Trust is an important tool in human life, as it enables people to cope with the uncertainty caused by the free will of others. Uncertainty and uncontrollability are also issues in computer-assisted collaboration and electronic commerce in particular. A computational model of trust and its implementation can alleviate this problem. This survey

This paper is available online at www.jtaer.com DOI: 10.4067/S0718-18762010000200008

The lack of available identity information in attribute-based trust management systems complicates the design of the audit and incident response systems, anomaly detection algorithms, collusion detection /prevention mechanisms, and reputation systems taken for granted in traditional distributed systems. In this paper, we show that as two entities in an attribute-based trust management system interact, each learns one of a limited number of virtual fingerprints describing their communication partner. We show that these virtual fingerprints can be disclosed to other entities in the open system without divulging any attribute or absolute-identity information, thereby forming an opaque pseudo-identity that can be used as the basis for the above-mentioned types of services. We explore the use of virtual fingerprints as the basis of Xiphos, a system that allows reputation establishment without requiring explicit knowledge of entities' civil identities. We discuss the trade-o# between privacy and trust, examine the impacts of several attacks on the Xiphos system, and discuss the performance of Xiphos in a simulated grid computing system.

view of a XenoServer's design . . . . . . . . . . . . . . . 74 3.3 Registration of XenoServers and clients . . . . . . . . . . . . . . . 77 3.4 Advertisement and discovery of resources . . . . . . . . . . . . . . 80 3.5 Service deployment operations . . . . . . . . . . . . . . . . . . . . 83 3.6 Environment management operations . . . . . . . . . . . . . . . . 87 4.1 Hierarchical resource naming . . . . . . . . . . . . . . . . . . . . . 106 4.2 Coordinated resource descriptions . . . . . . . . . . . . . . . . . . 110 4.3 Server advertisement . . . . . . . . . . . . . . . . . . . . . . . . . 111 4.4 Resource and pricing description coordination maps . . . . . . . . 112 4.5 High-level view of the RBRM architecture . . . . . . . . . . . . . 114 4.6 Authentication and filtering of deployed policies . . . . . . . . . . 116 4.7 Policy evaluation process . . . . . . . . . . . . . . . . . . . . . . . 126 4.8 Policy deployment in the XenoServer Platform . . . . . . . . . . . 132 4.9 Policy deployment in Condor . . . . . . . . . . . . . . . . . . . . 138 5.1 Architecture of a Xen-based XenoServer . . . . . . . . . . . . . . 146 5.2 Control-plane architecture of a XenoServer . . . . . . . . . . . . . 148 5.3 Architecture of XenoClient . . . . . . . . . . . . . . . . . . . . . . 152 5.4 Interface for user registration . . . . . . . . . . . . . . . . . . . . 153 5.5 Interface for purchase order creation and management . . . . . . . 154 5.6 Interface for XenoServer discovery and selection . . . . . . . . . . 155 5.7 Interface for purchasing resources on a XenoServer . . . . . . . . . 156 5.8 Interface for building deployment specifications . . . . . . . . . . 157 5.9 Interface for service and session management . . . . . . . . . . . . 158 5.10 Architecture of XenoCorp . . . . . . . ....

Abstract. This paper proposes a web-of-trust construction approach starting with axiomatic propositions. Different from the classic web-oftrust (i.e. trust relationships graph closure), the proposed method relies on actual peer experience as the final judgment while public trust statements (further called “recommendations”) just introduce responsible cooperation, allowing participants to make assumptions on reputation of previously unknown entities. The method was initially targeted to address the problem of spam (UBE) in environments with reliable authentication (which today’s SMTP protocol is not, but supposedly will be). 1

Trust assessment is a key prerequisite for the adoption of software services but poorly supported by existing methods and technology especially when it comes to trust in dynamically composed and deployed software services. In this position paper, we discuss why this is the case and outline a programme of research focusing on the development of platform for dynamic trust assessment of software services. Categories and Subject Descriptors D.2.9 [Management]: software quality assurance

Abstract — We study the unique trust management, and more precisely reputation management and revocation of malicious ad hoc nodes used for emergency communications. Unlike in centralized systems, reputation management and revocation in ad hoc networks is non-trivial. This difficulty is due to the fact that the nodes have to collaboratively calculate the reputation value of a particular node and then revoke the node if the reputation value goes below a threshold. A major challenge in this scheme is to prevent a malicious node from discrediting other genuine nodes. The decision to revoke a node has to be communicated to all the nodes of the network. In traditional ad hoc networks the overhead of broadcasting the message throughout the network may be very high. We solve the problem of reputation management and node revocation in ad hoc networks of cell phones by using a threshold cryptography based scheme. Each node of the network would have a set of anonymous referees which would store the reputation information of the node and issue reputation certificates to the node with timestamps. The misbehavior of a particular cell phone is reported to its anonymous referees, who issue certificates which reflect the positive and negative recommendations. I.

This paper describes an application of our prototype implementation of Jiminy, a scalable distributed architecture for providing participation incentives in online rating schemes. Jiminy is based on an incentive model where participants are explicitly rewarded for submitting ratings, and are debited when they query a participating reputation management system (RMS). Providing explicit incentives increases the quantity of ratings submitted and reduces their bias by removing implicit or hidden rewards, such as those gained through revenge or reciprocal ratings. To prevent participants from submitting arbitrary or dishonest feedback for the purpose of accumulating rewards, Jiminy halts rewards for participants who are deemed dishonest by its probabilistic honesty estimator. Using this estimator, Jiminy can also perform classification of users based on their rating behaviour, which can be further used as criteria for filtering the rating information that users obtain from the RMS

Abstract In client-server interaction scenarios over a network the problem of unsolicited network transactions is often encountered. In this paper, we propose a reputation model based on the behavioural history of long-lived network client identities as a solution to this problem. The reputations of clients are shared between trusted servers anonymously through global reputation analysers. Shared global reputations and local reputations help servers to infer local opinions of clients and control service levels in attempts to reduce unsolicited network transactions. 1

Next generation Web 2.0 communities and distributed P2P systems rely on the cooperation of diverse user populations spread across numerous administrative and security domains. Zero accountability via anonymous online identities and divergent interests result in selfish behavior that can disrupt or manipulate networks for personal gain. While “reputation systems ” are recognized as a promising means to establish social control for such communities, developing reliable reputation systems remains a challenge. Several unaddressed threats still limit the effectiveness of reputation systems. Furthermore, most existing work on reputations has focused on accurate reputations for stable systems, but not examined the implications of integrating user reputations into scalable distributed infrastructures. The primary goal of this paper is to investigate and address the critical open challenges that limit the effectiveness of reputations. First, we identify a thorough taxonomy on reputation management, and use it as our framework to classify adversarial threats that compromise reliable operation of reputation systems. Second, we survey existing research to address these threats. Finally, we present our solutions to address the two leading reasons for erroneous and misleading values produced by reputation systems today, i.e., user collusion and short-lived online identities. We believe that this paper not only serves as an introduction to reputation systems design, but will also help researchers deploy reliable reputation solutions that contribute towards improving the performance of large distributed applications.