Checking Computational Trust: from Consistency to ...

3 downloads 0 Views 465KB Size Report
Apr 28, 2018 - Example (Enemy mine). Alice does not trust Bob; Bob does not trust Carol; does Alice trust Carol? (¬trust(A,B) ∧ ¬trust(B,C)) → trust(A,C)?.
Checking Computational Trust: from Consistency to Completeness and Accuracy Giuseppe Primiero Department of Computer Science

Online Information Quality Workshop Lorentz Center, Leiden

Primiero

28 April 2018

1 / 30

Plan

1

Computational Trust

2

An algorithmic Approach to Quality Check

3

A Logic of Trust

4

An Application to Information Transmission

Primiero

28 April 2018

2 / 30

Some problems in the formal definition of Trust

Transitivity Negation Multiplication Dimensions

Primiero

28 April 2018

3 / 30

Transitive trust

Example If Alice trusts Bob and Bob trusts Carol, then Alice trusts Carol.

Primiero

28 April 2018

4 / 30

Trust Negation

Example Alice does not trust Bob’s message φ: does she trust ¬φ? does she trust everything conssistent with not holding φ true?

Primiero

28 April 2018

5 / 30

Trust Multiplication

Example (Enemy mine) Alice does not trust Bob; Bob does not trust Carol; does Alice trust Carol? (¬trust(A, B) ∧ ¬trust(B, C )) → trust(A, C )?

Primiero

28 April 2018

6 / 30

Trust as a criterion for Information Quality Dimensions

1

Consistency

2

Completeness

3

Accuracy

4

Relevance

5

Accessibility

Primiero

28 April 2018

7 / 30

Trust as a criterion for Information Quality Dimensions

1

Consistency

2

Completeness

3

Accuracy

4

Relevance

5

Accessibility

Primiero

28 April 2018

8 / 30

Errors

1

Errors of Consistency I I I

2

Errors of Completeness I I I

3

Consistency of functional requirements Consistency of design procedure definitions Consistency of procedure selection Completeness of selected design processes Completeness of executable design routines Completeness of executed algorithmic routines

Errors of Accuracy I I I I

Accuracy Accuracy Accuracy Accuracy

Primiero

of of of of

design specification description purpose specification description selected design processes and algorithmic routines Input Data

28 April 2018

9 / 30

LoA, [Primiero, 2014]

Primiero

28 April 2018

10 / 30

SecureND, [Primiero and Raimondi, 2014]

1

Ordered agents S ∼ := {A ≤ B ≤ . . . }

2

Operational Rules: Contents closed under standard connectives

3

Access rules mode := Read(BF S ) | Write(BF S ) | Trust(BF S )

4

Untrust rules: negation introduction and elimination

Primiero

28 April 2018

11 / 30

Access Rules: Trust as Consistency Check

ΓA

ΓA ` wf read ` Read(φB )

ΓA ` Read(φB )

ΓA ; φB ` wf

ΓA ` Trust(φB )

ΓA ` Read(φB )

ΓA ` Trust(φB )

ΓA ` Write(φB )

Primiero

trust

write

28 April 2018

12 / 30

Distrust: rejecting contradictory information [Primiero, 2016]

ΓA ` Read(φB )

ΓA ; φB ` ⊥

ΓA ` ¬Trust(φB )

ΓA ` ¬Trust(φB )

ΓA ; ¬φB ` ψ A

ΓA ; ¬φB ` Write(ψ A )

Primiero

DTrust-Intro

DTrust-Elim

28 April 2018

13 / 30

Mistrust: adapting to contradictory information, [Primiero, 2016] ΓA ; ψ B ` ⊥ ∆A ` wf MTrust-Intro, ∆A = ΓA \ ΦA ` ψ B A B ∆ ; ψ ` ¬Trust(ΦA )

∆A ; ψ B ` ¬Trust(ΦA )

∆C ; ψ B ` ⊥

∆A ; ∆C ` Trust(ΦA )

∆A ; ψ B ` ¬Trust(ΦA )

∆C ; ψ B ` wf

∆A ; ∆C ` Trust(ψ B )

Primiero

MTrust-E1, for C < B

MTrust-E2, ∀C < B

28 April 2018

14 / 30

Trust as Check on Completeness of Sources and Data

ΓA ` Read(φB ) ∼



∆S ; ψ C ` wf

ΓA ; ∆S ` Trust(φB )

Primiero

trust, ∀ψ C a φB

28 April 2018

15 / 30

Trust as Check on Accuracy of Sources and Data

ΓA ` Read(φB ) S0∼

ΓA ; Σ

Primiero

`

ΣS

0∼

` wf

Trust(φB )

trust, for some S 0 ∼ ⊆ S ∼ , Σ a φB

28 April 2018

16 / 30

Information transmission: inconsistent data, [Primiero et al., 2017a]

1

in contexts with contradictory information, understanding how positive and negative trust help or hinder the data flow;

2

compute the epistemic costs of (negative) trust transitivity;

3

analyze different topologies and epistemic attitudes (scepticism, laziness).

Primiero

28 April 2018

17 / 30

Network Analysis in NetLogo total, linear, random, scale-free networks different proportions lazy/sceptic fixed sizes between 10 and 300 nodes https: //bitbucket.org/gprimiero/cn16

Primiero

28 April 2018

18 / 30

Trust distribution and average costs

Trust in total networks Trust in linear networks Trust in random networks Trust in scale-free networks 100 80 60 Runs 40 20 00 3000 Trusted Links

Primiero

500 6000

2000 1500 1000 Trust Costs

Random Linear Scale-free Total

Average Trusted Links 47.78 77.78 102.21 971.44

Average Trust Cost 940.92 434.16 415.42 385.11

0

28 April 2018

19 / 30

Distrust distribution and average costs

Distrust in total networks Distrust in linear networks Distrust in random networks Distrust in scale-free networks 100 80 60 Runs 40 20 00

0 2000 Distrust Costs

Random Linear Scale-free Total

Average Distrust Links 35.4 71.82 75.29 264.13

Average Distrust Cost 167.38 130.18 134.5 103.1

500 Distrust Links 4000 1000

Primiero

28 April 2018

20 / 30

Distrust behaviour and epistemic attitude

Distrust in SW networks parametric to sceptic proportion

100 80

% Sceptics

60 % Sceptic 40 20

400

00 200 Av. Distrust Links 400

Primiero

200 Av. Distrust Costs

10% 30% 50% 80% 100%

Av. Distrusted Links 575.45 170.11 129.98 69.2 32.25

Av. Distrust Cost 350.92 276.79 213.36 113.83 45.35

6000

28 April 2018

21 / 30

Consensus in Scale-free Networks with distrust

Runs with Consensus (sw lazy) Runs with Consensus (sw balanced) Runs with Consensus (sw sceptic)

Runs with Consensus (sw balanced trust only) Runs with Consensus (sw balanced distrust) 100

10

90 N. Runs with Consensus

N. Runs with Consensus

9 8 7 6 5 4 3 2

80 70 60 50 40 30 20 10

1 50

100

Primiero

150 N. Nodes

200

250

300

50

100

150 N. Nodes

200

250

28 April 2018

300

22 / 30

Summary of results

Costs of trust are higher than those of distrust: it is easier for trust to propagate Distrust is reduced by sceptic attitude Distrust is applied for conflict resolution in 10% of the edges in scale-free networks Distrust is a disincentive to consensus

Primiero

28 April 2018

23 / 30

Other Applications

Software Management: inconsistent dependencies, [Boender et al., 2015, Primiero and Boender, 2017]. A Coq Library, https://github.com/gprimiero/SecureNDC. Security: Attacks on VANETs, [Primiero et al., 2017b, Primiero et al., 2018]

Primiero

28 April 2018

24 / 30

Next Step: Target Disinformation with Completeness and Accuracy

simulate information diffusion with dynamic selection of data/sources (up to completeness) simulate contradictory information resolution with dynamic selection of ranked data/sources (for accuracy)

Primiero

28 April 2018

25 / 30

Conclusions

A formal model of computational trust I I I

Consistency Completeness Accuracy

Information Quality Check Applications to online information scenarios Future extension: relevance and accessibility

Primiero

28 April 2018

26 / 30

References I

Boender, J., Primiero, G., and Raimondi, F. (2015). Minimizing transitive trust threats in software management systems. In Ghorbani, A. A., Torra, V., Hisil, H., Miri, A., Koltuksuz, A., Zhang, J., Sensoy, M., Garc´ıa-Alfaro, J., and Zincir, I., editors, 13th Annual Conference on Privacy, Security and Trust, PST 2015, Izmir, Turkey, July 21-23, 2015, pages 191–198. IEEE Computer Society. Primiero, G. (2014). Algorithmic check of standards for information quality dimensions. In Floridi, L. and Illari, P., editors, The Philosophy of Information Quality, pages 107–134. Springer.

Primiero

28 April 2018

27 / 30

References II Primiero, G. (2016). A calculus for distrust and mistrust. In Habib, S. M., Vassileva, J., Mauw, S., and M¨ uhlh¨auser, M., editors, Trust Management X - 10th IFIP WG 11.11 International Conference, IFIPTM 2016, Darmstadt, Germany, July 18-22, 2016, Proceedings, volume 473 of IFIP Advances in Information and Communication Technology, pages 183–190. Springer. Primiero, G. and Boender, J. (2017). Managing software uninstall with negative trust. In Stegh¨ofer, J. and Esfandiari, B., editors, Trust Management XI 11th IFIP WG 11.11 International Conference, IFIPTM 2017, Gothenburg, Sweden, June 12-16, 2017, Proceedings, volume 505 of IFIP Advances in Information and Communication Technology, pages 79–93. Springer. Primiero

28 April 2018

28 / 30

References III Primiero, G., Martorana, A., and Tagliabue, J. (2018). Simulation of a trust and reputation based mitigation protocol for a black hole style attack on VANETs. In 2018 IEEE European Symposium on Security and Privacy Workshops, EuroS&P Workshops 2018, London, UK, April 27, 2018. Primiero, G. and Raimondi, F. (2014). A typed natural deduction calculus to reason about secure trust. In Miri, A., Hengartner, U., Huang, N., Jøsang, A., and Garc´ıa-Alfaro, J., editors, 2014 Twelfth Annual International Conference on Privacy, Security and Trust, Toronto, ON, Canada, July 23-24, 2014, pages 379–382. IEEE. Primiero, G., Raimondi, F., Bottone, M., and Tagliabue, J. (2017a). Trust and distrust in contradictory information transmission. Applied Network Science, 2:12. Primiero

28 April 2018

29 / 30

References IV

Primiero, G., Raimondi, F., Chen, T., and Nagarajan, R. (2017b). A proof-theoretic trust and reputation model for VANET. In 2017 IEEE European Symposium on Security and Privacy Workshops, EuroS&P Workshops 2017, Paris, France, April 26-28, 2017, pages 146–152. IEEE.

Primiero

28 April 2018

30 / 30