9. Discretionary Access Control Database A Component Q Interface F Alice Read-Write; Always Bend Yes Bob Read-Write; Between 9 and 5 Fold No Charles No access Spindle No Dave No access Mutilate Yes Eve Read-only; Always None No
10.
11.
12.
13.
14.
15. Impersonation Bob Alice Mallory (malicious) “ I am Bob” Bob is reliable and everyone has a good opinion about Bob
16. Fraudulent Actions Alice “buyer” Alice pays for the items Marvin “seller” (malicious) Marvin does not ship the items
17. Misrepresentation Bob Alice Mallory (malicious) “ Bob is unreliable” Bob is reliable and everyone has a good opinion about Bob
18. Collusion Bob Alice Mallory (malicious) “ Bob is unreliable” Bob is reliable and everyone has a good opinion about Bob Marvin (malicious)
19. Addition of Unknowns Carol (new entrant in the system) Bob Alice Bob has no information about Carol; he is not sure whether to interact with Carol Carol is new and does not know Alice; she is not sure whether to interact with Alice
20.
21.
22.
23.
24.
25.
26. Design Guidelines Threats Strategies Impersonation Digital identities, signature-based verification Fraudulent Actions Explicit trust, comparable trust Misrepresentation Explicit trust, comparable trust, separation of internal and external data Collusion Explicit trust, comparable trust, separation of internal and external data Addition of unknowns Implicit trust of user
27.
28.
29. PACE Components Application Layer Communication Layer Information Layer Trust Layer Communication Manager External Information Internal Information Key Manager Signature Manager Trust Manager Application Trust Rules HTTP Sender Custom Protocols Multicast Manager Multicast Handler Credential Manager A P P L I C A T I O N
30.
31.
32.
33.
34.
35. Result: Decentralized Auctioning Carol Bob Alice Marvin (malicious) Mallory (malicious) Decentralized Auctioning Trust-enabled entity architecture Trust-enabled entity architecture Trust-enabled entity architecture
Notas del editor
Transition to threat-centric framework – In order to better understand these trust models, I first compared their abilities against the critical threats of decentralization