The Community for Technology Leaders
2013 Eleventh Annual Conference on Privacy, Security and Trust (PST) (2013)
Tarragona, Spain
July 10, 2013 to July 12, 2013
ISBN: 978-1-4673-5839-2
pp: 291-300
Jian Chang , Department of Computer and Information Science University of Pennsylvania, Philadelphia, PA, 19104
Peter Gebhard , Department of Computer and Information Science University of Pennsylvania, Philadelphia, PA, 19104
Andreas Haeberlen , Department of Computer and Information Science University of Pennsylvania, Philadelphia, PA, 19104
Zack Ives , Department of Computer and Information Science University of Pennsylvania, Philadelphia, PA, 19104
Insup Lee , Department of Computer and Information Science University of Pennsylvania, Philadelphia, PA, 19104
Oleg Sokolsky , Department of Computer and Information Science University of Pennsylvania, Philadelphia, PA, 19104
Krishna K. Venkatasubramanian , Department of Computer Science Worcester Polytechnic Institute Worcester, MA, 01609
ABSTRACT
Observing the success of the open source software movement, the Adaptive Vehicle Make (AVM) is a program run by the Defense Advanced Project Agency (DARPA) with the goal of applying crowd-sourced and component-based engineering to the design of military vehicles. In this paper, we present a credentialing system called TrustForge, which enables effective and flexible access control for the AVMcrowd-sourced repository. Credentialing systems are essential in crowdsourcing to ensure quality, since it is potentially open to contributions made by anyone. The open source software community has developed elaborate manual approaches of managing its contributor community, which are often very labor-intensive and inefficient. Our aim with TrustForge is to improve the automation of the credentialing and access control process in the context of component-based systems, where users contribute components at various levels of abstraction. TrustForge takes a hybrid approach that combines trust policy and reputation to address this problem. In TrustForge, a policy language is used to specify the access control rules for users in the system to contribute components. In addition, reputation values computed for users based on the quality of their past component contributions are used to tune the static policies to enable flexibility and adaptiveness. The contributions of this work are as follows: (1) the design of TrustForge — an effective and flexible access control mechanism that combines policy and reputation approaches; (2) the identification of heuristics for component quality measurement and a novel reputation computation algorithm for evaluating user trustworthiness; (3) a data model based on provenance graphs that allows efficient repository information storage and retrieve. We have implemented TrustForge system and integrate it with the VehicleForge repository system to support the operation of the AVM challenge program. The evaluation results based on realworld deployment and systematic simulation demonstrate that TrustForge can effectively discern the trustworthiness of users within the crowd-sourced system.
INDEX TERMS
CITATION
Jian Chang, Peter Gebhard, Andreas Haeberlen, Zack Ives, Insup Lee, Oleg Sokolsky, Krishna K. Venkatasubramanian, "TrustForge: Flexible access control for collaborative crowd-sourced environment", 2013 Eleventh Annual Conference on Privacy, Security and Trust (PST), vol. 00, no. , pp. 291-300, 2013, doi:10.1109/PST.2013.6596065
162 ms
(Ver 3.3 (11022016))