Skip to main content
SpringerLink
Log in

Behavior evaluation for trust management based on formal distributed network monitoring

  • Published:
World Wide Web Aims and scope Submit manuscript

Abstract

Collaborative systems are growing in use and in popularity. The need to boost the methods concerning the interoperability is growing as well; therefore, trustworthy interactions of the different systems are a priority. The systems need to interact with users and other applications. The decision regarding with whom and how to interact with other users or applications depends on each application or system. In this paper, we focus on providing trust verdicts by evaluating the behaviors of different agents, making use of distributed network monitoring. This will provide trust management systems based on “soft trust” information regarding a trustee experience. We propose a formal distributed network monitoring approach to analyze the packets exchanged by the entities, in order to prove a system is acting in a trustworthy manner. Based on formal “trust properties”, we analyze the systems’ behaviors, then, we provide trust verdicts regarding those “trust properties”. Furthermore, automatized testing is performed using a suite of tools we have developed, and finally, our methodology is applied to a real industrial DNS use case scenario.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Figure 1
Figure 2
Figure 3
Figure 4
Figure 5

Similar content being viewed by others

Notes

  1. http://tilidom.com/

  2. https://www.isc.org/downloads/bind/

References

  1. Blaze, M., Feigenbaum, J., Keromytis, A.D.: Keynote: trust management for public-key infrastructures. In: Proceedings of the security protocols, 6th international workshop, Cambridge, UK, pp 59–63. Springer (1999)

  2. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the IEEE symposium on security and privacy, Oakland, CA, USA, pp 164–173 (1996)

  3. Cavalli, A.R., Maag, S., de Oca, E.M.: A passive conformance testing approach for a manet routing protocol. In: Proceedings of the 2009 ACM symposium on applied computing (SAC), USA, pp 207–211 (2009)

  4. Che, X., Lalanne, F., Maag, S.: A logic-based passive testing approach for the validation of communicating protocols. In: Proceedings of the 7th international conference on evaluation of novel approaches to software engineering, ENASE, Wroclaw, Poland, pp 53–64. SciTePress (2012)

  5. Che, X., Lalanne, F., Maag, S.: A logic-based passive testing approach for the validation of communicating protocols. In: Proceedings of the 7th international conference on evaluation of novel approaches to software engineering, Wroclaw, Poland, pp 53–64 (2012)

  6. Chu, Y.-H., Feigenbaum, J., Lamacchia, B., Resnick, P., Strauss, M.: Referee: trust management for web applications. O’Reilly World Wide Web J. 2(3), 127–139 (1997)

    Google Scholar 

  7. Dagon, D., Provos, N., Lee, C.P., Lee, W.: Corrupted dns resolution paths: The rise of a malicious resolution authority. In: Proceedings of the network and distributed system security symposium, NDSS, San Diego, California. The Internet Society (2008)

  8. Dierks, T.: The transport layer security (tls) protocol version 1.2. RFC 5246 (2008)

  9. Fan, L., Wang, Y., Cheng, X., Li, J.: Prevent dns cache poisoning using security proxy. In: Proceeding of IEEE 12th international conference on parallel and distributed computing, applications and technologies, PDCAT 2011, Gwangju, Korea, pp 387–393 (2011)

  10. Freier, A., Karlton, P., Kocher, P.: The secure sockets layer (ssl) protocol version 3.0. RFC 6101 (2011)

  11. Grandison, T., Sloman, M.: A survey of trust in internet applications. IEEE Commun. Surv. Tutor. 3(4), 2–16 (2000)

    Article  Google Scholar 

  12. Grandison, T., Sloman, M.: Trust management tools for internet applications. In: Proceedings of trust management, springer first international conference, iTrust, Heraklion, Crete, Greece, pp 91–107 (2003)

  13. Haidar, D.A., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: Xena: an access negotiation framework using xacml. Ann. Telecommun. 64(1-2), 155–169 (2009)

    Article  Google Scholar 

  14. Holzmann, G.J.: The spin model checker : primer and reference manual (2004)

  15. Irfan, M.-N., Oriat, C., Groz, R.: Model inference and testing. Adv. Comput. 89, 89–139 (2013)

    Article  Google Scholar 

  16. Jim, T.: Sd3: a trust management system with certified evaluation. In: Proceedings of the 2001 IEEE symposium on security and privacy, Oakland, California, USA, pp 106–115 (2001)

  17. Lalanne, F., Maag, S.: A formal data-centric approach for passive testing of communication protocols. IEEE/ACM Trans. Networking 21(3), 788–801 (2013)

    Article  Google Scholar 

  18. Lee, A.J., Winslett, M., Perano, K.J.: Trustbuilder2: a reconfigurable framework for trust negotiation. In: Proceedings of trust management iii, 3rd IFIP WG 11.11 international conference, IFIPTM, West Lafayette, pp 176–195 (2009)

  19. Lee, D., Miller, R.E.: Network protocol system monitoring-a formal approach with passive testing. IEEE/ACM Trans. Networking 14(2), 424–437 (2006)

    Article  Google Scholar 

  20. Lo, C.-C., Huang, C.-C., Ku, J.: A cooperative intrusion detection system framework for cloud computing networks. In: 280–284, editors, Proceedings of the IEEE 39th international conference on parallel processing workshops (2010)

  21. López, J., Che, X., Maag, S.: An online passive testing approach for communication protocols. In: Proceedings of the 9th international conference on evaluation of novel approaches to software engineering, Ensase, Lisbon. SCITEPRESS (2014)

  22. McCanne, S., Jacobson, V.: The bsd packet filter: a new architecture for user-level packet capture. In: Proceedings of the USENIX winter 1993 conference proceedings on USENIX winter 1993 conference, San Diego (1993)

  23. Mills, D.L.: Internet time synchronization: the network time protocol. IEEE Trans. Commun. 39(10), 1482–1493 (1991)

    Article  Google Scholar 

  24. Mockapetris, P.V.: Rfc 1035 domain names — implementation and specification. Internet Engineering Task Force (1987)

  25. Movahedi, Z., Nogueira, M., Pujolle, G.: An autonomic knowledge monitoring scheme for trust management on mobile ad hoc networks. In: IEEE wireless communications and networking conference, WCNC 2012, Paris, pp 1898–1903 (2012)

  26. Postel, J.: Transmission control protocol. RFC 793. Internet Engineering Task Force (1981)

  27. Roschke, S., Cheng, F., Meinel, C.: A flexible and efficient alert correlation platform for distributed IDS. In: Proceedings of the ieee fourth international conference on network and system security, NSS, Melbourne, Victoria, pp 24–31 (2010)

  28. Toumi, K., Andrés, C., Cavalli, A.R.: Trust-orbac: a trust access control model in multi-organization environments. In: Proceedings of information systems security, 8th international conference, ICISS, Guwahati, pp 89–103 (2012)

  29. Zargar, S.T., Takabi, H., Joshi, J.B.D.: Dcdidp: a distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments. In: 332–341, editor, Proceedings of IEEE 7th international conference on collaborative computing: networking, applications and worksharing, collaboratecom, Orlando (2011)

  30. Zargar, S.T., Takabi, H., Joshi, J.B.D.: Dcdidp: a distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments. In: 332–341, editor, Proceedings of IEEE 7th international conference on collaborative computing: networking, applications and worksharing, collaboratecom, Orlando (2011)

Download references

Acknowledgments

We would like to acknowledge the company Tilidom for having kindly provided their expertise and access to their DNS servers.

Author information

Authors and Affiliations

  1. Telecom SudParis, CNRS UMR 5157, 9, Rue Charles Fourier, 91011, Evry Cedex, France

    Jorge Lopez & Stephane Maag

  2. Universidad Galileo, RLICT, 7a. Av. Final, Calle Dr. Eduardo Suger Cofino, Zona 10, Guatemala, Guatemala

    Gerardo Morales

Authors
  1. Jorge Lopez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stephane Maag
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gerardo Morales
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jorge Lopez.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lopez, J., Maag, S. & Morales, G. Behavior evaluation for trust management based on formal distributed network monitoring. World Wide Web 19, 21–39 (2016). https://doi.org/10.1007/s11280-015-0324-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11280-015-0324-6

Keywords

Search

Navigation