Trust management in communication networks

Abstract

Trust management is a major component in the security of e-services. Issues in trust management include: (a) expressing security policies and security credentials; (b) ascertaining whether a given set of credentials conforms to the relevant policies; and (c) delegating trust to third parties under relevant conditions. Various trust management systems have been developed to support security of networked applications. Unfortunately, these systems address only limited issues of the trust management activity, and often provide their services in a way that is appropriate to only special applications. In this chapter, we present a comprehensive approach to trust management, consider the major techniques and functionalities of a trust management system, and describe three well-known trust management systems. Introduction Recent advances in Internet computing, paired with the increase in network resources and end-node processing capabilities, have led to the growing need of organizations and administrations to use large Intranets to connect their offices, branches, and information systems. They also pushed for the development of e-services for the need of their customers. All the emerging applications and e-services have different notions of the concept of resource. They share one thing in common: the need to grant or restrict access to their resources according to the security policy appropriate to that e-service. Resources handled by e-services are of different types. While a clinical information system considers that a resource is a patient's record, a banking payment system considers accounts and money as the major resources to manage (Guemara-ElFatmi et al ., 2004).