By application of Jøsang’s subjective logic we make the degree, to which the experience reports of a component user are considered to compute the trust value of a component, conditional upon the user’s own trust value. Moreover, the log is checked for being correct as well. Therefore an experience report is tested for consistency with a log of the component interface behavior which is supplied by the component user together with the report. The trust values are based on valuations resulting from validity checks of the experience reports sent by the component users. To prevent that a component user sends wrong reports resulting in a bad trust value of the component, which therefore would be wrongly incriminated, the trust information service stores also trust values of the component users. In this paper, we focus on the second security risk. The wrappers adjust the intensity of monitoring a component dependent on its current trust value. Based on the reports, special trust values are computed which represent the belief or disbelief of all users in a component resp. Therefore a so-called trust information service collects positive and negative experience reports of the component from various users. Here, the kind and intensity of monitoring a component is adjusted according to the experience of other users with this component. Moreover, we use trust management to reduce the significant performance overhead of the security wrappers. The first risk is addressed by security wrappers controlling the behavior at the component interface at runtime and enforcing certain security policies in order to protect the other components of the application against attacks from the monitored component. At second, an application owner may incriminate a component designer falsely for any damage in his application which in reality was caused by somebody else. At first, a malicious component may attack the application incorporating it. This design method, however, causes two new security risks. Software component technology supports the cost-effective design of applications suited to the particular needs of the application owners.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |