Social Computational Trust Model (SCTM) · 2018-11-23 · SARNET: Secure Autonomous Response...
28
SARNET: Secure Autonomous Response Networks Social Computational Trust Model (SCTM): A Framework to Facilitate the Selection of Partners Ameneh Deljoo 1 , Tom van Engers 2 , Leon Gommans 1,3 , and Cees de Laat 1 1 Systems and Networking Lab, University of Amsterdam 2 Leibniz Center for Law, University of Amsterdam 3 AirFrance-KLM, Amsterdam [email protected] Supported by NWO and C2D grants SARNET, DL4LD and NWA VWDATA.
Transcript of Social Computational Trust Model (SCTM) · 2018-11-23 · SARNET: Secure Autonomous Response...
SARNET: Secure Autonomous Response Networks
Social Computational Trust Model (SCTM): A Framework to Facilitate the Selection of PartnersAmeneh Deljoo1, Tom van Engers2, Leon Gommans1,3 , and Cees de Laat1
1Systems and Networking Lab, University of Amsterdam2Leibniz Center for Law, University of Amsterdam
3AirFrance-KLM, [email protected]
Supported by NWO and C2D grants SARNET, DL4LD and NWA VWDATA.
SARNET: Security Autonomous Response with programmable NETworks
Marc Lyonnais, Leon Gommans, Rodney Wilson, Rob Meijer, Frank Fransen Tom van Engers, Paola Grosso, Gauravdeep Shami, Cees de Laat,
Ameneh Deljoo, Ralph Koning, Ben de Graaff, Gleb Polevoy, Stojan Travanovski.
Big Data: real time ICT for logistics Data Logistics 4 Logistics Data (dl4ld)
NWO t.a.v. Dr. G. (Arian) Steenbruggen, directeur NWO-domein Exacte en Natuurwetenschappen (ENW)
Subject: Statement of co-funding by the private partner(s)
City of Amsterdam p/a Ger Baron Amstel 1 1011 PN Amsterdam [email protected]
Date: Feb. 24th 2017
Dear Sir/Madam,
Subject to successful completion of the Project Agreement, with all terms and conditions agreed by all contributors to the project, and if our proposal is honoured by NWO, I hereby promise to NWO the contribution which the City of Amsterdam will make for the project proposal for the Big Data: real time ICT for Logistics call entitled DaL4LoG.
The principal applicant for this proposal is TNO The amount of the cash contribution is €100.000 The amount of the in-kind contribution represents a value of €40.000, quantified in accordance with the guidelines in the Call for Proposals, annex 6.2.
The in-kind contributions concerns the following works: - Participation in proposal defined project activities and workshops - Providing necessary data and access to data - Providing feedback on potential use cases and applications
Yours sincerely,
Ger Baron Chief Technology Officer City of Amsterdam
Letter of Commitment
NWO t.a.v. Dr. G. (Arian) Steenbruggen, directeur NWO-domein Exacte en Natuurwetenschappen (ENW) From: ORACLE Nederland BV Hertogswetering 163-167 3543 AS Utrecht Utrecht, 23 februari 2017 LETTER OF COMMITMENT ‘call Big Data: real time ICT for Logistics’ With this letter I declare on behalf of ORACLE Nederland BV the importance of the research project proposal call Big Data: real time ICT for Logistics , Data Logistics 4 Logistics Data. ORACLE Nederland BV will contribute in terms of input of knowledge and relevant business information to this project. Our contribution will consist of 200 hours in kind commitments at the rate of max 100 euro per hour to a total value of € 20.000,- with respect to our participation in WP4. Community workshops. We hereby confirm to have read the NWO Framework for Public-Private Partnerships, including NWO's rules concerning IP and the transfer of knowledge as described in the document. If the project will be approved and granted, we as a consortium partner will share responsibility for a prompt completion of a consortium agreement in accordance with the NWO Framework document. ..................................................
Loek Hassing Client Engagement Lead ORACLE Nederland BV
Simacan B.V. Valutaboulevard 16 3825 BT Amersfoort T +31 (0) 33 887 4000 E [email protected] W www.simacan.com KvK 57084173 ING Bank IBAN NL39 INGB 0007 8260 54 BTW NL852431296B01
NWO Amersfoort, 24 februari 2017 T.a.v. dDr. G. (Arian) Steenbruggen Postbus 93138 2509 AC Den Haag Betreft: Verklaring van de medefinanciering van de private partner(s) Onze referentie: SIMA17-169 Geachte Arian Steenbruggen,
Via deze brief zeg ik NWO de bijdrage toe die Simacan B.V. zal leveren aan het projectvoorstel voor de call Big Data: real time ICT for Logistics, getiteld Data Logistics 4 Logistics Data, indien dit door NWO wordt gehonoreerd. Deze matchingsverklaring is onvoorwaardelijk en bevat geen ontbindende voorwaarden.
De hoofdaanvrager van dit voorstel is TNO. De hoogte van de cash bijdrage is € 0,-. De hoogte van de in kind bijdrage vertegenwoordigt een waarde van €10.000,-, gekwantificeerd volgens de richtlijnen in de Call for Proposals, bijlage 6.2. De in kind bijdragen betreffen de volgende werkzaamheden: deelname in WP3, WP4, Community workshops en meedoen aan de disseminatie van de resultaten van het WP2. Deze bedragen zijn conform de begroting in het projectvoorstel.
Met vriendelijke groet,
Rob Schuurbiers Directeur
Simacan B.V.
Robert Meijer, TNO, PI, Cees de Laat, UvA, Co-PI, Leon Gommans, KLM
Cyber security programSARNET
Research goal is to obtain the knowledge to create ICT systems that:
– model their state (situation)– discover by observations and reasoning if and how an
attack is developing and calculate the associated risks– have the knowledge to calculate the effect of counter
measures on states and their risks– choose and execute one.
In short, we research the concept of networked computer infrastructures exhibiting SAR: Security Autonomous Response.
2
Figure 1 A control program called Service (orange box) creates and deploys an IP network and computer infrastructure (purple plane). ICT control programs that we created in prior research were able, amongst others, to monitor, add and delete network links, routing elements and manage virtual machines in cloud data centres in order to optimize the network service continuously. The new research addresses security risk control programs that adapt the ICT in the purple plane autonomously as a response on threats. These programs are shown here as a separate control program labelled “security”.
2b Abstract for a lay readership (in Dutch)
ICT zelfverdediging tegen hackers Regelmatig halen succesvolle cyberaanvallen het nieuws omdat toegang tot belangrijke websites, internetbankieren en email onmogelijk zijn gemaakt. Hackers plunderen bankrekeningen en stelen informatie. ICT professionals blijken regelmatig te falen om de werkzaamheden van de hacker te ontdekken, te volgen en te stoppen. Wij onderzoeken nu computers en netwerken, ICT systemen dus, die zich zelf verdedigen, al naar gelang de aard van de aanvallen. Deze autonoom verdedigende computersystemen moeten zelf ontdekken of en hoe een cyberaanval gaande is en, zo ja, wat de juiste tegenmaatregelen kunnen zijn. Bij die tegenmaatregen passen we de resultaten van eerder onderzoek toe. Daarin hebben wij methodes ontwikkeld hoe systemen autonoom internetverbindingen kunnen veranderen of alternatieven daarvoor in stand kunnen houden zodat internet verkeer altijd mogelijk blijft. Ook is onze software in staat om van web- en andere servers kopieën te maken en die naar andere rekencentra verhuizen. M.a.w. onze software is in staat om ICT systemen te hergroeperen en dat geeft nieuwe mogelijkheden in de strijd tegen cybercriminaliteit. Bij het onderzoeken van het palet van tegenmaatregelen bekijken wij ook de extra inzet van typische cyber security technologie, b.v. het automatisch bijschakelen van firewalls en het veranderen van bijvoorbeeld een webserver in een valstrik voor hackers, een zogenaamde “honey pot”. De projectnaam, SARNET is de afkorting van “security autonomous response network” en hint op deze automatisch aanpassende
Context & Goal
SARNET AllianceStrategic Level
Security Autonomous Response NETwork Research
Tactical Level
Operational Level
Ameneh Deljoo (PhD):Why create SARNET Alliances?Model autonomous SARNETbehaviors to identify risk and benefitsfor SARNET stakeholders (3)
Gleb Polevoy (PD):Determine best defense scenario against cyberattacks deploying SARNET functions (1) based on security state, KPI information (2) keeping in mind strategic motifs (3).
Ralph Koning (PhD)Ben de Graaff (SP):1. Design functionalities needed to operate a SARNET using SDN/NFV 2: deliver security state and KPI information (e.g cost)
3
2
1
InternetEx
change
SARNET Alliance concept
Enterprise A Enterprise B Enterprise C
Internet Service Provider A Internet Service Provider B
The Big Bad Internet
SARNET Alliance research using Service Provider Group concept
Testbed provided by using technology
SARNET research
SARNET Alliance concept demos
See SC17 proof of concepts:
http://delaat.net/sc/sc17/
http://delaat.net/sc/sc17/demo01/index.html
Creating Cyber Security Alliances Requires to:
vDefine common benefits for the members,vOrganize and maintain Trust among the members, andvDefine a governance model to define common policies and standards for alliance’smembers.
Research objectives:
vDefine Trust and its antecedents
vPresent a Social Computational Trust Model (SCTM) and its Components.
vPresent the Interaction Risk estimation through the SCTM Model.
Trust and its Antecedents
“x” expects “y” to do “t” and “y” will not exploit vulnerabilities of “x” when “y” is faced with the opportunity to do so. Therefore, ``y" has to exhibit:
• Competence: Have the potential ability of a trustee to perform a given task
• Integrity: Adhere to the set of rules and act accordingly to fulfill the commitments, and
• Benevolence: Act and do good even if unexpected contingencies arise.
Trust Framework
kj
Competence
Integrity
Benovelence
Trustworthiness
Trustee
Trustor
Trust OutCome >= Expectation Risk Assessment
ContextA Set of
Principles
Kindship
Evidence* Current (S), Context
Current (S), Context Evidence*
Evidence
Adopted from Mayer et al. (1995) ``An Integrative Model of Organizational Trust"
Social Computational Trust Model (SCTM)
BenovelenceEvaluation Function
Ben(x,y)
Trustworthiness Evaluation Function
TW(x,y)
Trust T(x,y)
E(x,y)
Ex(*,y)
Ben(x,y)
TW(x,y)
T(x,y)
IntegrityEvaluation Function
Int (x,y)
Current Situation
(S), Context
Int(x,y)
Ex(*,y)
CompetenceEvaluation Function
Com (x,y)
Current Situation
(S), Context
Com(x,y)
vIdentify three distinctive trustworthiness factors (Benevolence Integrity and Competence)
vEvaluate Trust in a dynamic way
vObtain the available evidence on the trustee
vUpdate Trust value
Benevolence Evaluation
• Based on the Direct interactions between X and Y (in the situation S).• !"#$ %, ' ∈ [0,1]
!"#$ %, ' = 1|/0|
1( 345(6(x,y)))Z
WD
A
Y
X
C
B
M
N
1 Where N is the set of situations, in which “x” has interactions with “y”.
Competence Function
• Estimate based on the all available evidence on Trustee (e.g. y,z)• !"#$ %, ' ∈ [0,1]
!"#$(%, ') = 0|2| ∑ val (E$(∗,y))
Deljoo, Ameneh, et al. "The Impact of Competence and Benevolence in a Computational Model of Trust." IFIP International Conference on Trust Management. Springer, Cham, 2018.
Z
WD
A
Y
X
C
B
M
N
Request
E(w,z)
E(Y,z)
E(A,z)
E(M,z)
Estimating Trust1 based on Competence and Benevolence functions
!"($, &) = )*+" $, & + -./"($, &)
1 Integrity has been considered as a part of Benevolence function.
Risk EstimationInteraction Risk ("#) in the Alliance Consists of:
• Relational Risk "% : The probability and consequence of not having a successful cooperation. • Performance Risk ("'): The probability and consequence that alliance
objectives are not realized despite satisfactory cooperation among the partners.
We can assume that Risk will be increased in the case of lack of Trust.
Propositions
Proposition1
Benevolent1 behavior of partners increases trust and reduces former perceived relational risk in the alliance.
!"($, &) ∝ )*+,- .,/
Proposition 2
The perceived performance risk will be reduced if the competence of the given member is high.
!0($, &) ∝ )123- .,/
1Some of the scholars consider faith and good intentions instead of benevolence.
Perceived interaction risk
Risk (R)
Benevolence Function
Risk Estimation
Competence Function
Relation Risk (Rr)Performance Risk (Rp)
W1 W2
!" #, % = log*(,-
∗
1 + 1234 %, 5+
,*
1 + 6784 %, 5)
∗:ℎ2 <=>?2 7@ ,- and,* have been considered equaly in this research.
,-,,,*= 1
Case Study
Z
WD
A
Y
X
C
B
M
N
A Collaborative Network
Notation
Description Representation Value RangeSociety of Agents !, # ∈ %Situations & = {)*, )+, ),, )-}
Task .Sub-tasks /*, /+, /,, /-Context1 0*, 0+, 0,, 0-, 01, 02, 03, 04Outcome 56, 566, 7 1, 0.5, 0
Trust x on y in the situation S .8(y, S) [0,1]
All the available evidence on y E8(∗,y) [0,1]
The direct evidence on y ?(x,y) [0,1]
10* = trustor, 0+ = trustee, 0,=time, 0-= location, 01= task, 02= complexity, 03= deadline,03= outcome2 FD = Fulfill duty, FDD= Fulfill duty with delay, V=violation
Z
WD
A
Y
X
C
B
M
N
Scenario
Domain “N” wants to choose ideal domains for collaboration in order to mitigate and defend against a certain attack.
Task: Mitigate and defend against a certain attack.
Sub-tasks: v!": provide resources within a certain time window,v!#: monitor a certain traffic,v!$: block a certain link, v!%: implement a certain counter measurement.
Z
WD
A
Y
X
C
B
M
N
Request
E(w,z)
E(Y,z)
E(A,z)
E(M,z)
Gathering Evidence
Agent “X” asks different Agents’ (direct neighbors of ”Z”) opinion about agent ‘’Z” on the different (Sub-)tasks.
Sub-tasks
Agents
!" !# !$ !%
Y FDD FD FD FDDM FDD FD FD FDD
W FDD FD FD FDDA FDD FD FD FDD
Result
0.65
0.56
0.65
0.97
0.65
0.46
0.53
0.46
0.88
0.46
0.71
0.86
0.72
0.43
0.71
X M D Y Z
Competence Benevolence Risk
!"#$%&': )*+ − -$'.(01)
v01: provide resources within a certain time window.
vDomain “N” selects Domain “Y” to collaborate with.
Result Cont.
0.86
0.98
0.86
1
0.860.88
0.71
0.88
0.98
0.88
0.460.5
0.460.4
0.45
X M D Y Z
Competence Benevolence Risk
v!": monitor certain traffic.
vDomain “N” selects Domain“Y”, “X” and “Z” to collaboratewith.
#$%&'(): +,- − /&)0(!")
Result Cont.
0.54
0.88
0.65
1
0.54
0.66
0.98
0.46
0.98
0.660.69
0.42
0.72
0.4
0.69
X M D Y Z
Competence Benevolence Risk
!"#$%&': )*+ − -$'.(01)
v!": block a certain link.
vDomain “N” selects Domain“Y” and “M” to collaboratewith.
Result Cont.
0.790.83
0.79
1
0.49
0.36
0.710.66
1
0.36
0.88
0.53 0.54
0.4
0.93
X M D Y Z
Competence Benevolence Risk
!"#$%&': )*+ − -$'.(01)
v!": implement a certaincounter measurement.
vDomain “N” selects Domain “Y” to collaborate with.
Conclusion
SCTM allows us to:
v Identify and isolate untrustworthy members
v Evaluate an interaction's utility
v Estimate the interaction risk
v Estimate trust based on the direct and observed evidence
v Decide whether and with whom to interact
Q&A
• More information:– http://delaat.net/sarnet– http://delaat.net/dl4ld
• Contact:– [email protected]
