NotesFAQContact Us
Search Tips
ERIC Number: ED533957
Record Type: Non-Journal
Publication Date: 2011
Pages: 170
Abstractor: As Provided
Reference Count: 0
ISBN: ISBN-978-1-1249-8328-8
Trust Management and Accountability for Internet Security
Liu, Wayne W.
ProQuest LLC, Ph.D. Dissertation, The Florida State University
Adversarial yet interacting interdependent relationships in information sharing and service provisioning have been a pressing issue of the Internet. Such relationships exist among autonomous software agents, in networking system peers, as well as between "service users and providers." Traditional "ad hoc" security approaches effective in countering specific attacks or threats may be too powerful for addressing unspecific risks of potential conflicts, doubts, aversion or hostility exudate from such relationships. "Trust management" is important in this regard, as it borrows from social sciences the concept of "trust" to supplement traditional security in dealing with such risks and relationships. However, trust management seems to be constrained to a secondary role by traditional security in certain applications (such as e-commerce, "ad hoc" networks etc.) or functions (such as confidentiality, integrity etc.) that are specific but narrowly defined. As today's Internet environment calls for a fundamental "civil" approach to security, we think trust management need be more comprehensive and coherent, not only to help trusters attain their specific notions of security but also help them contribute to the generic, "real" "Internet security." So we borrow from social sciences yet another important concept, "accountability," to complement trust management and bring a holistic sense to security--foiling its fragmented unilateral notions. Since organizations that own or control servers on the Internet often must play an intermediary role for civil authorities, we think trust management should help them improve their accountability in managing their trust relationships with users and peers. Designing such a trust management system hence is a priority. We revamp a trust management design for Internet servers to leverage organizations' civil roles to improve accountability in their trust relationships with users, peers and authorities based on four principles: "identification," "authorization," "attestation" and "retribution." Those principles are crucial for servers to bring "deterrence" and "recourse" to enforce responsibility so they can trust better, putting reliance on responsible users and peers while holding rogue users or peers responsible. But these principles are also crucial for servers to establish their autonomy in "self-regulation" and "altruistic improvement" to bring in "civility" and "morality" so they can be trustworthy leaders or allies and account for others. Our trust management thus can improve servers' trust both ways that it helps organizations uphold accountability via their servers on both "holding to account" and "giving account" aspects of accountability. Technically, it provides a unified framework to manage servers' trust relationships and maintain their security together thus helps to improve security conditions for users and peers. As a result, accountability is not just upheld unilaterally via servers' autonomous "policies" and "credentials" but also multilaterally via their "cooperation" with each other in the collectively established accountability of the Internet. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page:]
ProQuest LLC. 789 East Eisenhower Parkway, P.O. Box 1346, Ann Arbor, MI 48106. Tel: 800-521-0600; Web site:
Publication Type: Dissertations/Theses - Doctoral Dissertations
Education Level: N/A
Audience: N/A
Language: English
Sponsor: N/A
Authoring Institution: N/A