what-when-how
In Depth Tutorials and Information
they tend to suppress each other. In the former situation, for instance, due to the
internalized norms of trust, the trustee is induced to adhere to the security rules
that are beneficial to the trustor. However, because of the restriction of the ability
of trustors and trustees and the weakness of their motivations, trust actions can
lead to violating the security policies, especially under the influence of benefit and
benevolence, which may be exploited by the network attackers for malicious pur-
pose, such as phishing and getting private information. Besides, external elements
in trust should also be taken into account in security. A good environment where
most people comply with the security rules encourages both the member and new-
comer to behave normally. Actually security policies enforce the actions that keep
the trust relationship.
So how can trust and security policies work compatibly? his is a challeng-
ing issue in system security. As mentioned before, technical components and social
components should be made use of in a balanced manner. his means that stringent
enforcement should be balanced by flexible encouragement such as creating the
environment where everyone is concerned about the importance of security poli-
cies and executing punishment. hus, these factors of trust can be used to improve
dependability.
11.3 TrustModelinaSociotechnicalNetwork
he key point in trust modeling is how to compute trust as a security mechanism
in STNs. Trust computing security architecture should consist of four components:
entity recognition, trustworthiness evaluation, trust propagation, and risk assess-
ment [14]. All components are based on the characteristics of STN such as the
small world property and the scale-free link distribution. his means that a target
in STN can be found on a short path created by local information. he framework
of trust computing is shown in FigureĀ 11.3 [14].
Entity recognition, which is decided by the memory of previous interactions,
is the first step to facilitate determination of the trust level of the node communi-
cated with. Without correct entity recognition, trustworthiness evaluation and risk
assessment become meaningless. hus, recognition is fundamental and necessary
for following trust computing.
Trustworthiness evaluation also plays a very important role in the whole frame-
work. Generally, it should be considered in two aspects. he irst is direct trust
that is obtained from the direct connection between the source and the target; the
node that wants to compute its trust value to another one is defined as a source.
On the other hand, the node that source wants to interact with is defined as a tar-
get. heĀ second aspect is indirect trust that is based on the information provided
by other nodes having had experiences in transactions with the target in the past.
here are also several fundamental factors that afect direct and indirect trust. he
existence of risk in every transaction in STNs leads to uncertain results that might