| ¡¡ | Chinese Journal of Computers Full Text |
| Title | A Trust Model Based on Behaviors Risk Evaluation |
| Authors | ZHANG Run-Lian1),2) WU Xiao-Nian2),3) ZHOU Sheng-Yuan2),3) DONG Xiao-She1) |
| Address | 1)(School of Electronic & Information Engineering, Xi¡¯an Jiaotong University, Xi¡¯an 710049) 2)(School of Information and Communication, Guilin University of Electronic Technology, Guilin, Guangxi 541004) 3)(National Laboratory for Modern Communications, Chengdu 610041) |
| Year | 2009 |
| Issue | No.4(688¡ª698) |
| Abstract & Background | Abstract Trust is an essential ingredient of the transaction process. And trust and risk are two closely related factors to make security decisions during transaction process in an uncertain environment that hidden risks. The existing trust models mostly regard risk as a supplement to trust, or neglect risk. This will result in that the security decision is unilateral and subjective. To address the problem, this paper proposes a trust model based on behaviors risk evaluation. In this model, a set of feature matching rules was established based on asset identification, vulnerability identification and threat identification for the system, a complex weighting function was constructed to compute the potential risk implied in behaviors of the entities, and a trust computation method based on risk was designed. The application of the proposed model and the experimental results show that the proposed model can efficiently identify the potential risk implied in behaviors of the entities, and correctly compute the changing risk and trust according to the changing behaviors of the entities, which provide objective and reliable information to correctly make security decision for the system. Keywords trust; risk evaluation; asset identification; vulnerability identification; threat identification Background This paper is supported by the National Laboratory for Modern Communications Foundation of China (No.9140C1101050706), the National Natural Science Foundation of China (No.60773118), the National High Technology Research and Development Program (863 Program) of China (No.2006AA01A109) and the Foundation of Guangxi Key Laboratory of Information and Communication (No.10908). Trust and Risk are key factors to impact on establishing appropriate security policies and selecting cost-effective techniques to implement these policies in distributed and dynamic environment. In order to provide reliable resource-sharing and secure accessing for the open environment, a trust model is widely studied. Currently, the trust models can be classified two categories: identity trust and behavior trust. The existing trust models mostly devote on trust, and regard risk as a supplement to trust, or neglect risk. This will result in that the security decision is unilateral and subjective. To address the problem, this paper proposes a trust model based on behavior risk evaluation. The proposed trust model combining trust with risk discusses a trust computation method based on risk evaluation by evaluating the entity¡¯s behaviors and quantifying risk implied in the behaviors of the entities. Thus, the proposed model can objectively compute trust for the entity by evaluating risk implied in the entity¡¯s behaviors, and provide reliable support to make security decision to control the entity¡¯s future behaviors. And the proposed model in this paper can deal with the risk evaluation and the trust computation in the centralized system and the decentralized system. |