Nothing Special   »   [go: up one dir, main page]
Skip to main content
SpringerLink
Log in

Testing trust properties using a formal distributed network monitoring approach

  • Published:
annals of telecommunications - annales des télécommunications Aims and scope Submit manuscript

Abstract

Collaborative systems are growing in use and in popularity. The need to boost the methods concerned by the interoperability is growing as well; making thus trustworthy interactions of the different systems a priority. The systems need to interact with users and with other applications in trusting each other. The decision regarding with who and how to interact with other users or applications depends on each application or system. In this paper, we focus on “soft trust”, that is trust management systems based on observations of the trustee behaviors to evaluate the trustee experience. Furthermore, we propose a formal distributed network monitoring approach to analyze the packets that the trustor and trustee exchange in order to prove the trustee is acting in a trustworthy manner. Based on formal “trust properties” defining the analyzed systems, the monitored systems behaviors on which these properties are checked provide, through testing verdicts, an evaluation of the trustor/trustee. Finally, our methodology is applied to a real industrial DNS use case scenario.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Notes

  1. http://tilidom.com/

  2. 2 https://www.isc.org/downloads/bind/

References

  1. Alexiou N, Basagiannis S, Katsaros P, Dashpande T, Smolka SA (2010) Formal analysis of the kaminsky dns cache-poisoning attack using probabilistic model checking. In: Proceedings of the 12th IEEE High Assurance Systems Engineering Symposium. HASE, San Jose, CA, USA, pp 94–103

  2. Andrés C, Merayo MG, Núñez M (2012) Formal passive testing of timed systems: Theory and tools. Software Testing. Verification Reliab 22(6):365–405

    Article  Google Scholar 

  3. Arends R, Austein R, Larson M, Massey D, Rose S (2005) Dns security introduction and requirements. RFC 4033 (Proposed Standard)

  4. Bayse E, Cavalli A, Nunez M, Zaidi F (2005) A passive testing approach based on invariants: Application to the wap. Comput Netw 48(2):247–266

    Article  MATH  Google Scholar 

  5. Blaze M, Feigenbaum J, Keromytis AD (1999) Keynote: Trust management for public-key infrastructures. In: Proceedings of the Security Protocols, 6th International Workshop. Springer, Cambridge UK, pp 59–63

  6. Blaze M, Feigenbaum J, Lacy J (1996) Decentralized trust management. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp 164–173

  7. Cavalli AR, Maag S, Montes E (2009) de Oca. A passive conformance testing approach for a manet routing protocol. In: Proceedings of the 2009 ACM Symposium on Applied Computing (SAC), USA, March 9-12, pp 207–211

  8. Che X, Lalanne F, Maag S (2012) A logic-based passive testing approach for the validation of communicating protocols. In: Proceedings of the 7th International Conference on Evaluation of Novel Approaches to Software Engineering, Wroclaw, Poland, 29-30 June, pp 53–64

  9. Chu Y-H, Feigenbaum J, Lamacchia B, Resnick P, Strauss M (1997) Referee: Trust management for web applications. O’Reilly World Wide Web J 2(3):127–139

    Google Scholar 

  10. Dagon D, Provos N, Lee CP, Lee W Corrupted dns resolution paths: The rise of a malicious resolution authority. In: Proceedings of the Network and Distributed System Security Symposium, NDSS. The Internet Society, San Diego, California USA, p 2008

  11. Deering S, Hinden R (1998) RFC 2460 Internet Protocol, Version 6 (IPv6) Specification. In: Internet Engineering Task Force

  12. van Emden MH, Kowalski RA (1976) The semantics of predicate logic as a programming language. Journal of the ACM, pages 23(4):733–742

    Article  MATH  MathSciNet  Google Scholar 

  13. Fan L, Wang Y, Cheng X, Li J (2011) Prevent dns cache poisoning using security proxy. In: Proceeding of IEEE 12th International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2011, Gwangju Korea , pp 387–393

  14. Grandison T, Sloman M (2000) A survey of trust in internet applications. IEEE Commun Sur Tutorials 3(4):2–16

    Article  Google Scholar 

  15. Grandison T, Sloman M (2003) Trust management tools for internet applications. In: Proceedings of Trust Management, Springer First International Conference, iTrust, Heraklion, Crete, Greece, pp 91–107

  16. Haidar DA, Cuppens-Boulahia N, Cuppens F, Debar H (2009) Xena: an access negotiation framework using xacml. Ann Telecommun 64(1–2):155–169

    Article  Google Scholar 

  17. Holzmann GJ (2004) The spin model checker : Primer and reference manual

  18. Irfan M-N, Oriat C, Groz R (2013) Model inference and testing. Adv Comput 89:89–139

    Article  Google Scholar 

  19. Jim T (2001) Sd3: A trust management system with certified evaluation. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Oakland, California, USA, pp 106–115

  20. Lalanne F, Maag S (2013) A formal data-centric approach for passive testing of communication protocols. IEEE/ACM Trans Networking 21(3):788–801

    Article  Google Scholar 

  21. Lee AJ, Winslett M, Perano KJ (2009) Trustbuilder2 A reconfigurable framework for trust negotiation. In: Proceedings of Trust Management III, Third IFIP WG 11.11 International Conference, IFIPTM, West Lafayette, IN, USA, pp 176–195

  22. Lee D, Miller RE (2006) Network protocol system monitoring-a formal approach with passive testing. IEEE/ACM Trans Networking 14(2):424–437

    Article  Google Scholar 

  23. Lo C-C, Huang C-C, Ku J (2010) A cooperative intrusion detection system framework for cloud computing networks. In 280-284, editor. In: Proceedings of the IEEE 39th International Conference on Parallel Processing Workshops

  24. López J, Che X, Maag S (2014) An online passive testing approach for communication protocols. In: 9th International Conference on Evaluation of Novel Approaches to Software Enginering, ENASE, Lisbon, Portugal

  25. Marsh SP (1994) Formalising Trust as a Computational Concept. PhD thesis, University of Stirling, Stirling. Scotland, UK

    Google Scholar 

  26. McCanne S, Jacobson V (1993) The bsd packet filter: a new architecture for user-level packet capture. In: Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference, San Diego, California

  27. Mills DL (1991) Internet time synchronization: the network time protocol. IEEE Trans Commun 39(10):1482–1493

    Article  Google Scholar 

  28. Mockapetris PV (1987) RFC 1035 Domain names—Implementation and specification

  29. Movahedi Z, Nogueira M, Pujolle G (2012) An autonomic knowledge monitoring scheme for trust management on mobile ad hoc networks. In: IEEE Wireless Communications and Networking Conference, WCNC 2012, Paris, France, pp 1898–1903

  30. Ray I, Chakraborty S (2004) A vector model of trust for developing trustworthy systems. In: Computer Security - ESORICS, 9th European Symposium on Research Computer Security. Springer, Sophia Antipolis, France, pp 260–275

  31. Roschke S, Cheng F, Meinel C (2010) A flexible and efficient alert correlation platform for distributed ids. In: Proceedings of the IEEE Fourth International Conference on Network and System Security, NSS, Melbourne, Victoria, Australia, pp 24–31

  32. Toumi K, Andrés C, Cavalli AR (2012) Trust-orbac A trust access control model in multi-organization environments. In: Proceedings of Information Systems Security, 8th International Conference, ICISS, Guwahati, India, pp 89–103

  33. Zargar ST, Takabi H, Joshi JBD (2011) Dcdidp: a distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments. In 332-341, editor. In: Proceedings of IEEE 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing, CollaborateCom, Orlando, FL, USA

Download references

Acknowledgements

We would like to acknowledge the company Tilidom for having kindly provided their expertise and access to their DNS servers. We also thank the reviewers for their valuable comments; those comments significantly enhanced the quality of our paper.

Author information

Authors and Affiliations

  1. School of Software Engineering, Beijing Jiaotong University, Beijing, 100044, People’s Republic of China

    Xiaoping Che

  2. Telecom SudParis, CNRS UMR 5157, 9, rue Charles Fourier, 91011, Evry Cedex, France

    Xiaoping Che, Jorge Lopez & Stephane Maag

  3. Universidad Galileo, RLICT, 7a. Av. Final, Calle Dr. Eduardo Suger Cofino Zona 10, Guatemala, Guatemala

    Gerardo Morales

Authors
  1. Xiaoping Che
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jorge Lopez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stephane Maag
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gerardo Morales
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiaoping Che.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Che, X., Lopez, J., Maag, S. et al. Testing trust properties using a formal distributed network monitoring approach. Ann. Telecommun. 70, 95–105 (2015). https://doi.org/10.1007/s12243-014-0454-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-014-0454-3

Keywords

Search

Navigation