AutonomicTrustManagementforaPervasiveSystemZheng%20Yan

1
Autonomic Trust Management for a Pervasive System

• Zheng Yan
• Nokia Research Center, Helsinki, Finland
• Secrypt08, July 27, 2008, Porto, Portugal

2
Outline

• Introduction and motivation
• Related work
• Fundamental technologies
• Solution autonomic trust management
• An example application
• Further discussion
• Conclusions and future work

3
Introduction motivation

• Pervasive systems
• Allow seamless interactions among various
  portable and networked processing devices,
  distributed at all scales throughout everyday
  routine life
• Decentralized, distributed, open, dynamic
• Communications depend on trust among devices
  classical, centralized security-managing
  mechanisms unusable
• Trust becomes a crucial issue to ensure effective
  collaborations among various devices for expected
  services
• A holistic notion of trust
• Include several properties, such as security,
  availability and reliability, depending on the
  requirements of a trustor.
• The assessment of a trustor on how well the
  observed behavior that can be measured through a
  number of quality attributes of a trustee meets
  the trustors own standards for an intended
  purpose

4
Related work

• Xu, Xin, and Lu (2007) a hybrid model
  encompassing a trust model, a security model and
  a risk model for pervasive computing
• Shand, Dimmock, and Bacon (2004) a trust and
  risk framework to facilitate secure collaboration
• Claycomb and Shin (2006) a visual framework for
  securing impromptu collaboration
• Yin, Ray, and Ray (2006) a trust model for
  pervasive computing applications and strategies
  for establishing trust between entities to
  support dynamic of trust
• Spanoudakis (2007) a platform for dynamic trust
  assessment of software services
• Wolfe, Ahamed, and Zulkernine (2006) trust
  management based on a scheme for categorizing
  devices, calculating trust, and facilitating
  trust-related communications
• Remarks
• Mainly on establishing distinct trust models
  based on different theories or methods in terms
  of various scenes and motivations.
• Apply trust, reputation and/or risk analysis
  mechanism based on fuzzy logic, probabilistic
  theory, cloud theory, traditional authentication
  and cryptography methods and so on to manage
  trust
• Did not support autonomic control of trust for
  the fulfillment of an intended service.
• Influence the effectiveness of trust management
  since trust is both subjective and dynamic.

5
Main idea of our paper

• An autonomic trust management solution for the
  pervasive system
• Based on a trusted computing platform
• Support autonomic trust control on the trustee
  device based on the trustor devices
  specification
• An adaptive trust control model.
• Assume several trust control modes, each of which
  contains a number of control mechanisms or
  operations
• Ensure a suitable set of control modes are
  applied
• A Fuzzy Cognitive Map to model the factors
  related to trust for control mode prediction and
  selection
• Use runtime trust assessment result as a feedback
  to autonomously adapt weights in the adaptive
  trust control model in order to find a suitable
  set of control modes in a specific pervasive
  computing context.

6
Fundamental technologies (1) a mechanism to
sustain trust

• Trust form
• Trustor A trusts trustee B for purpose P under
  condition C based on root trust R
• Root trust (RT) module
• Hardware-based security module
• Register, protect and manage the conditions for
  trust sustaining and self-regulating
• Monitor any computing platforms change including
  any alteration or operation on hardware, software
  and their configurations.
• Check changes and restrict them based on the
  trust conditions, as well as notifying the
  trustor accordingly.
• Approaches to notify changes
• active method and passive method

7
A mechanism to sustain trust protocol

• Root trust challenge and attestation to ensure
  the trustors basic trust dependence at the
  trustee in steps 1-2
• Trust establishment by specifying the trust
  conditions and registering them at the trustees
  RT module for trust sustaining in steps 3-6
• Sustaining the trust relationship through the
  monitor and control by the RT module in steps
  7-8
• Re-challenge the trust relationship if necessary
  when any changes against trust conditions are
  reported.

8
Fundamental technologies (2) an adaptive trust
control model

• Considering the trustworthiness is influenced by
  a number of quality attributes .
• These quality attributes are ensured or
  controlled through a number of control modes.
• A control mode contains a number of control
  mechanism or operations.
• A weight is used to indicate the importance rate
  of the quality attribute
• An influence factor of control mode is set based
  on impact of the control mode to the quality
  attributes
• We also apply a selection factor of control mode
  to indicate which control mode is actually
  applied in the system

9
Autonomic trust management a system definition

• User
• Pervasive system
• Pervasive computing devices
• Trusted computing platform
• Root Trust module
• Autonomic trust management framework (ATMF)
• Operating System (OS)
• A performance observer
• Services

10
Autonomic Trust Management Framework (ATMF)

• Responsibility Manage the trustworthiness of a
  trustee service
• Configure its trust properties
• Switch on/off the trust control mechanisms, i.e.
  selecting a suitable set of control modes
• Secure storages
• Experience base
• Policy base
• Mechanism base
• ATMF secure access to the RT module
• Extract the policies into the policy base for
  trust assessment if necessary
• An evaluation, decision and selection engine (EDS
  engine)
• Trust assessment
• Make trust decision
• Select suitable trust control modes

11
Autonomic trust management procedure

• Remote service collaboration check
• Yes, trust sustaining mechanism
• Embed device trust conditions (including trust
  policies) into RT
• Extract trust policies, save into policy base
• Trustworthiness and trust control mode
  prediction, selection
• Monitor performance and behavior
• Adjust trust control model

12
Algorithms

• Trust assessment
• Trust value generator
• Weighted summation
• Control mode prediction and selection
• Anticipate the performance or feasibility of all
  possibly applied trust control modes.
• Select a set of suitable trust control modes
  based on the control mode prediction results.
• Adaptive Trust Control Model Adjustment
• Adjust the influence factors of the trust control
  model in order to make it reflect the real system
  situation or context

13
Trust Control Mode Prediction and Selection

• The control modes are predicted through
  evaluating all possible modes and their
  compositions based on the adaptive trust
  control model
• The prediction algorithm
• , while
  , do

• The control modes are selected based on the
  control mode prediction results
• The selection algorithm
• Calculate selection threshold
• - Compare and of to , set
  selection factor if
  set if
  
• - For , calculate the distance of
  and to as
  For , calculate
  the distance of and
  to as
  only when and
• - If , select the best winner with
  the biggest else , select
  the best loser with the smallest .

14
Adaptive Trust Control Model Adjustment

• Subjective dynamic support
• Context-aware trust model adjustment
• The influencing factors of each control mode
  should be context-aware.
• The trust control model should be dynamically
  maintained and optimized in order to reflect the
  real system situation.
• Observation based trust assessment plays as the
  feedback for adaptive model adjustment.
• Two schemes
• Equal adjustment scheme each control mode has
  the same impact on the deviation between
• and
• Unequal adjustment scheme the control mode with
  the biggest absolute influencing factor always
  impacts more on the deviation between
• and

• The equal adjustment scheme
• While
  , do
• a) If
  , for ,
• , if
• Else, for ,
• , if
• b) Run the control mode prediction function
• The unequal adjustment scheme
• While
  , do
• a) If ,
  for ,
• , if
• Else,
• , if
• b) Run the control mode prediction function

15
An application example mobile healthcare

• System devices
• A potable mobile device
• a health sensor monitor a users health status
• a healthcare client service provide multiple
  ways to transfer health data to other devices and
  receive health guidelines.
• A healthcare centre
• A healthcare consultant service provide health
  guidelines to the user according to the health
  data reported, inform a hospital service at a
  hospital server if necessary.
• A hospital server
• A hospital service
• Trust requirements
• Each device and services trustworthiness
• Trustworthy cooperation of all related devices
  and services
• Satisfy trust requirements with each other and
  its users
• Examples
• Confidentiality the healthcare client service
  provides a secure network connection and
  communication
• Availability respond to the request from the
  health sensor within expected time
• Reliability perform reliably without any break
  in case of an urgent health information
  transmission.
• Example application scenario the users health
  is monitored by the mobile device which reports
  his/her health data to the healthcare centre in a
  secure and efficient way. In this case, the
  hospital service should be informed since the
  users health needs to be treated by the hospital
  immediately. Meanwhile, the consultant service
  also provides essential health guidelines to the
  user.

16
Autonomic trust management for a healthcare
application
17
Discussion

• Two-level autonomic trust management
• Autonomic trust management among different system
  devices (hard trust solution)
• Apply the mechanism to sustain trust, embed trust
  policies for remote trusted service collaboration
• Autonomic trust management on pervasive services
  for their trustworthy collaboration (soft trust
  solution)
• Both levels of autonomic trust management can
  cooperate to ensure the trustworthiness of the
  entire pervasive system.
• Standardized devices (supported by TCG compatible
  devices)
• Implementation of the RT module and Autonomic
  Trust Management Framework
• Designed and implemented inside a secure main
  chip in the mobile computing platform
• The RT module functionalities and the ATMF
  functionalities can be implemented by a number of
  protected applications.
• Small applications dedicated to performing
  security critical operations inside a secure
  environment.
• Strict size limitations and resemble function
  libraries.
• Access any resource in the secure environment.
• Communicate with normal applications in order to
  offer security services.
• New protected applications can be added to the
  system at any time, Signature based protection.
• Onboard Credential based implementation for the
  secure register of the RT module, the policy
  base, the execution base and the mechanism base
• A flexible and light secure storage mechanism
  supported by the trusted computing platform

18
Conclusions and future work

• Presented our arguments for autonomic trust
  management in the pervasive system.
• Proposed an autonomic trust management solution
  based on the trust sustaining mechanism and the
  adaptive trust control model.
• Main contribution
• Support two levels of autonomic trust management
  between devices as well as between services
  offered by the devices.
• Effectively avoid or reduce risk by stopping or
  restricting any potential risky activities based
  on the trustors specification
• Demonstrated the effectiveness of our solution by
  applying it into an example pervasive system
• Discussed the advantages of and implementation
  strategies for the solution.
• Future work study the performance through a
  prototype implementation on the basis of a mobile
  trusted computing platform

19
Thank You!

• Questions and Comments!