2015-08-23#

Defining Trusted Infrastructure#

I am part of a group at EMC assigned with defining and developing our point-of-view on trusted infrastructure. We started by checking out what the industry was already saying. The most credible definition we came across is from the Trusted Computing Group (TCG), a well-respected nonprofit organization that defines security specifications.

• https://reflectionsblog.emc.com/2015/02/infrastructure-we-can-trust/
• http://solutionizeit.com/2014/11/17/infrastructure-that-we-can-trust/

A taxonomy for securely sharing information among others in a trust domain#

In any given collaboration, information needs to flow from one participant to another. While participants may be interested in sharing information with one another, it is often necessary for them to establish the impact of sharing certain kinds of information. This is because certain information could have detrimental effects when it ends up in wrong hands. For this reason, any would-be participant in a collaboration may need to establish the guarantees that the collaboration provides, in terms of protecting sensitive information, before joining the collaboration as well as evaluating the impact of sharing a given piece of information with a given set of entities. The concept of a trust domains aims at managing trust-related issues in information sharing. It is essential for enabling efficient collaborations. Therefore, this research attempts to develop a taxonomy for trust domains with measurable trust characteristics, which provides security-enhanced, distributed containers for the next generation of composite electronic services for supporting collaboration and data exchange within and across multiple organisations. Then the developed taxonomy is applied to a possible scenario, in which the concept of trust domains could be useful.

http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6750210&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D6750210

Open Trust Taxonomy for OAuth2 References #

http://ilpubs.stanford.edu:8090/675/1/2005-11.pdf:

Gathering Information#

• Identities
• Information Integrity

Dealing with Strangers#

Strangers Peers that appear to be new to the system. They have not interacted with other peers and therefore no trust information is available. Adversary A general term we use to apply to agents that wish to harm other peers or the system, or act in ways contrary to “acceptable” behavior.

Reputation Scoring and Ranking#

Inputs#

Regardless of how a peer’s final reputation rating is calculated, it may be based on various statistics collected from its history.

Output#

In the end, the computed reputation rating may be a binary value (trusted or untrusted), a scaled integer (e.g. 1 to 10), or on a continuous scale (e.g. 0,1).

Peer Selection#

Once an agent has computed reputation ratings for the peers interested in transacting with it, it must decide which, if any, to choose. If there is only one peer, and the question is whether to trust it with the offered transaction, the agent may decide based on whether the peer’s reputation rating is above or below a set selection threshold

Blockchain#

Although the Open Trust Taxonomy for OAuth2 Blockchain idea is appealing, the Blockchain is a Unforgeable Entity store in that once entered, the content can not be removed.

More Information#

There might be more information for this subject on one of the following: ...nobody