Wiley Web Commerce Security: Design and Development 978-0-470-62446-3 User Manual
Product codes
978-0-470-62446-3
38
Part I
■
Overview of Commerce
well-defined mechanisms to understand and manage the trust levels of sys-
tems and new hosts that join the infrastructure. The trust life cycle is mainly
composed of three different phases: trust establishment, trust negotiation, and
trust management
tems and new hosts that join the infrastructure. The trust life cycle is mainly
composed of three different phases: trust establishment, trust negotiation, and
trust management
:
Trust establishment:
■
■
The trust establishment phase is generally done
before any trusted group is formed, and it includes mechanisms to develop
trust functions and trust policies.
Trust negotiation:
trust functions and trust policies.
Trust negotiation:
■
■
The trust negotiation phase is activated when a new
un-trusted system joins the current distributed system or group.
Trust management:
Trust management:
■
■
Trust management is responsible for recalculating
the trust values based on the transaction information, distribution or
exchange of trust-related information, and finally updating and storing
the trust information in a centralized or in a distributed manner.
exchange of trust-related information, and finally updating and storing
the trust information in a centralized or in a distributed manner.
The main characteristics of trust governance systems are scalability, reli-
ability, and security. In other words, the trust governance systems should scale
in terms of message, storage, and computational overheads. Trust governance
solutions should be reliable in the face of failures and should also be secure
against masquerade, collusion, and Sybil
in terms of message, storage, and computational overheads. Trust governance
solutions should be reliable in the face of failures and should also be secure
against masquerade, collusion, and Sybil
12
attacks. Trust governance systems
can be divided into reputation-based and policy-based categories:
Reputation-based:
■
■
This category of systems operates based on trust metrics
that are derived from local and global reputation of an entity. Example
solutions include PeerTrust, XenoTrust, and NICE.
Policy-based:
solutions include PeerTrust, XenoTrust, and NICE.
Policy-based:
■
■
In policy-based systems, the different system entities
exchange and govern credentials to establish the trust relationships based
on predefined policies. The primary goal of policy-based systems is to
enable access control by verifying credentials and restricting access to
credentials based on policies. These systems usually have a policy-based
trust language. Examples include PeerTrust and TrustBuilder.
on predefined policies. The primary goal of policy-based systems is to
enable access control by verifying credentials and restricting access to
credentials based on policies. These systems usually have a policy-based
trust language. Examples include PeerTrust and TrustBuilder.
monitoring, logging, Tracing
MLT (Monitoring, Logging, and Tracing) is the third and one of the most crucial
components of governance. Establishing an efficient MLT is essential in cloud
computing for two reasons:
components of governance. Establishing an efficient MLT is essential in cloud
computing for two reasons:
Different consumers can be charged based on their usage (Monitoring).
■
■
Resource-related information can be logged for auditing or compliance
■
■
purposes (Logging & Tracing).
MLT operates at application, system, and infrastructure levels. The MLT
governance infrastructure should be configurable to allow the degree to which
a selected set of applications and hosts are monitored, logged, and traced.
a selected set of applications and hosts are monitored, logged, and traced.
624463c01.indd 38
3/29/11 2:26:37 AM