Core-crust modeling approach for formal representation of trust in relation to computer security

Abstract

The increasing availability of high bandwidth network connections with low-cost computing equipments has stimulated the use of service-oriented environments. Emerging service-oriented environments are expected to be open environments. Such environments are highly dynamic and contain diverse number of services and autonomous entities. However, their openness reveals trust problems related to security systems. To cope with the problems, precise models and representations of trust and security are needed. This thesis examines, models, and represents trust in relation to computer security in emerging open environments with core-crust modeling approach. The thesis contains four main contributions. First, we introduce the core model for trust assessment of the security system of a service from an entity point of view. The model could be applied to almost all entities in open environments. As the second main contribution, we propose a crust model for extracting trust information from the security system of a service, based on needs of a specific entity. Our next main contribution is a crust model for trust assessment based on flow of security evaluation information on entities. The aim of this model is to increase the amount of security evaluation information to be used in trust assessments. Finally, we propose a crust model for trust based security interoperability for service convergence in networks. The last model aims to show how our proposed models can be integrated to our core model for trust assessments. We also show the applicability of each model with case studies and simulations.