People rely on two types of trust when making everyday decisions: vertical and horizontal trust. Vertical trust captures trust relationships between individuals and institutions, while horizontal trust represents the trust inferred from the observations and opinions of other peers. Although significant benefit could be realized by combining horizontal and vertical trust mechanisms, they have evolved independently in computing systems.
This project focuses on developing a composable trust model capable of tightly coupling vertical and horizontal trust in a manner that is both amenable to formal analysis and efficiently deployable. This research advances the state of the art in trust management through a series of innovative results, including the design of a unified framework for specifying composite trust policies and the design and analysis of efficient algorithms for policy evaluation. The composite trust management approach championed by this project also enables policy authors to move beyond simple proof of compliance to identify the "top-k" preferred users satisfying security policies including subjective assessments. The beneficiaries of this research range from administrators of traditional computing systems who can better incorporate previous history into their decision-making processes, to users in social networks who can more carefully manage the exposure of their personal data.
People typically rely on two types of trust when making everydaydecisions: vertical and horizontal trust. Vertical trust capturestrust relationships between individuals and institutions, whilehorizontal trust represents the trust inferred from the observationsand opinions of other peers. Although significant benefit could berealized by combining horizontal and vertical trust mechanisms, theyhave evolved independently in computing systems. This project focusedon developing a composable trust model capable of tightly couplingvertical and horizontal trust in a manner that is both amenable toformal analysis and efficiently deployable. In conducting thisresearch, advances have been made in a number of important areas: Policy Language Development: CTM is a flexible language for specifying composite trust management policies that enables the arbitrary composition of vertical and horizontal trust assessments. In addition, efficient techniques have been developed for evaluating CTM policies in distributed systems. These techniques are based on novel combinations of logical and relational reasoning. Reputation Sampling in Distributed Systems: Much work has been done on designing reputation-based trust functions for decentralized systems. Although such trust functions have been proven to be useful for trust establishment between peers with prior knowledge of each other, many of them require the collection of all feedback reports before trust evaluation. Access to complete feedback information may not always be possible, however, due to either prohibitive communication cost or prevention from domain specific policies. This project has initiated investigation into how to evaluate one's reputation when only a limited amount of information can be collected, and has developed strategies for robustly and efficiently bounding the uncertainty introduced during the reputation sampling process. Query Privacy: To date, most work on query optimization has revolved around generating highly efficient plans for executing user queries. However, when dealing with distributed and decentralized databases---such as those used to store the attribute and reputation assertions upon which trust management systems are based---controlling the ways in which (potentially sensitive) information flows during the query evaluation process also becomes quite important. This project began with an initial investigation of the means by which private information can flow from the user issuing a query to operators of the distributed knowledge bases being queried. This led to the development of a new definition for querier privacy, called (I,A)-privacy, that is applicable to general distributed database systems. (I,A)-privacy constraints are both amenable to formal analysis and precise enforcement by users without requiring server-side support. (I,A)-privacy protections have since been implemented within distributed query optimizer for use with the PostgreSQL database system. This work made inroads to a number of technical challenges associatedwith specifying and managing composite trust management policies.Furthermore, the results regarding robust reputation sampling andquery privacy have applications that extend beyond trust management tobroader classes of distributed data management applications.
