In modern internet-scale computing, interaction between a large number of parties that are not known a-priori is predominant, with each party functioning both as a provider and consumer of services and information. In such an environment, traditional access control mechanisms face considerable limitations, since granting appropriate authorizations to each distinct party is infeasible both due to the high number of grantees and the dynamic nature of interactions. Trust management has emerged as a solution to this issue, offering aids towards the automated verification of actions against security policies. In this paper, we present a trust- and risk-based approach to security, which considers status, behavior and associated risk aspects in the trust computation process, while additionally it captures user-to-user trust relationships which are propagated to the device level, through user-to-device ownership links.
翻译:在现代互联网规模的计算中,许多不知道优先需要的当事方之间的相互作用占主导地位,每一当事方都同时作为服务和信息的提供者和消费者发挥作用。在这种环境下,传统的出入控制机制面临相当大的限制,因为由于受赠方数量众多和互动的动态性质,对每个不同当事方给予适当授权是不可行的。信托管理已成为解决这一问题的一种解决办法,为自动核实针对安全政策的行动提供了帮助。在本文件中,我们提出了一个基于信任和风险的安全办法,其中考虑到信任计算过程中的状况、行为和相关的风险方面,同时通过用户对用户的所有权联系,从用户到用户之间的信任关系传播到设备一级。