A HYBRID TRUST MANAGEMENT SYSTEM FOR AUTOMATED FINE-GRAINED ACCESS CONTROL

An organization consists of many resources and entities who want to access those resources. Not all entities are granted full access rights to every resource, so there must be a Trust Management System (TMS) in place to enforce access rights. In this paper, we present a new Hybrid Trust Management System (HTMS) that combines Role Based Trust Management (RBTM) with Reputation Systems (RS). At any point in time, the privilege level of an entity is determined not only by its role in the system, but also by its reputation score, which in turn is based on its behavior. If a privileged node becomes compromised and conducts several malicious or risky transactions, its privilege level is quickly reduced to limit its access to resources and minimize the damage it can inflict further. The system uses a global, network-wide perspective in order to thwart global attacks. Such fine-grained variations of access control and dynamically assigning privilege levels would be very difficult to accomplish manually. We evaluated HTMS by comparing an implementation of it against an ideal response. We show that HTMS performs very close to the ideal if we can accurately estimate the proportion of malicious nodes in the network. We suggest using sampling to estimate this proportion. However, even if this estimate is not accurate, the results are still much better than using RBTM by itself