In this paper, we present the design and implementation of Smart Messages, a distributed computing platform for networks of embedded systems based on execution migration. A Smart Message (SM) is a user-defined distributed program which executes on nodes of interest, named by their properties, and uses an explicit lightweight migration to reach these nodes. During migrations, an SM carries its code and execution state, and it self-routes at each intermediate node between two nodes of interest. The nodes in the network cooperate to support the SM execution by providing a virtual machine and a shared memory region addressable by names (tag space). To illustrate the flexibility of SMs to program real world applications, we describe EZCab, an application for booking cabs in densely populated urban areas. We also present experimental results to quantify the performance achieved by the SM prototype. 1.

To be widely adopted, location-aware computing must be as effortless, familiar, and rewarding as searching the Web. There are many challenges to this quest, but recent progress has demonstrated accurate location estimation using available wireless networking.

Abstract. Both privacy and trust relate to knowledge about an entity. However, there is an inherent conflict between trust and privacy: the more knowledge a first entity knows about a second entity, the more accurate should be the trustworthiness assessment; the more knowledge is known about this second entity, the less privacy is left to this entity. This conflict needs to be addressed because both trust and privacy are essential elements for a smart working world. The solution should allow the benefit of adjunct trust when entities interact without too much privacy loss. We propose to achieve the right trade-off between trust and privacy by ensuring minimal trade of privacy for the required trust. We demonstrate how transactions made under different pseudonyms can be linked and careful disclosure of such links fulfils this right trade-off. 1

Reputation systems support trust formation in artificial societies by keeping track of the behavior of autonomous entities. In the absence of any commonly trusted entity, the reputation system has to be distributed to the autonomous entities themselves. They may cooperate by issuing recommendations of other entities' trustworthiness. At the time being, distributed reputation systems rely on plausibility for assessing the truthfulness and consistency of such recommendations. In this paper, we point out the limitations of such plausibility considerations and present an alternative concept that is based on evidences. The concept combines the strengths of non-repudiability and distributed reputation systems. We analyze the issues that are related to the issuance and gathering of evidences. In this regard, we identify four patterns of how evidence-awareness overcomes the limitations of plausibility considerations.

ABSTRACT: Enterprise computing is currently moving towards more open, collaborative systems. It becomes essential for enterprise success that joining a business network is made efficient, despite the technical and semantic interoperability challenges involved in connecting different information and communication systems. Trust management is an important factor in the collaboration, as traditional trust-building over months of negotiations has become too slow a method in routine cases. As no business network is feasible without mutual trust between partners, the supporting technology should provide mechanisms for forming trust relationships, making automatic trust-based decisions on routine business transactions, and observing the business peers for malicious or incorrect behaviour on interactions. This paper describes a trust model to fulfil these needs, and gives a strategical overview of the system implementing this model.

Reproduction of all or part of this work is permitted for educational or research use on condition that this copyright notice is included in any copy. See back inner page for a list of recent BRICS Report Series publications. Copies may be obtained by contacting: BRICS

The requirement for spontaneous interaction in ubiquitous computing creates security issues over and above those present in other areas of computing, deeming traditional approaches ine#ective. As a result, to support secure collaborations entities must implement selfprotective measures. Trust management is a solution well suited to this task as reasoning about future interactions is based on the outcome of past ones. This requires monitoring of interactions as they take place.

Abstract. Trust is a fundamental factor when people are interacting with each other, hence it is natural that trust has been researched also in relation to applications and agents. However, there is no single definition of trust that everybody would share. This, in turn, has caused a multitude of formal or computational trust models to emerge to enable trust use and dependence in applications. Since the field is so diverse, there also exists a confusion of terminology, where similar concepts have different names and, what is more disturbing, same terms are also used for different concepts. To organize the research models in a new and more structured way, this paper surveys and classifies thirteen computational trust models by the trust decision input factors. This analysis is used to create a new comprehensive ontology for trust to facilitate interaction between business systems. 1

Decentralized applications are composed of distributed entities that directly interact with each other and make local autonomous decisions in the absence of a centralized coordinating authority. Such decentralized applications, where entities can join and leave the system at any time, are particularly susceptible to the attacks of malicious entities. Each entity therefore requires protective measures to safeguard itself against these entities. Trust management solutions serve to provide effective protective measures against such malicious attacks. Trust relationships help an entity model and evaluate its confidence in other entities towards securing itself. Trust management is, thus, both an essential and intrinsic ingredient of decentralized applications. However, research in trust management has not focused on how trust models can be composed into a decentralized architecture. The PACE architectural style, described previously [21], provides structured and detailed guidance on the assimilation of trust models into a decentralized entity’s architecture. In this paper, we describe our experiments with incorporating four different reputation-based trust models into a decentralized application using the PACE architectural style. Our observations lead us to conclude that PACE not only provides an effective and easy way to integrate trust management into decentralized applications, but also facilitates reuse while supporting different types of trust models. Additionally, PACE serves as a suitable platform to aid the evaluation and comparison of trust models in a fixed setting towards providing a way to choose an appropriate model for the setting.

Adaptation to context is likely to be a key element in ensuring that pervasive devices make the most efficient use of the limited resources available to them. This adaptation can occur on different timescales: from very rapid adaptation to network congestion, through software component discovery and loading to allow for the addition of new functionality, to longer-term component update and patching. In the latter two cases, dynamic code loading introduces security problems, particularly because it may be from untrusted sources with whom pervasive devices happen to be networked at the time of need. As a consequence, we propose a local decision-making process that aims at producing better-informed decisions for pervasive devices when they contemplate whether or not to load software from other devices. This process has three key elements: (i) explicit identification of potential risks, given the device’s context and the type of application; (ii) computation of likelihoods with which the risks will occur, based on trust mechanisms; (iii) integration of the risk attitude of the user of the device, through customisable elementary utility functions. 1