Summary of IFIPTM'08 conference sessions

The IFIP trust management conference, this year joined for the second time with the Privacy, Security and Trust (PST) conference, was held in June 18th – 20th in Trondheim, Norway. The conference has also been previously known as iTrust. Next year, PST and IFIPTM split again, as PST returns to its roots as a local event in Canada; next year, IFIPTM is organized in the US, and in Japan after that. We’ve summarized IFIPTM workshops on Monday and Tuesday in earlier posts, and now give a quick run-through of what this year’s conference program held.

Wednesday started with Peter Landrock’s keynote on how to deal with and capture trust in the security sense. In the first session on trust evaluation and management, we learned of TuLiP (Czenko, Doumen, Etalle), a policy language for security credential trust management, saw a combination of logic and probability theory to evaluate trust under uncertainty (Kohlas, Jonczy, Haenni), and got acquainted with Subjective STAIRS (Refsdal, Solhaug, Stølen), an UML-based method to model the effects of (decision-making) policy.

The second session on trust and reputation models, started with a functional model of trust based on intensional logic (Wan, Alagar; slight schedule reshuffle there). The second presentation provided a simulation-based robustness analysis of CertainTrust (Ries, Heinemann), a trust model for e.g. file exchange in opportunistic networks. The third presentation described and evaluated different strategies of sharing recommendations which are not directly interoperable, providing some insight on how to translate recommendations (Dondio, Longo, Barrett).

The third session on recommendation and reputation began with a model which combines trust with user similarity (Pitsilis, Marshall) to provide better recommendations. Neal presented a trust-based collaborative filtering (Lathia, Hailes, Capra) approach with inspiration from trust and risk management. The third presentation introduced SOFIA (Dell’Amico, Capra), a social filtering system with extra robustness against Sybil attacks.

Thursday began with Stephan Engberg’s successfully provocative, privacy-focused keynote on what we are forced to “trust” and what we should actually be trusting. I’m still fighting an urge to dive into an immediate sidetrack about personal identification – thanks a bunch, Stephan.

The fourth session returned to trust and reputation models. The first paper applied fuzzy logic membership functions to subjective logic in order to support continuous ratings in Bayesian reputation systems (Jøsang, Luo, Chen). The second paper presented a recommender clique, or knot-aware reputation model (Gal-Oz, Gudes, Hendler), which pleasantly reminded me of REGRET. The third presentation dove into consumer behaviour and attribute preferences to build the North Laine Shopping Guide (Robinson, Wakeman, Chalmers, Basu). Fourth, we enjoyed a game-theoretical simulation approach of an iterated prisoner’s dilemma with experience-gathering, to study cooperation in growing communities (Martin-Hughes).

The fifth session on privacy and applications started with a model for reasoning about the privacy impact of composite pervasive services (Cardoso, Issarny) based on fuzzy cognitive maps: there’s a difference between providing information to a single large service and dividing it between a set of partial services. The second paper was an interesting look into how to obfuscate your location (Damiani, Bertino, Silvestri) from a service provider who needs the information to provide you a high-quality service. It turns out there is a lot that can be done there too. The third presentation proposed a folksonomy-based collaborative database (Buchmann, Böhm, Raabe) to keep track of organizations, locations (e.g. cameras) etc. that invade data privacy.

The day ended in a panel session about software as a service. The challenges seemed to outweigh the opportunities. However, the loss of control over data, security and availability does not seem to discourage companies from longing after software that someone else upkeeps.

Friday’s sixth session was on cryptography. In the first paper, applied pi calculus was put to use in automatically verifying privacy properties (Delaune, Ryan, Smyth). The second presentation provided an interesting certification approach to place and time authentication for cultural assets (Mostarda, Dong, Dulay). The third paper focused on efficiently ensuring authenticity of binaries in Windows (Halim, Ramnath, Sufatrio, Wu, Yap).

The seventh session began with a refreshing extension to existing Web Services standards in order to support credential-based trust negotiation (Lee, Winslett). The second presentation continued on the policy track, on assigning responsibility for failed obligations (Irwin, Yu, Winsborough) which in turn can lead to other obligations failing due to interdependencies. The third paper presented a multilevel identity management scheme to ensure privacy while upkeeping accountability (Anwar, Greer) in the context of E-Learning.

The demo session presented two systems besides the earlier-mentioned Rummble (Cox). The second was a policy expression and enforcement system for selectively “sandboxing” mobile .NET software (Dragoni, Massacci, Naliuka), e.g. to not be able to use expensive services like phone calls for more than a certain amount per session. The third presented STORE, a stochastic reputation service for virtual organizations (Haller). The basic idea is to use global monitoring and storage to provide actually measurable quality of service information. And then spice it up with some fuzzy feelings of fulfilment.

Are we out of breath yet?

My three thoroughly CINCO-biased and hopefully recommendations from the conference would be: 1) Refsdal et al’s Subjective STAIRS, since this sort of modelling takes us a step closer to having the information available for automated decision-making as well. 2) Dondio et al’s recommendation translation work, because we need to be putting thought into recommendation interoperability to not forever keep producing incompatible islets of information (i.e. the Not Invented Here approach). And 3) Haller’s STORE, because while I don’t believe in global trusted monitors, I expect businesses won’t uncritically embrace the idea of random other organizations expressing what they think of them on a highly subjective scale – rather, at least some measures ought to be relatively objectively measurable. So, now we just need to hack our way around global monitoring. Receipts, anyone?

3 Responses to “Summary of IFIPTM'08 conference sessions”

  1. licia says:

    I picked “Subjective STAIRS” (Refsdal, Solhaug, Stølen) as one of the highlights of the conference too. I haven’t read the full paper yet, but their extension to UML seems to enable the automated analysis of the impact of various parameter choices (of the trust model) onto the deployed system, based on historical information. I think this brings trust modeling a step closer to its actual usage! [For UCL-based people: if you want to borrow the proceedings, I've got a copy in my office]

  2. Daniel Craig says:

    Hey, I was looking around for a while searching for data security services and I happened upon this site and your post regarding Summary of IFIPTM’08 conference sessions, I will definitely this to my data security services bookmarks!

  3. [...] short video here about trusted computing. Consider it an amateur introduction to what a lot of recent research has been discussing, and perhaps a useful video to spark some discussion with non-research [...]