Trust-Based Protection of Software Component Users and Designers
作者: Peter Herrmann
关键词: Trust management (information system) 、 Security policy 、 Software development 、 Reputation system 、 Component (UML) 、 Component-based software engineering 、 Computational trust 、 Computer science 、 Subjective logic 、 Computer security 、 Focus (computing)
摘要: Software component technology supports the cost-effective design of applications suited to particular needs application owners. This method, however, causes two new security risks. At first, a malicious may attack incorporating it. second, an owner incriminate designer falsely for any damage in his which reality was caused by somebody else. The first risk is addressed wrappers controlling behavior at interface runtime and enforcing certain policies order protect other components against attacks from monitored component. Moreover, we use trust management reduce significant performance overhead wrappers. Here, kind intensity monitoring adjusted according experience users with this Therefore so-called information service collects positive negative reports various users. Based on reports, special values are computed represent belief or disbelief all resp. uncertainty about adjust dependent its current value. In paper, focus second risk. To prevent that user sends wrong resulting bad value component, therefore would be wrongly incriminated, stores also based valuations validity checks sent report tested consistency log supplied together report. checked being correct as well. By Josang's subjective logic make degree, considered compute conditional upon user's own value. Thus, reputation cannot influence since their discounted.
springer.com
core.ac.uk
sci-hub.st 参考文章(27)
Paul Resnick, Reputation Systems: Facilitating Trust in Internet Interactions ,(2000)
Brian LaMacchia, Paul Resnick, Yang-Hua Chu, Joan Feigenbaum, Martin Strauss, Referee: trust management for Web applications World Wide Web. ,vol. 2, pp. 127- 139 ,(1997)
Angelos D. Keromytis, John Ioannidis, Joan Feigenbaum, Matt Blaze, The KeyNote trust management system version2, IETF RFC 2704 ,(1999)
Michael Shepherd, Anil Dhonde, Carolyn Watters, Building Trust for E-Commerce: Collaborating Label Bureaus india software engineering conference. pp. 42- 56 ,(2001) , 10.1007/3-540-45415-2_4
Adam Rifkin, Rohit Khare, Weaving a Web of trust World Wide Web. ,vol. 2, pp. 77- 112 ,(1997)
Thomas Beth, Malte Borcherding, Birgit Klein, Valuation of Trust in Open Networks european symposium on research in computer security. pp. 3- 18 ,(1994) , 10.1007/3-540-58618-0_53
Matt Blaze, Joan Feigenbaum, John Ioannidis, Angelos D. Keromytis, The role of trust management in distributed systems security Secure Internet programming. pp. 185- 210 ,(2001) , 10.1007/3-540-48749-2_8
Peter Herrmann, Lars Wiebusch, Heiko Krumm, State-Based Security Policy Enforcement in Component-Based E-Commerce Applications I3E '02 Proceedings of the IFIP Conference on Towards The Knowledge Society: E-Commerce, E-Business, E-Government. pp. 195- 209 ,(2002) , 10.1007/978-0-387-35617-4_13
Amir Herzberg, Yosi Mass, Relying Party Credentials Framework Electronic Commerce Research. ,vol. 4, pp. 23- 39 ,(2004) , 10.1023/B:ELEC.0000009280.90875.05
J. Voas, Certifying high assurance software computer software and applications conference. pp. 99- 105 ,(1998) , 10.1109/CMPSAC.1998.716644