Audun Jøsang

The right type of trust for distributed systems

Research in information security has traditionally focused on where to place or how to propagate trust. In that sense, a cyptographic algorithm or protocol is simply a mechanism to transfer trust from where it exists to where it is needed. This paper puts the focus on trust itself and shows that it is a very complex concept with many interesting and important implications. We do not attempt to define a formal trust model, but rather examine the types of trust and trust relationships which are relevant for information security. It is shown that the existence of trust as a phenomenon depends on the existence of malicious behaviour. This observation leads to the distinction between passionate entities with human-like capabilities, and rational entities which basically are systems. Dust can then be defined as the belief that a rational entity will resist malicious manipulation or that a passionate entity will behave without malicious intent. It is also shown that trust relationships exhibit a great diversity, that they are based on knowledge and that they contain aspects in common with stmtegy games.

Analysing the Relationship between Risk and Trust

Among the various human factors impinging upon making a decision in an uncertain environment, risk and trust are surely crucial ones. Several models for trust have been proposed in the literature but few explicitly take risk into account. This paper analyses the relationship between the two concepts by first looking at how a decision is made to enter into a transaction based on the risk information. We then draw a model of the invested fraction of the capital function of a decision surface. We finally define a model of trust composed of a reliability trust as the probability of transaction success and a decision trust derived from the decision surface.

The consensus operator for combining beliefs

The consensus operator provides a method for combining possibly conflicting beliefs within the Dempster-Shafer belief theory, and represents an alternative to the traditional Dempsters rule. This paper describes how the consensus operator can be applied to dogmatic conflicting opinions, i.e. when the degree of conflict is very high. It overcomes shortcomings of Dempsters rule and other operators that have been proposed for combining possibly conflicting beliefs.

Dirichlet Reputation Systems

Reputation systems can be used in online markets and communities in order to stimulate quality and good behaviour as well as to sanction poor quality and bad behaviour. The basic idea is to have a mechanism for rating services on various aspects, and a way of computing reputation scores based on the ratings from many different parties. By making the reputation scores public, such systems can assist parties in deciding whether or not to use a particular service. Reputation systems represent soft security mechanisms for social control. This article presents a type of reputation system based on the Dirichlet probability distribution which is a multinomial Bayesian probability distribution. Dirichlet reputation systems represent a generalisation of the binomial Beta reputation system. The multinomial aspect of Dirichlet reputation systems means that any set of discrete rating levels can be defined. This provides great flexibility and usability, as well as a sound basis for designing reputation systems

Exploring different types of trust propagation

Trust propagation is the principle by which new trust relationships can be derived from pre-existing trust relationship. Trust transitivity is the most explicit form of trust propagation, meaning for example that if Alice trusts Bob, and Bob trusts Claire, then by transitivity, Alice will also trust Claire. This assumes that Bob recommends Claire to Alice. Trust fusion is also an important element in trust propagation, meaning that Alice can combine Bobs recommendation with her own personal experience in dealing with Claire, or with other recommendations about Claire, in order to derive a more reliable measure of trust in Claire. These simple principles, which are essential for human interaction in business and everyday life, manifests itself in many different forms. This paper investigates possible formal models that can be implemented using belief reasoning based on subjective logic. With good formal models, the principles of trust propagation can be ported to online communities of people, organisations and software agents, with the purpose of enhancing the quality of those communities.

Can we manage trust

The term trust management suggests that trust can be managed, for example by creating trust, by assessing trustworthiness, or by determining optimal decisions based on specific levels of trust. The problem to date is that trust management in online environments is a diverse and ill defined discipline. In fact, the term trust management is being used with very different meanings in different contexts. This paper examines various approaches related to online activities where trust is relevant and where there is potential for trust management. In some cases, trust management has been defined with specific meanings. In other cases, there are well established disciplines with different names that could also be called trust management. Despite the confusion in terminology, trust management, as a general approach, represents a promising development for making online transactions more dependable, and in the long term for increasing the social capital of online communities.

A Subjective Metric of Authentication

Determining the authenticity of public keys in large-scale open networks can not be based on certificates alone, but must also include the binding between the key used for certification and it’s owner, as well as the trust relationships between individual agents. This paper describes a method for computing authenticity measures based on certificates, on key binding, and on trust relationships. Two essential elements of the method are the opinion model which is a radically new way of representing trust, and subjective logic which consists of a set of logical operators for combining opinions. We show that our method for computing authenticity measures can be applied to both anarchic and hierarchic authentication networks.

The state-of-the-art in personalized recommender systems for social networking

With the explosion of Web 2.0 application such as blogs, social and professional networks, and various other types of social media, the rich online information and various new sources of knowledge flood users and hence pose a great challenge in terms of information overload. It is critical to use intelligent agent software systems to assist users in finding the right information from an abundance of Web data. Recommender systems can help users deal with information overload problem efficiently by suggesting items (e.g., information and products) that match users’ personal interests. The recommender technology has been successfully employed in many applications such as recommending films, music, books, etc. The purpose of this report is to give an overview of existing technologies for building personalized recommender systems in social networking environment, to propose a research direction for addressing user profiling and cold start problems by exploiting user-generated content newly available in Web 2.0.

Technologies for Trust in Electronic Commerce

Lack of consumer trust in e-commerce merchants, e-commerce technology, and the social, financial and legal infrastructures of the e-commerce environment, poses a major challenge to the large-scale uptake of business to consumer e-commerce. Most traditional cues for assessing trust in the physical world are not available online. This paper gives an overview of some of the work being done to devise alternative methods for assessing, communicating and establishing trust in this environment. Examples are drawn from a wide range of disciplines including human–computer interaction, usability, marketing, information technology, mathematics, linguistics and law. Industry, self-regulatory and government initiatives aimed at building consumer trust and confidence in e-commerce are also discussed.

Optimal Trust Network Analysis with Subjective Logic

Trust network analysis with subjective logic (TNA-SL) simplifies complex trust graphs into series-parallel graphs by removing the most uncertain paths to obtain a canonical graph. This simplification could in theory cause loss of information and thereby lead to sub-optimal results. This paper describes a new method for trust network analysis which is considered optimal because it does not require trust graph simplification, but instead uses edge splitting to obtain a canonical graph. The new method is compared with TNA-SL, and our simulation shows that both methods produce equal results. This indicates that TNA-SL in fact also represents an optimal method for trust network analysis and that the trust graph simplification does not affect the result.