Abstract
Collaborative systems are growing in use and in popularity. The need to boost the methods concerned by the interoperability is growing as well; making thus trustworthy interactions of the different systems a priority. The systems need to interact with users and with other applications in trusting each other. The decision regarding with who and how to interact with other users or applications depends on each application or system. In this paper, we focus on “soft trust”, that is trust management systems based on observations of the trustee behaviors to evaluate the trustee experience. Furthermore, we propose a formal distributed network monitoring approach to analyze the packets that the trustor and trustee exchange in order to prove the trustee is acting in a trustworthy manner. Based on formal “trust properties” defining the analyzed systems, the monitored systems behaviors on which these properties are checked provide, through testing verdicts, an evaluation of the trustor/trustee. Finally, our methodology is applied to a real industrial DNS use case scenario.
Similar content being viewed by others
References
Alexiou N, Basagiannis S, Katsaros P, Dashpande T, Smolka SA (2010) Formal analysis of the kaminsky dns cache-poisoning attack using probabilistic model checking. In: Proceedings of the 12th IEEE High Assurance Systems Engineering Symposium. HASE, San Jose, CA, USA, pp 94–103
Andrés C, Merayo MG, Núñez M (2012) Formal passive testing of timed systems: Theory and tools. Software Testing. Verification Reliab 22(6):365–405
Arends R, Austein R, Larson M, Massey D, Rose S (2005) Dns security introduction and requirements. RFC 4033 (Proposed Standard)
Bayse E, Cavalli A, Nunez M, Zaidi F (2005) A passive testing approach based on invariants: Application to the wap. Comput Netw 48(2):247–266
Blaze M, Feigenbaum J, Keromytis AD (1999) Keynote: Trust management for public-key infrastructures. In: Proceedings of the Security Protocols, 6th International Workshop. Springer, Cambridge UK, pp 59–63
Blaze M, Feigenbaum J, Lacy J (1996) Decentralized trust management. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp 164–173
Cavalli AR, Maag S, Montes E (2009) de Oca. A passive conformance testing approach for a manet routing protocol. In: Proceedings of the 2009 ACM Symposium on Applied Computing (SAC), USA, March 9-12, pp 207–211
Che X, Lalanne F, Maag S (2012) A logic-based passive testing approach for the validation of communicating protocols. In: Proceedings of the 7th International Conference on Evaluation of Novel Approaches to Software Engineering, Wroclaw, Poland, 29-30 June, pp 53–64
Chu Y-H, Feigenbaum J, Lamacchia B, Resnick P, Strauss M (1997) Referee: Trust management for web applications. O’Reilly World Wide Web J 2(3):127–139
Dagon D, Provos N, Lee CP, Lee W Corrupted dns resolution paths: The rise of a malicious resolution authority. In: Proceedings of the Network and Distributed System Security Symposium, NDSS. The Internet Society, San Diego, California USA, p 2008
Deering S, Hinden R (1998) RFC 2460 Internet Protocol, Version 6 (IPv6) Specification. In: Internet Engineering Task Force
van Emden MH, Kowalski RA (1976) The semantics of predicate logic as a programming language. Journal of the ACM, pages 23(4):733–742
Fan L, Wang Y, Cheng X, Li J (2011) Prevent dns cache poisoning using security proxy. In: Proceeding of IEEE 12th International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2011, Gwangju Korea , pp 387–393
Grandison T, Sloman M (2000) A survey of trust in internet applications. IEEE Commun Sur Tutorials 3(4):2–16
Grandison T, Sloman M (2003) Trust management tools for internet applications. In: Proceedings of Trust Management, Springer First International Conference, iTrust, Heraklion, Crete, Greece, pp 91–107
Haidar DA, Cuppens-Boulahia N, Cuppens F, Debar H (2009) Xena: an access negotiation framework using xacml. Ann Telecommun 64(1–2):155–169
Holzmann GJ (2004) The spin model checker : Primer and reference manual
Irfan M-N, Oriat C, Groz R (2013) Model inference and testing. Adv Comput 89:89–139
Jim T (2001) Sd3: A trust management system with certified evaluation. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Oakland, California, USA, pp 106–115
Lalanne F, Maag S (2013) A formal data-centric approach for passive testing of communication protocols. IEEE/ACM Trans Networking 21(3):788–801
Lee AJ, Winslett M, Perano KJ (2009) Trustbuilder2 A reconfigurable framework for trust negotiation. In: Proceedings of Trust Management III, Third IFIP WG 11.11 International Conference, IFIPTM, West Lafayette, IN, USA, pp 176–195
Lee D, Miller RE (2006) Network protocol system monitoring-a formal approach with passive testing. IEEE/ACM Trans Networking 14(2):424–437
Lo C-C, Huang C-C, Ku J (2010) A cooperative intrusion detection system framework for cloud computing networks. In 280-284, editor. In: Proceedings of the IEEE 39th International Conference on Parallel Processing Workshops
López J, Che X, Maag S (2014) An online passive testing approach for communication protocols. In: 9th International Conference on Evaluation of Novel Approaches to Software Enginering, ENASE, Lisbon, Portugal
Marsh SP (1994) Formalising Trust as a Computational Concept. PhD thesis, University of Stirling, Stirling. Scotland, UK
McCanne S, Jacobson V (1993) The bsd packet filter: a new architecture for user-level packet capture. In: Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference, San Diego, California
Mills DL (1991) Internet time synchronization: the network time protocol. IEEE Trans Commun 39(10):1482–1493
Mockapetris PV (1987) RFC 1035 Domain names—Implementation and specification
Movahedi Z, Nogueira M, Pujolle G (2012) An autonomic knowledge monitoring scheme for trust management on mobile ad hoc networks. In: IEEE Wireless Communications and Networking Conference, WCNC 2012, Paris, France, pp 1898–1903
Ray I, Chakraborty S (2004) A vector model of trust for developing trustworthy systems. In: Computer Security - ESORICS, 9th European Symposium on Research Computer Security. Springer, Sophia Antipolis, France, pp 260–275
Roschke S, Cheng F, Meinel C (2010) A flexible and efficient alert correlation platform for distributed ids. In: Proceedings of the IEEE Fourth International Conference on Network and System Security, NSS, Melbourne, Victoria, Australia, pp 24–31
Toumi K, Andrés C, Cavalli AR (2012) Trust-orbac A trust access control model in multi-organization environments. In: Proceedings of Information Systems Security, 8th International Conference, ICISS, Guwahati, India, pp 89–103
Zargar ST, Takabi H, Joshi JBD (2011) Dcdidp: a distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments. In 332-341, editor. In: Proceedings of IEEE 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing, CollaborateCom, Orlando, FL, USA
Acknowledgements
We would like to acknowledge the company Tilidom for having kindly provided their expertise and access to their DNS servers. We also thank the reviewers for their valuable comments; those comments significantly enhanced the quality of our paper.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Che, X., Lopez, J., Maag, S. et al. Testing trust properties using a formal distributed network monitoring approach. Ann. Telecommun. 70, 95–105 (2015). https://doi.org/10.1007/s12243-014-0454-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12243-014-0454-3