Trust Architecture in Dynamic Systems

Trust is the key for an information system to make security decisions. There does not exist in an aforehand trust relationship among principals in dynamic systems. To secure transaction, trust relationship must be established in principals. However, the existing trust architectures are flat, so they cannot embody well the dynamic characteristic of trust and do not take on well operability. In this paper, a two-layer trust architecture for dynamic systems is presented. Trust in this model is composed of a basic trust layer and a dynamic trust layer. Basic trust depends on the attributes of a principal, recommendation, or experience, while dynamic trust relies on the application context. This trust structure can reduce the complexity of making a decision in dynamic system. In dynamic systems, there are many factors to form trust, such as principal experience, attribute, recommendation, and context. In these trust factors, the context trust factor is different from the others, which it changes when close with the current context. We classify these trust factors into two groups. The first group includes experience, attribute, and recommendation to form this basic trust, while the second group involves current context to form dynamic trust. The trust value in this two-layer trust architecture was expressed as T = (T a , T c ). Where T a is the combination trust value of the attribute trust, experience, and recommendation trust, and T c is the context trust value. Obviously, the relationship among trust values is a partial ordering. Experience usually associates with events. Positive trust events can increase the experience value, and negative trust events will reduce the experience. Because the importance of events is different, each event is assigned a weight. The larger the weight is, the more important the event is. Experience evaluation strategy provides the evaluation method for the occurred event. The attribute trust is the evaluation of the credibility, reliability, and security ability of the trusted principal according to the attributes of the trusted principal. The context trust is the trust evaluation of principals in a special context. Trust strategy is different in the different application context. For example, the trust strategy of a printer may be “medium†when the printer is free and the principal is in the offices, and may be “low†when the principal is not in the office, or when the printer is busy. The context trust value is the function of the context information: T c = h(C), C is the context information.