Initial Investigation into Cross-context Trust and Risk Assessment

E. Gray, Y. Chen (Ireland), and C. Jensen (Denmark)


Trust management, risk assessment, decentralized security management, pervasive computing


Ubiquitous computing suggests the possibility of a vast, networked infrastructure of diverse entities partaking in collaborative applications. This may require interaction between users who may be marginally or completely un known to each other, or interaction in situations where complete information is unavailable. Humans use the con cept of trust in these types of situations. The notion of human trust as a new security paradigm has been recognized by the pervasive computing commu nity. Many issues in this domain, however, remain un resolved: for example, how trust is formed, if it may be transferred across different contexts, guaranteeing precise recommendations in cross-context situations, and the inclu sion of risk assessment in any trust-based decision-making architecture. In this paper, we address the above issues within the scope of the SECURE trust architecture. A multi dimensional trustworthiness structure with a default value concept is presented, incorporating trust attributes that make feasible correct recommendation transfer. We argue that risk evaluation is necessary when making trust-based security decisions, especially when the trustworthiness of some entity is unknown and no recommendation informa tion is available. A cluster-based risk estimating mecha nism is applied to integrate trust and risk to make a com plete trust-based decision.

