60 likes | 150 Views
TIUPAM: A Framework for Trustworthiness-centric Information Sharing. Shouhuai Xu Univ. Texas at San Antonio. Joint work with Qun Ni and Elisa Bertino (Purdue Univ.) Ravi Sandhu (Univ. Texas at San Antonio). Goal. A systematic framework for information sharing
E N D
TIUPAM: A Framework for Trustworthiness-centric Information Sharing Shouhuai Xu Univ. Texas at San Antonio Joint work with Qun Ni and Elisa Bertino (Purdue Univ.) Ravi Sandhu (Univ. Texas at San Antonio)
Goal • A systematic framework for information sharing • Trustworthiness-centric Identity, Usage, Provenance, and Attack Management (TIUPAM) • Four supporting components: • Identity management • Usage management • Provenance management • Attack management • The framework is centered at the need of trustworthiness and risk management for decision makers
Bird’s Eye View of TIUPAM Usage management (of authorized activities) Attack management (of unauthorized activities) Risk management Trustworthiness management Identity management (of people, organizations, and devices) Provenance management (of data, software, and requests) Note: “1 – trustworthiness risk” in general
Architecture of TIUPAM trustworthiness and risk management provenance management usage management identity management attack management
Trustworthiness of information Trustworthiness of usage Risk of (not) sharing Risk of (not) utilizing Incentives for (not) sharing Incentives for (not) utilizing Trustworthiness of provenance Trustworthiness of request Gain or loss Trustworthiness of identity Attack model Payoff of (not) sharing Payoff of (not) utilizing Trustworthiness of issuer Trustworthiness of owner Functions as the Glue Q: How should we construct/approximate these functions? 2009 ISI-AIS Workshop
Publications • Shouhuai Xu, Ravi Sandhu, and Elisa Bertino, TIUPAM: A Framework for Trustworthiness-Centric Information Sharing. Proc. 3rd IFIP WG 11.11 International Conference on Trust Management, Purdue University, West Lafayette, June 15-19, 2009. • Qun Ni, Shouhuai Xu, Elisa Bertino, Ravi Sandhu and Weilei Han, An Access Control Language for a General Provenance Model. Proc. 6th VLDB Workshop on Secure Data Management (SDM09), Lyon, France, August 28, 2009.