Skip to main content
European Commission logo
English English
CORDIS - EU research results
CORDIS
CORDIS Web 30th anniversary CORDIS Web 30th anniversary
Content archived on 2024-05-18

SECURE: Secure Environments for Collaboration among Ubiquitous Roaming Entities

Article Category

Article available in the following languages:

Security founded on trust

Human interactions are often based on mutual trust, so why shouldn't those of machines? One European project has developed a system through which mobile devices can evaluate the trustworthiness of computer networks.

Trust is an important concept underpinning society. Without it, human interactions would become cumbersome and perhaps even impossible. The application of trust leads naturally to a decentralised approach to security management that can tolerate partial information, albeit one in which there is an inherent element of risk for the trusting entity. We are moving towards the time when there are more things linked by the internet than people. The complexity involved in enabling potentially billions of individual devices to communicate with one another means a decentralised approach will become essential if security systems are not to become unmanageable. However, basing electronic interactions on trust requires not only a thorough understanding of how humans use it to make accurate decisions. A thorough awareness of the implications of this in the computing domain is required, and the risks and challenges this poses to data security and system integrity. The project Secure sought to explore the application of trust-based security systems for mobile and roaming computer infrastructure. The project worked on a framework for trust management. It defined a computational trust model allowing electronic entities to reason about the 'trustworthiness' of other entities for use in security-related decisions. The model would not only enable entities to assess the potential trustworthiness of other entities. It would also balance the benefits and utility against the risks and potential costs to reach a decision on whether or not to trust a particular application or network resource. Secure worked on a formal language for trust policies, including global and local referencing, as well as operational algorithms for distributed computation of policy trust values. By the end of the project, Secure had defined a comprehensive methodology for the evaluation of trust-based security policies, including detailed threat analysis. What's more, it also defined separate evaluation criteria for the decision-making system as a whole and for its individual components. The whole methodology has been successfully tested on a SPAM filtering application. As the domain of trust-based security reaches maturity, the ability to evaluate the effectiveness of various proposed policies becomes crucial. In this respect, Secure could prove to be a valuable tool for the whole scientific community.

Discover other articles in the same domain of application