SECURITY IN

SEMANTIC WEB

THE PRESENTATION INCLUDE THE FOLLOWING :

▪ Introduction

▪ Security standards for the semantic web

▪ Categorization of models of trust

▪ Trust strategies for the Semantic Web

▪ Conclusion

SECURITY STANDARDS FOR THE SEMANTIC WEB

LAYERS FOR THE SECURE SEMANTIC WEB

Layer 1

Layer 2

Layer 3

Layer 4

Layer 5

Logic,Proof,Trust

Secure Ontologies, Secure Semantic Interoperability

RDF Security

XML Security, Secure XML Schemas

Secure TCP/IP, Secure Sockets, Secure HTML , Secure Agents

SECURITY STANDARDS FOR THE SEMANTIC WEB

XML security

RDF security

Secure information interoperability

Trust for the semantic web

CATEGORIZATION OF MODELS OF TRUST

CATEGORIZATION OF MODELS OF TRUST

▪ Centralized modelA centralized node acts as a system manager.▪ Distributed modelNodes are responsible for obtaining mutual trust based on their direct interactions.Distributed models can be divided into: ▪ Global model

▪ Local model

CENTRALIZED MODEL

▪ Manager acquires knowledge such as the ratings of reputation and the precedents of nodes

▪ The manager is responsible for collecting information from both sides involved in interactions

▪ An agent (a node) only communicates with the centralized node to collect information about other node’s reputations

▪ Each node asks the manager to receive trust rating

DISTRIBUTED MODEL

▪ In this model there is no centralized system to govern the reputation The manager is responsible for collecting information from both sides involved in interactions

▪ If node A wants to know node B’s reputation, it has to ask other nodes to evaluate B

▪ Getting trust information about trustee from network

GLOBAL MODEL

▪ This model is based on the degree of popularity of a node in the society

▪ Neighbors of the trustees know them due to their relationships in the past

▪ A node may have had interactions with its neighbors in the past and neighbors have profiles of their precedents

▪ Voting (aggregating the opinions of neighbors or users)is an example of evaluating trust ratings

▪ www.eBay.com and www.Amazon.com auctions have a special trust mechanism ▪ Both of these are implemented as a centralized rating system that manages reputation of each user

▪ But on the other hand the calculation of reputation is based on a global method which depends on the user’s rating

LOCAL MODEL

▪ In this model trust is personal and beliefs vary between two people, personalization should improve the accuracy of the results

▪ Most research reports on trust mechanisms in the semantic web discuss those algorithms that calculate trust from the personal view

▪ The main idea here is that everybody trusts his/her friend’s belief more than a stranger’s belief

▪ According to small world hypothesis, any pair of nodes in a random network will be connected by a relatively short chain of random acquaintances

TRUST STRATEGIES FOR THE SEMANTIC WEB

TRUST STRATEGIES FOR THE SEMANTIC WEB

Optimistic Systems

Pessimistic Systems

Centralised Trust Systems

Trust Investigation Systems

Transitive Trust Systems

OPTIMISTIC SYSTEMS

▪ Optimistic systems accept others unless there is reason not to trust

▪ If the benefits of cooperation are relatively large or the costs of betrayal are relatively small, risk is low, and the gains from trust massively outweigh the gains from distrust

OPTIMISTIC SYSTEMS IDEA

▪ Optimism is a very simple strategy

▪ Basically it is the idea that an agent will trust another agent even if its performance is uncertain, unless there are positive reasons for not trusting it

▪ The basic idea is that trust is the default attitude

PESSIMISTIC SYSTEMS

▪ Given a quantity of such information, agents can be ranked in terms of their reliability

▪ Such systems in effect take a high rank as evidence of reason for trust; hence in such a system many trustworthy agents may fail to be trusted

PESSIMISTIC SYSTEMS IDEA

▪ Pessimistic strategies restrict interactions with agents unless there is a reason to trust them

▪ Note that the pessimism corresponds to trust via personal acquaintance in the offline world, which is the basic model of trust

▪ Such a model of trust is not often capable of supporting and underlying very complex societies

CENTRALISED TRUST SYSTEMS

▪ It provides them with a formalism for expressing agreement/disagreement, and the argumentative stance of the source

▪ This is then used to measure a context-sensitive evaluation of the source

▪ Relying on centralised institutions to measure trust takes the burden off the interactive agents when deciding which agents to trust

▪ One observation made in with respect to eBay is that users feedback is almost always positive. The authors note that most people do not like giving negative feedback, unless revenge is a motivation

CENTRALISED TRUST SYSTEMS IDEA

▪ Centeralising trust involves laying off the costs of interacting with and investigating agents to a central institution or authority

▪ If the agent bears a certificate, then it could be trusted

▪ However, this does not obviate the need for trust, but the trust requirements are reduced

TRUST INVESTIGATION SYSTEMS

▪ On P2P network, peers make recommendations to each other about where suitable files might be found

▪ The agents perform an investigation of the others in order to determine how likely it is that their recommendations will be useful

▪ Another example of this sort of approach is provided by systems that negotiate automatically to extract trust credentials from other parties

TRUST INVESTIGATION SYSTEMS IDEA

▪ Trust is a response to uncertainty

▪ But trust imposes risks

▪ Hence, to avoid some risk, one strategy is to reduce uncertainty by investigating or evaluating other agents to determine some salient details of operation

▪ It is not passive; it actively tries to discover aspects of the environment that are relevant to reduce uncertainty

TRANSITIVE TRUST SYSTEMS

▪ They use the small world theory , which hypothesises that any pair of objects in a random network will be connected by a relatively short chain of random acquaintances

▪ Social network analysis techniques are used in to measure trust over a Friend of a Friend (FOAF) network, extended with trust relations

▪ If A trusts B, and B trusts (and maybe recommends) C, nothing follows about whether A trusts C

TRANSITIVE TRUST SYSTEMS IDEA

▪ The idea of this strategy is that an agent sends a message out about whether a potential agent is trustworthy

▪ he network of acquaintances of that agent will then either send back an opinion based on experience, or pass the message onto its acquaintances, many of which will be unknown to the first agent

COSTS ESTIMATES FOR FIVE TRUST STRATEGIES

Conclusion

References :

▪ Kieron O’Hara, Harith Alani, Yannis Kalfoglou, and Nigel Shadbolt . 2010. Trust Strategies for the Semantic Web

▪ Saeedeh Shekarpour , S.D. Katebi . 2010. Modeling and evaluation of trust with an extension in semantic web

▪ Bhavani Thuraisingham, 2005. Security standards for the semantic web

▪ D. Artz, Y. Gil, 2007.A survey of trust in computer science and the Semantic Web

▪ J. Golbeck, B. Parsia, J. Hendler. 2003. Trust Networks on the Semantic Web

THANK YOU FOR LISTENING