|
 |
 |
<< Back to Project Archives Index
| Technology for Trust (T4T) |
Project Summary: People and organizations increasingly rely on pervasively networked
computer-based systems as the medium for accessing information,
conducting transactions and exchanges, and communicating
private information. Consumers, businesses, government officials
and technologists demand “trusted” systems
to ensure the safe, reliable and successful use of these
systems.
Sociologists recognize that trust in these systems depends
on more than simply the technology enabling them, but also on:
the characteristics and abilities of the actors using the systems,
the context and nature of the interaction, and the (non-technical)
assurance mechanisms that facilitate confidence in these systems
of exchange and communication.
This interdisciplinary project
will address fundamental questions about the role
of different types and sources of information for establishing
trust in exchange. Exploring different sources of trust,
as well as different types of signals of those sources,
are important for advancing our understanding of trust
as an important social mechanism facilitating interaction
and exchange.
This study of trust also has important real-world
implications for e-commerce and exchange of information
over the Internet, including if and how government policy
should regulate Internet transactions, and how technology
can be designed or implemented in ways that are both secure
and usable,
Subprojects:
Principal Investigators:
 Project
Researchers
Funding: (ISTS)*
Project 1 - Understanding the Role of Trust in Internet Exchange
Project Summary: People and organizations increasingly rely on pervasively networked computer-based systems as the medium for accessing information, conducting transactions and exchanges, and communicating private information. Consumers, businesses, government officials and technologists demand "trusted" systems to ensure the safe, reliable and successful use of these systems. Sociologists recognize that trust in systems depends on more than simply the technology enabling them, but also on non-technical mechanisms, such as third-party assurance mechanisms and reputation.
This project uses experimental methods to examine how both technical and non-technical "trust" mechanisms influence user behavior in online exchange. Exploring different sources of trust, as well as how to accurately and appropriately signal information about those sources, are important for advancing our understanding of trust in facilitating secure online interaction and exchange.
Principal Investigator:
Project Researchers
Project 2 - Enhancing Trust Through Information Sharing in the Extended Enterprise (EnTISE)
Project Summary: Sharing information throughout the extended enterprise is often thought to enhance trust. Even the simplest applications, like parcel tracking information, can boost the trust between customers and suppliers. In some cases, the increased trust can have far-reaching implications. For example, information sharing in the home video rental industry provided the trust required to transform the industry through revenue-sharing contracts.
This research examines how types and forms of information shared between firms impact trust. The project studies how information accessibility (e.g., wireless data collection), form (e.g., dynamic graphics or real-time video), and presentation (e.g., graphical content or animation) create trust in business relationships. Trust in business relationships is critical for extended enterprises to function competitively. Understanding how to increase trust through shared information is equally important for the commercial and public sectors. Both civilian and military relationships depend on such trust and can directly benefit from the results of this research.
Principal Investigator:
Project Researchers
Project Web Site
Project
Publications
Project 4 - Tiny Trusted Third Parties (T3P)
Project Summary: Many security protocols hypothesize the existence of a trusted third party (TTP) to ease handling of computation and data too sensitive for the other parties involved. Subsequent discussion usually dismisses these protocols as hypothetical or impractical, since “trusted” third parties that are actually trusted by all stakeholders clearly cannot exist. However, this assumption is arguably fallacious: the last decade has seen the emergence of hardware-based devices that, to high assurance, can carry out computation unmolested; emerging research promises more. Unfortunately, perhaps as an inevitable consequence of cost-effective physical security, these devices have small memory and limited computational power.
Principal Investigator:
Project Researchers
Project
Publications
Project 5 - Usable High-Assurance Operating Systems
Project Summary: The information infrastructure depends on computing systems; however, computing systems depend on software environments for trustworthy behavior. In recent years, the field has seen a re-emergence of older software security ideas (in terms of basing software security in the OS)—with the NSA’s Security-Enhanced Linux (SELinux) considered by many to be the de facto best-of-breed solution for those wanting a highassurance but contemporary OS. Unfortunately, SELinux is essentially unusable: its monolithic and awkward policy structure makes it difficult for programmers to configure and maintain it for real-world applications—and difficult for stakeholders to trust that the resulting policy actually confines system behavior to “secure” operation only.
This project explores policy and verification tools to make it easier to use these high-assurance operating systems for secure applications in the real world.
Principal Investigators:
Project Researchers
Project
Publications
Project 6 - Communicating Trust Assertions (Greenpass)
Project Summary: The Greenpass project explores the practical problem of secure decentralized authentication and access control in wireless networks—both WLANs and MANETs. Many organizations are interested in securing connection access to their wireless (and wired) networks but the problem of accommodating guests continues to impede real deployments. This project will transform a working prototype solving this problem into ready-to-use technology that can be added to an 802.1x authenticated network.
This project also explores a deeper problem: if the trust flow expressed by an infrastructure’s clever PKI does not match the trust flow the human organization requires, then the human users will find a way to achieve their goals that breaks the infrastructure. This project’s approach marries the security of standard X.509 PKI tools with the flexibility of delegation.
Principal Investigator:
Project Researchers
|
|
|
|
