Archive for the ‘trust’ Category

CINCO: supporting trust decisions for inter-enterprise collaboration

Wednesday, April 30th, 2008

The CINCO (Collaborative and Interoperable Computing) research group at University of Helsinki aims to automate some of the routine tasks in inter-enterprise collaboration management. The vision is that one day, enterprises can trust an automatic system to 1) figure out which service provider to use for a task, e.g. a logistics service to deliver a set of goods, 2) ensure that the collaborating services are interoperable, and 3) gather and share experience on how the collaboration went. And all this should be achievable without first spending a few years to get to know (and integrate your systems with) every single service provider whose offers you might wish to choose between.

Experience sharing for this kind of a system has special needs. A major difference to e.g. eBay and the various recommender systems for consumers is that the information should be possible to both understand and evaluate for credibility automatically. While the average concerned web user can google around for hoaxes, or browse through the profiles and activities of the users behind eBay ratings until convinced, our automatic decision-maker has to have an explicit model of “suspicious” or “sensible” for reputation information in order to determine the credibility of the information available. When a decision to commit real-world resources is made automatically, we’ll need to be able to measure the certainty behind the reasoning.

A few of the interesting research questions we’re working with are how to represent the different factors of trust for these decisions and to combine them into a decision, how to model the shared experiences or reputation, how to evaluate the credibility of information and its sources, and how to make different reputation systems interoperate. See the group’s selected reading for more information and three surveys.

Trust and Security in Virtual Communities

Tuesday, April 8th, 2008

What: Second Workshop: Usability and Interoperability in AuthN/AuthZ

Where: Oxford

When: 8th & 9th May 2009

Why: To take a snapshot of work being done in this area, particularly in the UK, to identify and disseminate the most promising solutions and best practice, and to inform and develop proposals for future research. Anyone wishing to offer a talk should contact Andrew Martin.


Friday, March 28th, 2008

When browsing around the blogs I read, I came across trustlet: a wiki site dedicated to sharing scientific research on trust metrics in social networks. It includes an excellent list of conferences/workshops that deal with trust, and an incredible list of links to datasets – ranging from wikipedia, email networks, and blog networks, to the much sought advogato and epinions datasets. Much more than we have done on our own dataset page!

What a gold mine!


Friday, March 21st, 2008

I’m glad to say that the TRECK track of SAC went quite well and did not suffer from some of the things I mentioned in my previous rant. The track was organized by Dr. Jean-Marc Seigneur of the University of Geneva, and the two sessions were chaired by Dr. Virgilio Almeida of the Federal University of Minas Gerais (who I had an interesting discussion with after the track), and was broadly divided into two themes: trust and recommender systems. The trust session had an overall focus on peer-to-peer systems, here are some quick samples:

  • Francesco Santini presented the idea of multitrust, which aims at computing trust in a dynamically created group of trustees who all have different subjective trust values ["Propagating Multitrust Within Trust Networks, " Bistarelli/Santini].
  • Asmaa Adnane presented the application of trust to detecting misbehaviour in link-state routing algorithms. I always wonder how well these cool ideas will work in practice; if information is lost or delayed they will deduce that another node is untrustworthy! ["Autonomic Trust Reasoning Enables Misbehavior Detection in OLSR," Adnane/Timoteo de Sousa/Bidan/Me']
  • The Surework Framework extended the current operation of trust in p2p networks to include the idea of super-peers; nodes with very high reputation can, in fact, become reputation servers. ["Surework: A Super-peer Reputation Framework for p2p Networks," Rodriguez-Perez/Esparza/Munoz]
  • The CAT Model was introduced and explained- it is a model of open and dynamic systems that considers services as contexts.. The 15 minute time-limit was a bit constraining and I’ll have to read the full paper!  ["CAT: A Context-Aware Trust Model for Open and Dynamic Systems" Uddin/Zulkernine/Ahamed]
  • Rowan Martin-Hughes applied a game-theoretic analysis to understand why people would defect in a large-scale open system, like eBay. The analysis was based on a modified version of the Prisoner’s dilemma, which was very interesting; the only question that arises is, as Daniele mentioned, is this appropriate when users may very well behave irrationally? ["Examining the Motivations of Defection in Large-Scale Open Systems," Martin-Hughes/Renz]

The second session focused on recommender systems:

  • Karen Tso-Sutter presented her work on combining user-item tags into the collaborative filtering process. Interestingly, tags did not improve accuracy until the algorithm was already boosted by using both user- and item- based algorithms. ["Tag-Aware Recommender Systems by Fusion of Collaborative Filtering Algorithms," Tso-Sutter/Marinho/Schmidt-Thieme]
  • My work! Looking at the similarity distribution over a graph generated by a nearest-neighbour algorithm. ["The Effect of Correlation Coefficients on Communities of Recommenders," Lathia/Hailes/Capra].
  • Patricia Victor‘s paper discussed an extension to Paolo Massa’s work on trust-aware recommender systems, which concluded that the cold-start problem in recommender systems can be avoided by having users express trust values in other users, which can then be propagated. The problem is: which users should they connect to? The paper has an interesting analysis of the different kind of users in the epinions dataset. ["Whom Should I Trust? The Impact of Key Figures on Cold-Start Recommendations," Victor/Cornelis/Teredesai/De Cock].
  • The last paper veered away from collaborative filtering to look at the role of keywords and taxonomies in content-based recommender systems. The taxonomy vs. folksonomy war continues! ["Comparing Keywords and Taxonomies in the Representation of Users Profiles in a Content-Based Recommender System" Loh/Lorenzi/Simoes/Wives/Oliveira]

The full list of abstracts can be read on the trustcomp-treck web site. If any of the attendees or authors are reading this post: we welcome your thoughts and comments, and officially invite you to contribute to this blog! To write a guest-post about your research, please get in touch! (n.lathia @

Tagging on the move

Saturday, March 8th, 2008

Soon I will team up with Licia and Valentina to study how mobile users may retrieve digital content using tags. We will do so by combining folksonomy and reputation(trust) systems. I will then present our preliminary results at the session on Trust in Percom of Secrypt. For more, pls keep an eye on the comments below this post that will appear at the end of July. In the meantime, here is a fine piece of research on how to automatically tag what people see through their cyber googles ;-)

Workshop on Trust in Mobile Environments

Friday, February 15th, 2008

Following Daniele’s previous post on workshops at iTrust, another workshop is doing its own round of advertisement: the iTrust Workshop on Trust in Mobile Environments. Abstracts are due the 28th of March. Here is a short description:

Trust is a vital issue in mobile computing if applications are to support interactions which will carry data of any significance. Consider, for instance, exploring a market place: which vendors should one prefer, and why; how can a user establish the provenance of an item, etc. Various trust models have been developed in recent years to enable the construction of trust-aware applications. However, it is still not clear how robust these models are, and against what types of attacks; how accurate they are in capturing human characteristics and dynamics of trust; how suitable they are to the mobile setting. Mobility brings in orthogonal complexities to the problem of trust management: for example, the transient relationships with the environment and other users calls for an investigation of the dependency between trust and context; the lack of a clear shared control authority makes it difficult to verify identities, and to follow-up problems later; the limited network capability and ad-hoc connectivity require the investigation of novel protocols for content sharing and dissemination, and so on.

Two great workshops at iTrust

Friday, February 8th, 2008

1) Security and Trust Management (STM).

uk dissertation help

Papers by April 2nd.
The intersection of security and the real world has prompted research in trust management. This research should ideally translate into proposals of solutions to traditional security issues. But, more often than not, it’s all proposals and few solutions. That is why STM focuses on how trust management may practically solve security issues and, in so doing, how it may enable new applications (eg, reputation, recommendation, collaboration in P2P or mobile nets). The call covers a wide range of topics.

2) Combining Context with Trust, Security, and Privacy (CAT). Paper abstracts by March 28th.
A research field might claim to have entered mainstream status only after it has been accepted by established conferences. Context-awareness and trust management have had that honour, but they have had it separately. We know by now how to design context-aware systems and trust management systems, but how to integrate the two is still the province of unexplored territory. That is why CAT will feature intrepid researchers who will stop us from:

  • sitting down in utter apathy towards the issue of trust being context-dependent – if (context=category of trust), as “rock music” is in “I trust you for recommending rock music”.
  • passing over exciting percom applications – if (context=space of interaction) as “my company premises” is in “my PDA is trusted for accessing confidential documents only within my company premises”.

Last year, CAT was terrific – I still remember the informing talks by Maddy, Tyrone and Linda. This year, it is likely to be even better. That is because CAT is like Math – one does context plus trust, and then multiplies by many researchers to equal stimulating discussion ;-)

Openings (also on trust mng & ubicomp)

Friday, January 4th, 2008

The Security group at CNR in Pisa (Italy) has 5 openings for PhDs/PostDocs on those projects:

  • Context-aware Information Sharing
  • Security and Trust for GRID systems
  • Secure Software and Services for Mobile Systems
  • Biologically-inspired autonomic Networks and services
  • Software Engineering for Service-Oriented Overlay Computers
  • Secure and Resilient Networks and Services

Here is the full call. For more, please contact Fabio Martinelli.

Redefining Information Overload

Thursday, December 27th, 2007

The other day I was sitting at Gatwick airport waiting for my flight home to Italy to spend Christmas with my family. I got my flight with Easyjet- and when I bought the ticket online I was also able to sign up to one of their new, free text-messaging services:

  • Some of the texts were very helpful: the morning of my flight I received a text with my flight details and confirmation number, information that I may usually scribble on a piece of paper or the back of my hand. Result: no paper, and clean hands (happier parents?)
  • Some of the texts could have made us of some location information: a text said (in a nice way) “go to your gate” … umm, should I reply to the computer and tell it I’m already there?
  • Other texts were interesting, but I didn’t need them: “Use this text to get 0% commission on currency exchange.” I have some Euros in my pocket. Can you send me this text again when I do need Euros? (Maybe I’ll tell you when?)
  • Other texts were just useless. “Go to shop X and get Y% discount with this text.” I won’t say what the shop is, let’s just leave it at the fact that its contents don’t quite fit my profile (specifically gender). Why do you keep interupting me from the book I was reading to give me this useless advertisement? My only current solution is to unsubscribe- but I’ll lose all the information I liked then! (more…)

Call for PhD thesis on Trust Management

Friday, December 21st, 2007

ERCIM STM WG launched an award for the best Ph.D. Thesis on Security and Trust Management (discussed in 2007) (pdf, doc)

Trust, Mobisys, and more

Wednesday, December 5th, 2007

I’ve just finished to give a presentation. I talked about old stuff – TRULLO (pdf, post) and distributed trust propagation (pdf, post). So I recycled old slides – only the first 20 slides (below) were brand new ;-) Thanks to Neal and Elisa!


Whatsoever u say, i trust u because u r my friend

Thursday, November 29th, 2007

Say that in the near future you will be able to post a question on social network sites. You will get many different answers (whose quality may vary). It would be nice if you could get a list of answers ranked by quality.

Problem: how to rank answers? That’s a cool problem that is disappointingly hard to solve.

Some would argue for using social networks – people close to you should be trusted and they can surely answer any type of question. For me, that’s hard to believe. That is probably because my friends have diverging interests (a few know about technology or finance, a handful of them knows about literature, and many about architecture and design – I have a weakness for creative people). And they also think differently – I’m fortunate enough to have few friends who are left-brainers, while most of them go for the “right” side. If many people would go along with my personal experience, then we could deem those solutions oversimplified at best.

So how to go about the initial problem? For a start, I would acknowlege that:
a) “X befriends Y” and “X trusts Y” are two totally different concepts. I’m overemphasizing by saying “totally”: after all, there may be a correlation between the two concepts; but it is difficult to buy into the causation arrow “I befriend you” -> “I trust you”. Therefore, that distinction may be important (if not crucial), and we usually underemphasize it “for simplicity’s sake”.
b) “X trusts Y” has little meaning. Since trust is context dependent (1, 2, 3), one needs to specify for what X trusts Y. X may trust Y for academic tips but not for real-world issues ;-). So a better way could be “X trusts Y for doing Z”, and that Z would be crucial.

Given these two points, I really like this recent paper. The authors separate social networks and webs of trust (which they call vote-on networks), and they are planning to build around context-specific webs of trust. Great work!

Measurement and Analysis of Online Social Networks

Wednesday, November 14th, 2007

At IMC, it has been presented the first study to examine multiple online social networks at scale. The paper analyzes “data gathered from four popular online social networks: Flickr, YouTube, LiveJournal, and Orkut”.


  • “the indegree of user nodes tends to match the outdegree;
  • the networks contain a densely connected core of high-degree nodes;
  • this core links small groups of strongly clustered, low-degree nodes at the fringes of the network”.

Implications on info dissemination and search

  • “The existence of a small, well-connected core implies that information seeded via a core node will rapidly spread through the entire network.”
  • “Similarly, searches that proceed along social network links will quickly reach the core. This suggests that simple unstructured search algorithms could be designed if the core users were to store some state about other users.”

Implications on trust
“In a social network, the underlying user graph can potentially be used as a means to infer some level of trust in an unknown user, to check the validity of a public key certificate, and to classify potential spam”.

  • “The tight core coupled with link reciprocity implies that users in the core appear on a large number of short paths. Thus, if malicious users are able to penetrate the core, they can skew many trust paths (or appear highly trustworthy to a large fraction of the network).”
  • “However, these two properties also lead to small path lengths and many disjoint paths, so the trust inference algorithms should be adjusted to account for this observation. In particular, given our data, an unknown user should be highly trusted only if multiple short disjoint paths to the user can be discovered.”
  • “The correlation in link degrees implies that users in the fringe will not be highly trusted unless they form direct links to other users. The “social” aspect of these networks is selfreinforcing: in order to be trusted, one must make many “friends”, and create many links that will slowly pull the user into the core.”

Lightweight Distributed Trust Propagation

Wednesday, October 31st, 2007

I just finished to present our work at ICDM. Here are the slides (also in ppt).