In modern internet-scale computing, interaction between a large number of
parties that are not known a-priori is predominant, with each party functioning
both as a provider and consumer of services and information. In such an
environment, traditional access control mechanisms face considerable
limitations, since granting appropriate authorizations to each distinct party
is infeasible both due to the high number of grantees and the dynamic nature of
interactions. Trust management has emerged as a solution to this issue,
offering aids towards the automated verification of actions against security
policies. In this paper, we present a trust- and risk-based approach to
security, which considers status, behavior and associated risk aspects in the
trust computation process, while additionally it captures user-to-user trust
relationships which are propagated to the device level, through user-to-device
ownership links.

By admin