Trust and Mistrust Management in Enterprise Systems

Työn nimi — Arbetets titel — Title Oppiaine — Läroämne — Subject Työn laji — Arbetets art — Level Aika — Datum — Month and year Sivumäärä — Sidoantal — Number of pages Tiivistelmä — Referat — Abstract Avainsanat — Nyckelord — Keywords Säilytyspaikka — Förvaringsställe — Where deposited Muita tietoja — Övriga uppgifter — Additional information Kumpula Science Library, C–2011–XX In the near future world of dynamic open service ecosystem, where enterprises collaborate with various partners to further their business goals, there are new challenges in managing threats such collaboration brings, especially malicious peers. Traditional security solutions relying on restricting access on individual partner basis are not feasible in this open dynamic environment. Instead, the new community security requirements can be better met with new detective controls utilizing high level information. This thesis proposes a model where trust is utilized as the community member security solution. The solution consists of trust-guarded authorisation augmented by peer behaviour monitoring and continuous feedback for mistrust management. First, an extensive survey of trust management and an ontology built based on that shows how different types of trust can be utilised in enterprise computer systems and how trust-guarded authorisation is a valid realisation of the theoretical trust formation process. Second, for mistrust management this thesis surveys existing application intrusion detection mechanisms to find suitable mechanisms for peer behaviour monitoring and feedback. Thus this thesis combined two previously well known and separatebly implemented components in a novel way. The final contribution of this thesis is the TuBE community member security framework design based on the model above. The design shows how i) the trusting decisions are instrumented when an enterprise is engaging in collaboration, ii) the intrusion detection type monitoring is used at each service participant, iii) the collaboration can be terminated or restructured based on an observed intrusion or policy violation, and iv) how the observation affects the reputation and future trust decisions for the violating participant.