A Trust Management A Trust Management Framework for Service-Framework for Service-Oriented EnvironmentsOriented Environments
William Conner, Arun Iyengar, Thomas Mikalsen, Isabelle Rouvellou, and Klara [email protected]
18th International World Wide Web Conference
1
OutlineOutlineBackground and motivationTrust management frameworkPerformance evaluationRelated workConclusion
2
Distributed Computing Distributed Computing PlatformsPlatformsMany options available for
deploying distributed applications◦P2P systems
Gnutella for file sharing PPLive for media streaming
◦Computational grids Open Science Grid for scientific research
◦Computing clouds IBM Blue Cloud, Google App Engine, and
Amazon Web Services for web applications
3
Trust ManagementTrust ManagementParties in distributed transactions
often concerned with trust◦Client perspective: server selection◦Server perspective: access control
Client Server
Buying / Selling (eBay)
Download / Upload (P2P)
Request / Response (Web)
INVITE / OK (SIP)
4
Trust ManagementTrust ManagementCredential-based trust management
◦Exchange credentials prior to transaction◦Suitable when parties are known directly
or indirectly◦Not our focus
Reputation-based trust management◦Gather feedback ratings on prior
transactions◦Suitable for open environments when
parties are unknown to each other
5
Trust Management Service Trust Management Service (TMS)(TMS)Reputation-basedServer-side access control for
distributed infrastructuresEnable sharing of reputation
feedback from many sourcesEnable simultaneous use of
different reputation metrics
6
Target EnvironmentTarget EnvironmentService-hosting infrastructure
◦Computing cloud would be an example
◦Many external clients sending requests
◦Many different services fulfilling requests
7
Security AssumptionsSecurity AssumptionsNo Sybil attacks
◦XRep and PeerTrust share this assumption
Secure communications within infrastructure◦Public key cryptography
Attacks characterized by negative feedback◦Other Web-based attacks outside scope
Bad feedback implicitly handled by reputation metrics
8
Collecting Reputation Collecting Reputation FeedbackFeedback
External Client C Hosted Service S TMS
REQUEST
REPLY
H1 = (C,S,Fdbk1,Attrs1)
TMS Records(C,S,Fdbk1,Attrs1)TMS Records(C,S,Fdbk1,Attrs1)(C,S,Fdbk2,Attrs2)
H2 = (C,S,Fdbk2,Attrs2)
H = service invocation history recordC = client invoking serviceS = invoked serviceFdbk = feedback value between -1 and 1Attrs = trust-related attributes 9
Feedback ExampleFeedback Example
10
Assessing TrustAssessing Trust
External Client C Hosted Service S TMS
REQUEST
REPLY
TMS RecordsH1 = (C,S,Fdbk1,Attrs1)H2 = (C,S,Fdbk2,Attrs2)
(C,FS)
RepC,S = FS({H1,H2})
GRANT if RepC,S ≥ TS
DENY, otherwise
C = client invoking serviceS = invoked serviceFS = reputation scoring function for SRepC,S = reputation of C according to STS = minimum trust threshold for S 11
Custom Reputation Custom Reputation MetricsMetricsTMS supports flexible reputation
metrics◦Select from library of available
scoring functions◦Define user-specific scoring function
eBay reputation metric◦Summation of feedback ratings
PeerTrust reputation metric
satisfactioncredibility transactioncontext
communitycontext
12
Distributed TMSDistributed TMSMultiple TMS nodes organized
into DHT◦Consistent hashing used for load
balancing◦Replication on successor nodes for
availability
Hosted Service S TMS 1
TMS 0
TMS 2
13
Consistent HashingConsistent HashingApply cryptographic
hash function to client identifier to get hash value hashC
◦ Example hash functions: SHA-1, MD5
Assign hashC to numerically closest TMS identifier ≥ hashC
◦ Similar to Chord DHT
14
0
4
8
12
14
10 6
2
hashC
node
crash
ReplicationReplicationTMS nodes might crash
◦Stored records unavailable◦Reports reassigned based on
consistent hashEnhance availability of TMS
records◦Replicate TMS records on up to k
nodes where k = 0,…,N-1◦Similar to successor replication on
Chord15
ReplicationReplicationProbability of losing record
◦ Assume nodes fail independently with probability p
◦ Assume replication factor k◦ Prob = pk
16
0
4
8
12
successor
node
8
12
0
4
Trust Value CachingTrust Value Caching
External Client C Hosted Service S TMS
REQUEST
REPLY
(C,FS)
RepC,S = FS({H1,H2})
Additional processingand round trip
17
Trust Value CachingTrust Value CachingObservation
◦Q: Is it necessary to re-evaluate trust each time?
◦A: Depends on scoring function and client activity since last evaluation
Example◦eBay is scoring function used◦Client has 5 transactions since last
evaluation◦If RepC = 100, then always grant◦If RepC = -100, then always deny
18
Trust Value CachingTrust Value CachingTMS periodically updates services
on client activity levels◦Maintain frequency count for each
client◦Create Bloom histogram to
approximate frequency countServices estimate upper and
lower bound on client reputationTMS only contacted if re-
evaluation necessary19
Trust Value CachingTrust Value Caching
20
Performance EvaluationPerformance EvaluationIntegrated TMS into Supply Chain
Management application◦Retailers◦Warehouses◦Manufacturers
Measured latency and throughput through experiments◦Trusted ILLIAC (LAN environment)◦PlanetLab (WAN environment)
21
Performance EvaluationPerformance Evaluation
22
LatencyLatency
23
ThroughputThroughput
24
Related WorkRelated WorkOnline auctions
◦Buyers and sellers rate each other◦eBay is best known example
P2P file sharing◦Avoid bogus or malicious content◦XRep [Damiani et al. ‘02], EigenTrust
[Kamvar et al. ‘03], and PeerTrust [Xiong and Liu ‘04]
Web service selection◦Clients send requests to most reputable
services◦Examples include [Zeng et al. ‘03, Kalepu et
al. ‘04, Park et al. ‘05]25
ConclusionConclusionTrust management framework
◦Reputation-based◦Server-side access control◦Enable sharing of feedback◦Enable flexible trust assessments◦Reasonable latency and throughput
overhead
26