Abstract
In this paper, trust-based recommendations control the exchange of personal information between handheld computers. Combined with explicit risk analysis, this enables unobtrusive information exchange, while limiting access to confidential information. The same model can be applied to a wide range of mobile computing tasks, such as managing personal address books and electronic diaries, to automatically provide an appropriate level of security. Recommendations add structure to the information, by associating categories with data and with each other, with degrees of trust belief and disbelief. Since categories also in turn confer privileges and restrict actions, they are analogous to rôles in a Rôle-Based Access Control system, while principals represent their trust policies in recommendations. Participants first compute their trust in information, by combining their own trust assumptions with others' policies. Recommendations are thus linked together to compute a considered, local trust assessment. Actions are then moderated by a risk assessment, which weighs up costs and benefits, including the cost of the user's time, before deciding whether to allow or forbid the information exchange, or ask for help. By unifying trust assessments and access control, participants can take calculated risks to automatically yet safely share their personal information.
Original language | English |
---|---|
Pages (from-to) | 711-721 |
Number of pages | 11 |
Journal | Wireless Networks |
Volume | 10 |
Issue number | 6 |
DOIs | |
Publication status | Published - Nov 2004 |
Externally published | Yes |
Bibliographical note
Funding Information:This work has been inspired and supported by the EU-funded SECURE project (IST-2001-32486), part of the EU Global Computing initiative. The authors would like to acknowledge the very helpful interaction we have had with all the members of the project consortium, and especially BRICS, at Århus, Denmark, for helping to formally ground our trust model.
Keywords
- Ad-hoc collaboration
- Trust and risk
- Ubiquitous computing
- Unobtrusive security