Find us on
 |
 |
 |
 |
 |
Past Programs
 |
Keynote: Securing IT in Healthcare: Part III |
 |
Keynote: SITH3, Technology-Enabled Remote Monitoring and Support |
 |
Intersection of mHealth and Behavioral Health |
Newsletter
ISTS Information Pamphlet
People and organizations increasingly rely on pervasively networked computer-based systems as the medium for accessing information, conducting transactions and exchanges, and communicating private information. Consumers, businesses, government officials and technologists demand “trusted” systems to ensure the safe, reliable and successful use of these systems.
Sociologists recognize that trust in these systems depends on more than simply the technology enabling them, but also on: the characteristics and abilities of the actors using the systems, the context and nature of the interaction, and the (non-technical) assurance mechanisms that facilitate confidence in these systems of exchange and communication.
This interdisciplinary project will address fundamental questions about the role of different types and sources of information for establishing trust in exchange. Exploring different sources of trust, as well as different types of signals of those sources, are important for advancing our understanding of trust as an important social mechanism facilitating interaction and exchange.
This study of trust also has important real-world implications for e-commerce and exchange of information over the Internet, including if and how government policy should regulate Internet transactions, and how technology can be designed or implemented in ways that are both secure and usable.
People and organizations increasingly rely on pervasively networked computer-based systems as the medium for accessing information, conducting transactions and exchanges, and communicating private information. Consumers, businesses, government officials and technologists demand "trusted" systems to ensure the safe, reliable and successful use of these systems. Sociologists recognize that trust in systems depends on more than simply the technology enabling them, but also on non-technical mechanisms, such as third-party assurance mechanisms and reputation.
This project uses experimental methods to examine how both technical and non-technical "trust" mechanisms influence user behavior in online exchange. Exploring different sources of trust, as well as how to accurately and appropriately signal information about those sources, are important for advancing our understanding of trust in facilitating secure online interaction and exchange.
Sharing information throughout the extended enterprise is often thought to enhance trust. Even the simplest applications, like parcel tracking information, can boost the trust between customers and suppliers. In some cases, the increased trust can have far-reaching implications. For example, information sharing in the home video rental industry provided the trust required to transform the industry through revenue-sharing contracts.
This research examines how types and forms of information shared between firms impact trust. The project studies how information accessibility (e.g., wireless data collection), form (e.g., dynamic graphics or real-time video), and presentation (e.g., graphical content or animation) create trust in business relationships. Trust in business relationships is critical for extended enterprises to function competitively. Understanding how to increase trust through shared information is equally important for the commercial and public sectors. Both civilian and military relationships depend on such trust and can directly benefit from the results of this research.
In typical ad-hoc networks, nodes range from laptops to small units such as sensors. The mobility and changing availability of nodes fundamentally alter the requirements for trust establishment in these environments. Automated trust negotiation (ATN) is a method that lets two strangers safely conduct interactions in order to create a level of mutual trust. In this method, credentials signed by certificate authorities are exchanged through an iterative disclosure process that allows each credential to have a disclosure policy. Previous two-party trust negotiation schemes haven't given satisfactory solutions for some practical situations, such as cyclic interdependencies in credential disclosure policies and the inefficiency of applying a one-to-one approach with multiple parties. In mobile ad-hoc networks, trust relationships (such as those defining ad-hoc groups) may also need to be updated dynamically in the face of connectivity limitations introduced by mobile or intermittently active nodes.
This project addresses these limitations and extends two party trust negotiation to include third parties using two different schemes. In addition to being analyzed and tested, these schemes have been used to study three different application areas: (1) streaming content distribution, (2) content search, and (3) mobile computing. In each application, there is a potential for widespread practical applications on the Internet. All three applications have been analyzed and integrated under a uniform trust management platform. This work is particularly important in peer-to-peer (P2P) environments, where collaborations take place among parties who do not know each other, and in sensor networks.
We have now completed the core features planned for our prototype and have extended the original project goals to add a recommendation module and an encryption module, and have tested our tool in a file sharing application in a P2P network setting. We will continue developing additional applications, starting with coordination and control of robotic systems, and will also be refining our prototype for distribution.
We have begun a collaboration with the Automation and Robotics Research Institute (ARRI), a research center located at the University of Texas at Arlington, to extend the ideas developed under this project by developing a derivative data exchange, coordination, and control system for robotic and sensor applications.
Many security protocols hypothesize the existence of a trusted third party (TTP) to ease handling of computation and data too sensitive for the other parties involved. Subsequent discussion usually dismisses these protocols as hypothetical or impractical, since “trusted” third parties that are actually trusted by all stakeholders clearly cannot exist. However, this assumption is arguably fallacious: the last decade has seen the emergence of hardware-based devices that, to high assurance, can carry out computation unmolested; emerging research promises more. Unfortunately, perhaps as an inevitable consequence of cost-effective physical security, these devices have small memory and limited computational power.
The information infrastructure depends on computing systems; however, computing systems depend on software environments for trustworthy behavior. In recent years, the field has seen a re-emergence of older software security ideas (in terms of basing software security in the OS)—with the NSA’s Security-Enhanced Linux (SELinux) considered by many to be the de facto best-of-breed solution for those wanting a high assurance but contemporary OS. Unfortunately, SELinux is essentially unusable: its monolithic and awkward policy structure makes it difficult for programmers to configure and maintain it for real-world applications—and difficult for stakeholders to trust that the resulting policy actually confines system behavior to “secure” operation only.
This project explores policy and verification tools to make it easier to use these high-assurance operating systems for secure applications in the real world.
The Greenpass project explores the practical problem of secure decentralized authentication and access control in wireless networks—both WLANs and MANETs. Many organizations are interested in securing connection access to their wireless (and wired) networks but the problem of accommodating guests continues to impede real deployments. This project will transform a working prototype solving this problem into ready-to-use technology that can be added to an 802.1x authenticated network.
This project also explores a deeper problem: if the trust flow expressed by an infrastructure’s clever PKI does not match the trust flow the human organization requires, then the human users will find a way to achieve their goals that breaks the infrastructure. This project’s approach marries the security of standard X.509 PKI tools with the flexibility of delegation.
