Trust-based access control in federated environments

Nowadays interorganizational collaborations are evolving into large federated environments interconnecting organizations from all over the world. The relationships among these organizations are basically characterized by the need for competition and cooperation, essentially for sharing resources and services such as computing and storage capabilities. Enhanced autonomy and mobility are one of the key features for a continuous and successful functioning of such environments, allowing, thus, the participating parties to engage in ad-hoc collaborations as the need arises. The dynamic partnering aspect in such organization networks is, on the one hand, leading to the abolishment of classical spatial and temporal constraints, and consequently, to a greater flexibility in cooperation among organizations. On the other hand, this aspect raises other questions such as how to assess the trustworthiness of unknown potential partners, how to rely on their outcomes and how to make authorization decisions thereupon. In this thesis, a Trust Based Access Control (TBAC) solution, which aims at addressing fundamental trust issues confronting dynamic federated environments throughout the educational and commercial sectors, is presented. By means of three basic scenarios, which provide insight into the aspects and different classes of the Circle of Trust (CoT) in federated environment, a set of requirements have been collected, weighted and classified in a form of a criteria catalogue, which in turn serves as a basic reference for the solution design. Additionally, a comprehensive survey of much of the literature that can be found on trust and reputation management in distributed and federated environments has been analyzed with regard to the criteria catalogue. To compensate the deficiencies and the weaknesses of existing approaches in the management of interorganizational trust reltionships, a trust process model as well as a framework for building a CoT among organizations has been investigated to support secure and trustful collaborations between them. Firstly, the trust process model specifies the evolution chain of a trust relationship through different phases, including, Initialization, Management, Validation, Evolution and Auditing. Secondly, the Framework realizes the different phases of the process model, and consequently, enables the specification of a common set of logical methods and procedures for reasoning about trust from different aspects and dimensions. This investigation primarily distinguishes between at least two classes of trust relationships, Collaboration Trust and Content Quality Trust, which basically develop out of the joint experiences of collaborating with regard to additional aspects and behavior indicators such as Quality of Service (QoS) properties and parameters. The thesis is concluded by an analysis of a prototype implementation of the TBAC Framework, and a detailed evaluation of the trust computation algorithms in the light of performance criteria such as promptness, accuracy, choice of the trust metric scales as well as several other performance parameters.