Jingwei Huang

Trust mechanisms for cloud computing

Trust is a critical factor in cloud computing; in present practice it depends largely on perception of reputation, and self assessment by providers of cloud services. We begin this paper with a survey of existing mechanisms for establishing trust, and comment on their limitations. We then address those limitations by proposing more rigorous mechanisms based on evidence, attribute certification, and validation, and conclude by suggesting a framework for integrating various trust mechanisms together to reveal chains of trust in the cloud.

A calculus of trust and its application to PKI and identity management

We introduce a formal semantics based calculus of trust that explicitly represents trust and quantifies the risk associated with trust in public key infrastructure (PKI) and identity management (IdM). We then show by example how to formally represent trust relationships and quantitatively evaluate the risk associated with trust in public key certificate chains. In the context of choosing a certificate chain, our research shows that the shortest chain need not be the most trustworthy, and that it may make sense to compare the trustworthiness of a potential chain against a threshold to govern acceptance, changing the problem to finding a chain with sufficiently high trustworthiness. Our calculus also shows how quantified trust relationships among CAs can be combined to achieve an overall trust assessment of an offered certificate.

A Formal-Semantics-Based Calculus of Trust

Building trust models based on a well-defined semantics of trust is important so that we can avoid misinterpretation, misuse, or inconsistent use of trust in Internet-based distributed computing. The authors present an approach to a formal-semantics-based calculus of trust, from conceptualization to logical formalization, from logic model to quantification of uncertainties, and from quantified trust to trust decision-making. They also explore how to apply a formal trust model to a PGP (Pretty Good Privacy) system to develop decentralized public-key certification and verification.

Uncertainty in Knowledge Provenance

Knowledge Provenance is an approach to determining the origin and validity of knowledge/information on the web by means of modeling and maintaining information sources and dependencies, as well as trust structures. This paper constructs an uncertainty-oriented Knowledge Provenance model to address the provenance problem with uncertain truth values and uncertain trust relationships by using information theory and probability theory. This proposed model could be used for both people and web applications to determine the validity of web information in a world where information is uncertain.

Knowledge provenance in enterprise information

Knowledge Provenance (KP) addresses the problem of how to determine the validity and origin of web information by means of modelling and maintaining information sources, information dependencies, and trust structures. Four levels of KP have been identified: (1) static KP develops the fundamental concepts for KP, and focuses on provenance of static and certain information; (2) dynamic KP considers how the validity of information may change over time; (3) uncertainty-oriented KP considers uncertain truth values and uncertain trust relationships; (4) judgement-based KP focuses on social processes necessary to support KP. This paper presents the fundamental concepts and models of KP by providing motivating scenarios, KP ontologies and examples regarding how to use KP.

Denial-of-Service Threat to Hadoop/YARN Clusters with Multi-tenancy

This paper studies the vulnerability of unconstrained computing resources in Hadoop and the threat of denial-of-service to a Hadoop cluster with multitenancy. We model the problem of how many nodes in a Hadoop cluster can be invaded by a malicious user with given allocated capacity as a k-ping-pong balls to n-boxes problem, and solve the problem by simulation. We construct a discrete event simulation model to estimate MapReduce job completion time in a Hadoop cluster under a DoS attack. Our study shows that even a small amount of compromised capacity may be used to launch a DoS attack and cause significant impacts on the performance of a Hadoop/YARN cluster.

Assessing trust in the long-term protection of documents

Digital archives rely on trusted parties, such as certification authorities, to ensure authenticity, integrity and proof of existence protection for documents. In this paper, we analyse the trust assumptions that a verifier has to make in order to trust in the protection of a document. We show that trust fades out in the long term due to the ever-growing number of trusted parties. Despite such a dire prospect, current technologies such as X.509 PKI do not assess trust, thereby leaving verifiers in the dark. We present a certification scheme for documents that provides verifiers with a better assessment of trust than in X.509 PKI. In the proposed scheme, trusted parties are rated based on the correctness of their performance. From the ratings, verifiers can assess quantitatively the trust in the trusted parties for the short term, and in the protection of documents for the long term. The proposed scheme encourages trusted parties to work properly.

Security and provenance in M3GS for cross-domain information sharing

Modern military activities involve significant data sharing across security domains. We present the concepts and architecture of a Mission-oriented Multi-domain Multi-level security Graphics Server (M3GS) in the environment of GIG 2.0 and cloud computing. M3GS aims at providing information support for a dynamic team collaborating on a mission of warfighting, intelligence, anti-terrorism, or rescue and disaster relief; information providers input data (with various security labels in different security domains) into M3GS, and through M3GS, those data are displayed with proper widgets on the screens of information clients permitted to access; what data can flow to which screen is governed by security policies. While the Bell-LaPadula model is used to enforce traditional mandatory access control, a new challenge is that the data shared have different owners from different security domains, and are subject to their own security policies. We address this problem by using dynamic provenance-dependent attribute-based policies.

An Ontology for Static Knowledge Provenance

Knowledge Provenance (KP) is proposed to address the problem about how to determine the validity and origin of information/knowledge on the web by means of modeling and maintaining information sources and dependencies as well as trust structures. Four levels of KP are introduced: Static, Dynamic, Uncertain, and Judgmental. In order to give a formal and explicit specification for the fundamental concepts of KP, a static KP ontology is defined in this paper.

Towards trustworthy smart cyber-physical-social systems in the era of Internet of Things

The advent of a new wave of computing driven by the Internet of Things (IoT) and Big Data is reshaping the landscape of engineering systems design, operations, and management. As traditional devices and systems are transforming into smart devices and smart cyber-physical systems powered by IoT, more and more applications of Internet of Things are emerging as complex systems of smart systems, such as smart cities, in which an entity (including both human, software, and machines) highly relies on other entities in a network with respect to security, privacy, trustworthiness of data / information, and trustworthiness of services. Trust is emerging as a critical factor in systems design, operations and management. In this paper, we use Smart and Connected Senior Caring Systems as driving application, to discuss the features of Cyber-Physical-Social Smart Systems (CPS3) powered by IoT, to address the needs of trust in CPS3 design, and to explore approaches of trust formalisms for CPS3 design.