1 / 11

Open Reputation Systems

Open Reputation Systems. Reputation Systems. ENISA paper – a security analysis of reputation systems http://enisarep.notlong.com Use-cases Seller reputation Peer-to-peer Key management Anti-spam/IP reputation. Typical security vulnerabilities need to be addressed:.

lilith
Download Presentation

Open Reputation Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Open Reputation Systems

  2. Reputation Systems • ENISA paper – a security analysis of reputation systems http://enisarep.notlong.com • Use-cases • Seller reputation • Peer-to-peer • Key management • Anti-spam/IP reputation

  3. Typical security vulnerabilities need to be addressed: • Collusion – voters agree to target a victim • Denial of reputation – campaigns against an individual • Whitewashing (cancelling a bad reputation) • Sybil attacks (creating multiple identities to vote – e.g. Ebay 1 cent items voted on by seller)

  4. OASIS - ORMS • Develop scenarios for reputation management • Reputation of individuals, business partners, services processes, possibly even data • Develop reference/standard model • Flexible reputation data model • Framework and protocol/s for exchanging and porting reputation data • Evaluation algorithms for mapping reputation to risk / risk levels • Support for privacy, multiple identities, identity resolution

  5. Reputation is an aggregation of opinions about an assertion Assertion – Bob is a bad husband Assertion – Bob is a good laptop seller

  6. The anatomy of reputation – personal view Assertion – Bob is a good laptop seller

  7. Reputation Thoughts • Reputation votes should be separated from the algorithm used to compute it • Mean score • 2nd order reputation • Reputation Context => Same vote set can be interpreted differently • If reputation is an aggregated opinion about an assertion – why not integrate with SAML?

  8. Reputation Thoughts • Model must allow for so-called 2nd order reputations (scores which take into account the reputation of the voter) • Rating context should be taken into account – time/date, authentication method/token etc...

More Related