Trust Measurement and Management
2 likes499 views
The document discusses open research issues in measuring and managing trust. It defines trust and examines the relationship between trust and risk. It outlines a basic trust management scenario involving building, shaking, and restoring trust between two parties. More complex scenarios involving multiple parties and events that impact trust are also discussed. Several challenges are presented for research in measuring trust quantitatively and developing models and methods for managing trust over time.
Trust Measurement and Management
- 1. Alan Hartman – IBM Haifa Research Lab 20 June 2012 Trust Measurement and Management Open Research Issues © 2009 IBM Corporation
- 2. Agenda Motivation Defining Trust Relationship between Risk and Trust Basic Trust Management Scenario More Complex Scenarios 2 © 2009 IBM Corporation
- 3. Why measure and manage trust? Distrust and caution are the parents of security. - Benjamin Franklin The trust of the innocent is the liar’s most useful tool. - Stephen King Trust, but verify. – Ronald Reagan 3 © 2009 IBM Corporation
- 4. Definition of trust Trust is: An expectation about a future behaviour of another person … depending on the degree of trust and the extent of the associated risk (Kasselbaum Ph. D. Thesis in Sociology) Trust is: A function with three parameters: –Trust(Trustee, Trustor, ActivityOutcome), whose value is the probability (degree of trust) that Trustor believes that Trustee will produce ActivityOutcome in the future 4 © 2009 IBM Corporation
- 5. Relationship between trust and risk Working Hypothesis: A decision (by the Trustor) on whether to offer the Trustee the opportunity to participate in an Activity with the Trustor is based on both Trust and Risk Payoff is: a measure of the expected utility to the Trustor associated with all possible outcomes of an activity. Payoff(Trustor, Activity) = sum over all Outcomes (Trust( Trustee, Trustor, ActivityOutcome ) * Value(Outcome)) Rational behavior: If the payoff is positive, then take the risk Also rational: If the worst case is too awful, don’t take the risk 5 © 2009 IBM Corporation
- 6. Academic Interest in Trust Sociology –Who trusts the Internet? –What are the factors that influence a person to trust interactions in cyberspace? Economics –What motivates trust and cooperation? –What reputation and incentive mechanisms to promote trust? Management –Creating and maintaining trust – as part of leadership Computer Science –Creating trust in computing infrastructure and services 6 © 2009 IBM Corporation
- 7. Basic Trust Management Scenario 1. Build Trust 2. Shake Trust 3. Restore Trust 7 © 2009 IBM Corporation
- 8. Building Trust Trustor A trusts Trustee B to produce Outcome C with confidence level P0 8 © 2009 IBM Corporation
- 9. ShakingTrust An Event E occurs which causes P0 to decrease to P' which is below the threshold Pt determined by Trustee B 9 © 2009 IBM Corporation
- 10. Trust Restoration Trustee B takes mitigation action M and measures new trust level P '' 10 © 2009 IBM Corporation
- 11. Basic Scenario For Trust Management 1) Initial condition: Trustor A trusts Trustee B to produce outcome C with confidence level P0 2) Either an Event E occurs which causes P0 to decrease to P' which is below the threshold Pt determined by Trustee B Or P0 < Pt in the first place 3) Loop on i: I. B takes mitigation action Mi and measures confidence level Pi (Assume Mi are ordered in decreasing order of cost effectiveness) II. Until Pi >= Pt, or no cost effective mitigation actions remain in the arsenal of B © 2009 IBM Corporation
- 12. Research Challenges for Trust Management • How to measure P for a given A, B, and C • How to determine an appropriate threshold Pt for a given A, B, C • What are appropriate mitigation actions Mi for a given A, B, C, E • How to detect and report trust breach events E • How to measure cost effectiveness of Mi • When to give up – i.e. what is the law of diminishing returns in the context of A, B, C, E, and P0, P1, P2, ...Pi © 2009 IBM Corporation
- 13. Measuring Trustworthiness of ICT Systems Quantifying Trustworthiness Using Quantifiable Properties* Dependability Security Performability 13 *University of Kansas, Resilinets Wiki © 2009 IBM Corporation
- 14. Measuring Trustworthiness of Individuals or Organizations Quantifiable Properties Trustworthy actions Observed Reported by trusted source Evidence Trustworthy reputation Reputation measure Trusted reputation system Membership of trusted organization Trusted guarantor 14 © 2009 IBM Corporation
- 15. Ideas on How to measure trust Measure trusting actions in the past and assume that the future is like the (immediate) past Measure non-trusting actions Create a trust model and measure the antecedents of trust: Create a population model and a trustor classifier 15 © 2009 IBM Corporation
- 16. Mutual trust scenario Alice trusts BigBank to maintain the integrity of her credit card with P=99% BigBank trusts Alice to be honest with it with Q=95% E is an unauthorized credit card transaction from Alice's account – reported to BigBank by Alice (P'=85%, Q'=75%) What actions should Alice and BigBank take to rebuild mutual trust? What is the protocol for mutual trust negotiation? © 2009 IBM Corporation
- 17. B2B trust scenario OmahaInsurance is negotiating with IBM to outsource their health insurance claims processing Trust is held between IBM and Omaha and also between Omaha and its customers Event = break in to IBM office in Bangalore Action C is contract negotiation between IBM and Omaha © 2009 IBM Corporation
- 18. Trust me, I’m a doctor 18 © 2009 IBM Corporation