompson Avenue, Cambridge, CB3 0FD, United Kingdom dmi1000@cam.ac.uk

Abstract. Emerging peer to peer (P2P) applications have a requirement for decentralised access control. Computational trust systems address this, achieving security through collaboration. This paper surveys current work on overlay networks, trust and identity certification. Our focus is on the particular problem of distributing evidence for use in trust-based security decisions. We present a system we have implemented that solves this in a highly scalable way, and resists attacks such as false recommendations and collusion.

1
1.1

Introduction
A Metaphor for Trust-Based Security

In the physical world, there are three main approaches to access control. If we wish to secure a building, we could lock the door and issue keys only to those who work in the building. This makes access less convenient though, so it could be better to leave the door unlocked and save time for our legitimate users. Alternatively, we might choose to leave the door unlocked but employ a security guard who sits in the lobby keeping an eye on those who pass by. The guard won’t often have to stop anyone because he will recognise those who work in the building; also he can make an assessment on whether strangers are a threat, based on factors such as if they are being accompanied by someone he does know. In the online world, typically we can only choose the first two alternatives – either to secure the resource and issue (digital) keys to those who are permitted access, or to allow anyone access. Computational trust modelling is a way of implementing the third option (a decision-making security guard) in an internet environment. For many applications this enables a new and more acceptable combination of security and convenience. 1.2

en relation