Apr 28, 2018 - Example (Enemy mine). Alice does not trust Bob; Bob does not trust Carol; does Alice trust Carol? (¬trust(A,B) ⧠¬trust(B,C)) â trust(A,C)?.
Checking Computational Trust: from Consistency to Completeness and Accuracy Giuseppe Primiero Department of Computer Science
Online Information Quality Workshop Lorentz Center, Leiden
Primiero
28 April 2018
1 / 30
Plan
1
Computational Trust
2
An algorithmic Approach to Quality Check
3
A Logic of Trust
4
An Application to Information Transmission
Primiero
28 April 2018
2 / 30
Some problems in the formal definition of Trust
Transitivity Negation Multiplication Dimensions
Primiero
28 April 2018
3 / 30
Transitive trust
Example If Alice trusts Bob and Bob trusts Carol, then Alice trusts Carol.
Primiero
28 April 2018
4 / 30
Trust Negation
Example Alice does not trust Bob’s message φ: does she trust ¬φ? does she trust everything conssistent with not holding φ true?
Primiero
28 April 2018
5 / 30
Trust Multiplication
Example (Enemy mine) Alice does not trust Bob; Bob does not trust Carol; does Alice trust Carol? (¬trust(A, B) ∧ ¬trust(B, C )) → trust(A, C )?
Primiero
28 April 2018
6 / 30
Trust as a criterion for Information Quality Dimensions
1
Consistency
2
Completeness
3
Accuracy
4
Relevance
5
Accessibility
Primiero
28 April 2018
7 / 30
Trust as a criterion for Information Quality Dimensions
1
Consistency
2
Completeness
3
Accuracy
4
Relevance
5
Accessibility
Primiero
28 April 2018
8 / 30
Errors
1
Errors of Consistency I I I
2
Errors of Completeness I I I
3
Consistency of functional requirements Consistency of design procedure definitions Consistency of procedure selection Completeness of selected design processes Completeness of executable design routines Completeness of executed algorithmic routines
Errors of Accuracy I I I I
Accuracy Accuracy Accuracy Accuracy
Primiero
of of of of
design specification description purpose specification description selected design processes and algorithmic routines Input Data
28 April 2018
9 / 30
LoA, [Primiero, 2014]
Primiero
28 April 2018
10 / 30
SecureND, [Primiero and Raimondi, 2014]
1
Ordered agents S ∼ := {A ≤ B ≤ . . . }
2
Operational Rules: Contents closed under standard connectives
3
Access rules mode := Read(BF S ) | Write(BF S ) | Trust(BF S )
4
Untrust rules: negation introduction and elimination
Primiero
28 April 2018
11 / 30
Access Rules: Trust as Consistency Check
ΓA
ΓA ` wf read ` Read(φB )
ΓA ` Read(φB )
ΓA ; φB ` wf
ΓA ` Trust(φB )
ΓA ` Read(φB )
ΓA ` Trust(φB )
ΓA ` Write(φB )
Primiero
trust
write
28 April 2018
12 / 30
Distrust: rejecting contradictory information [Primiero, 2016]
ΓA ` Read(φB )
ΓA ; φB ` ⊥
ΓA ` ¬Trust(φB )
ΓA ` ¬Trust(φB )
ΓA ; ¬φB ` ψ A
ΓA ; ¬φB ` Write(ψ A )
Primiero
DTrust-Intro
DTrust-Elim
28 April 2018
13 / 30
Mistrust: adapting to contradictory information, [Primiero, 2016] ΓA ; ψ B ` ⊥ ∆A ` wf MTrust-Intro, ∆A = ΓA \ ΦA ` ψ B A B ∆ ; ψ ` ¬Trust(ΦA )
∆A ; ψ B ` ¬Trust(ΦA )
∆C ; ψ B ` ⊥
∆A ; ∆C ` Trust(ΦA )
∆A ; ψ B ` ¬Trust(ΦA )
∆C ; ψ B ` wf
∆A ; ∆C ` Trust(ψ B )
Primiero
MTrust-E1, for C < B
MTrust-E2, ∀C < B
28 April 2018
14 / 30
Trust as Check on Completeness of Sources and Data
ΓA ` Read(φB ) ∼
∼
∆S ; ψ C ` wf
ΓA ; ∆S ` Trust(φB )
Primiero
trust, ∀ψ C a φB
28 April 2018
15 / 30
Trust as Check on Accuracy of Sources and Data
ΓA ` Read(φB ) S0∼
ΓA ; Σ
Primiero
`
ΣS
0∼
` wf
Trust(φB )
trust, for some S 0 ∼ ⊆ S ∼ , Σ a φB
28 April 2018
16 / 30
Information transmission: inconsistent data, [Primiero et al., 2017a]
1
in contexts with contradictory information, understanding how positive and negative trust help or hinder the data flow;
2
compute the epistemic costs of (negative) trust transitivity;
3
analyze different topologies and epistemic attitudes (scepticism, laziness).
Primiero
28 April 2018
17 / 30
Network Analysis in NetLogo total, linear, random, scale-free networks different proportions lazy/sceptic fixed sizes between 10 and 300 nodes https: //bitbucket.org/gprimiero/cn16
Primiero
28 April 2018
18 / 30
Trust distribution and average costs
Trust in total networks Trust in linear networks Trust in random networks Trust in scale-free networks 100 80 60 Runs 40 20 00 3000 Trusted Links
Primiero
500 6000
2000 1500 1000 Trust Costs
Random Linear Scale-free Total
Average Trusted Links 47.78 77.78 102.21 971.44
Average Trust Cost 940.92 434.16 415.42 385.11
0
28 April 2018
19 / 30
Distrust distribution and average costs
Distrust in total networks Distrust in linear networks Distrust in random networks Distrust in scale-free networks 100 80 60 Runs 40 20 00
0 2000 Distrust Costs
Random Linear Scale-free Total
Average Distrust Links 35.4 71.82 75.29 264.13
Average Distrust Cost 167.38 130.18 134.5 103.1
500 Distrust Links 4000 1000
Primiero
28 April 2018
20 / 30
Distrust behaviour and epistemic attitude
Distrust in SW networks parametric to sceptic proportion
100 80
% Sceptics
60 % Sceptic 40 20
400
00 200 Av. Distrust Links 400
Primiero
200 Av. Distrust Costs
10% 30% 50% 80% 100%
Av. Distrusted Links 575.45 170.11 129.98 69.2 32.25
Av. Distrust Cost 350.92 276.79 213.36 113.83 45.35
6000
28 April 2018
21 / 30
Consensus in Scale-free Networks with distrust
Runs with Consensus (sw lazy) Runs with Consensus (sw balanced) Runs with Consensus (sw sceptic)
Runs with Consensus (sw balanced trust only) Runs with Consensus (sw balanced distrust) 100
10
90 N. Runs with Consensus
N. Runs with Consensus
9 8 7 6 5 4 3 2
80 70 60 50 40 30 20 10
1 50
100
Primiero
150 N. Nodes
200
250
300
50
100
150 N. Nodes
200
250
28 April 2018
300
22 / 30
Summary of results
Costs of trust are higher than those of distrust: it is easier for trust to propagate Distrust is reduced by sceptic attitude Distrust is applied for conflict resolution in 10% of the edges in scale-free networks Distrust is a disincentive to consensus
Primiero
28 April 2018
23 / 30
Other Applications
Software Management: inconsistent dependencies, [Boender et al., 2015, Primiero and Boender, 2017]. A Coq Library, https://github.com/gprimiero/SecureNDC. Security: Attacks on VANETs, [Primiero et al., 2017b, Primiero et al., 2018]
Primiero
28 April 2018
24 / 30
Next Step: Target Disinformation with Completeness and Accuracy
simulate information diffusion with dynamic selection of data/sources (up to completeness) simulate contradictory information resolution with dynamic selection of ranked data/sources (for accuracy)
Primiero
28 April 2018
25 / 30
Conclusions
A formal model of computational trust I I I
Consistency Completeness Accuracy
Information Quality Check Applications to online information scenarios Future extension: relevance and accessibility
Primiero
28 April 2018
26 / 30
References I
Boender, J., Primiero, G., and Raimondi, F. (2015). Minimizing transitive trust threats in software management systems. In Ghorbani, A. A., Torra, V., Hisil, H., Miri, A., Koltuksuz, A., Zhang, J., Sensoy, M., Garc´ıa-Alfaro, J., and Zincir, I., editors, 13th Annual Conference on Privacy, Security and Trust, PST 2015, Izmir, Turkey, July 21-23, 2015, pages 191–198. IEEE Computer Society. Primiero, G. (2014). Algorithmic check of standards for information quality dimensions. In Floridi, L. and Illari, P., editors, The Philosophy of Information Quality, pages 107–134. Springer.
Primiero
28 April 2018
27 / 30
References II Primiero, G. (2016). A calculus for distrust and mistrust. In Habib, S. M., Vassileva, J., Mauw, S., and M¨ uhlh¨auser, M., editors, Trust Management X - 10th IFIP WG 11.11 International Conference, IFIPTM 2016, Darmstadt, Germany, July 18-22, 2016, Proceedings, volume 473 of IFIP Advances in Information and Communication Technology, pages 183–190. Springer. Primiero, G. and Boender, J. (2017). Managing software uninstall with negative trust. In Stegh¨ofer, J. and Esfandiari, B., editors, Trust Management XI 11th IFIP WG 11.11 International Conference, IFIPTM 2017, Gothenburg, Sweden, June 12-16, 2017, Proceedings, volume 505 of IFIP Advances in Information and Communication Technology, pages 79–93. Springer. Primiero
28 April 2018
28 / 30
References III Primiero, G., Martorana, A., and Tagliabue, J. (2018). Simulation of a trust and reputation based mitigation protocol for a black hole style attack on VANETs. In 2018 IEEE European Symposium on Security and Privacy Workshops, EuroS&P Workshops 2018, London, UK, April 27, 2018. Primiero, G. and Raimondi, F. (2014). A typed natural deduction calculus to reason about secure trust. In Miri, A., Hengartner, U., Huang, N., Jøsang, A., and Garc´ıa-Alfaro, J., editors, 2014 Twelfth Annual International Conference on Privacy, Security and Trust, Toronto, ON, Canada, July 23-24, 2014, pages 379–382. IEEE. Primiero, G., Raimondi, F., Bottone, M., and Tagliabue, J. (2017a). Trust and distrust in contradictory information transmission. Applied Network Science, 2:12. Primiero
28 April 2018
29 / 30
References IV
Primiero, G., Raimondi, F., Chen, T., and Nagarajan, R. (2017b). A proof-theoretic trust and reputation model for VANET. In 2017 IEEE European Symposium on Security and Privacy Workshops, EuroS&P Workshops 2017, Paris, France, April 26-28, 2017, pages 146–152. IEEE.
Primiero
28 April 2018
30 / 30