Accepted Papers and Sessions

See the full program here.

Novel Sources of Trust and Trust Information (Session Chair: Omar Hassan)

Trust Metrics (Session Chair: Lothar Fritsch)

Information Sharing and Personal Data (Session Chair: Jaap Boender)

Reputation Systems (Session Chair: Steve Marsh)

Applications of Trust (Session Chair: Nurit Gal-Oz)

Novel Sources of Trust and Trust Information
Session Chair: Omar Hassan

Diego de Siqueira Braga, Marco Niemann, Bernd Hellingrath and Fernando B. de Lima Neto. The Game of Trust: Using Behavioural Experiment as a Tool to Assess and Collect Trust-Related Data
Abstract: Trust is one of the most important dimensions in developing and maintaining business relationships. However, due to the difficult to collect trust-related data from industry, given its concerns surrounding privacy and trade secret protection, it still very problematic to investigate it. Motivated by the growing interest in behavioral research in the field of operations and supply chain management, and by the lack of supply chain trust-related datasets, the authors of this paper proposed and designed a novel trust behavioral experiment. Utilizing concepts of gamification and serious games, the experiment is capable of gathering information regarding individuals’ behavior during procurement, information exchange, and ordering decisions considering trust relations in the context of supply chains.

 

Davide Ceolin and Simone Potenza. Social Network Analysis for Trust Prediction
Abstract: From car rental to knowledge sharing, the connection between online and offline services is increasingly tightening. As a consequence, trust management online becomes crucial for the success of services run in the physical world. In this short paper, we outline a framework for identifying social web users more inclined to trust by looking at their profiles. Then, we focus on the use of a specific class of profile-related information, that is, user centrality measures as a proxy of trust, and we evaluate this framework on data from Konnektid, a knowledge-sharing social Web platform. Trust is measured by means of five different metrics that we propose. Performance achieved an accuracy ranging between 43% and 99%.

 

Yudhistira Nugraha and Andrew Martin. Investigating Security Capabilities in Service Level Agreements as Trust-Enhancing Instruments
Abstract: In this paper, an empirical study within the government procurement auctions, using Indonesia as a case study, has reported that the government agencies (GAs) are increasingly reliant on external information system services, such as computing, communications, and storage services. However, there is a concern that the existing service level agreements (SLAs) are mainly focused on availability and performance, and few terms are related to security, such as response time and resolution time. Other security requirements (e.g. confidentiality and integrity) have also been neglected in SLAs. Knowing these factors, it is necessary to specify security requirements and capabilities with the correct level of security precautions when procuring information system services that are provided by external service providers (SPs). We investigate this insight by conducting a series of data collections, using content analysis of 308 document tenders related to information system services from 59 e-procurement services, particularly for 80 Indonesian GAs. We then conducted a Delphi study with 15 participants from five selected SPs in Indonesia that provide such services to the GAs, with group discussions and individual sessions. We observed that most of the GAs placed significant importance on service availability. Other security requirements, such as data confidentiality, are not demanded by the GAs, as well as not explicitly expressed in SLAs by the SPs. We also observed that most SPs find difficulties in addressing the confidentiality requirements, such as data encryption and data protection, in an SLA. Further work is recommended to establish appropriate levels of trust between the GAs and SPs when dealing with service capabilities regarding security.

Trust Metrics
Session Chair: Lothar Fritsch

Ken Mano, Hideki Sakurada and Yasuyuki Tsukada. Trust Trust Me (The Additivity)
Abstract: We present a mathematical formulation of trust metric using a quality and quantity pair. Under a certain assumption, we regard trust as an additive value and define the soundness of trust computation as not to exceed the total sum. Moreover, we point out the importance of not only soundness of each computed trust but also the stability of the trust computation procedure against the change in trust value assignment. In this setting, we define trust composition operators. We also propose a trust computation protocol and prove its soundness and stability using the operators.

 

Weizhi Meng and Man Ho Au. Towards Statistical Trust Computation for Medical Smartphone Networks Based on Behavioral Profiling
Abstract: The medical industry is evolving rapidly, where many new types of devices have been developed for healthcare use and they are increasingly interconnected. Due to the popularity of mobile devices, medical smartphone networks (MSNs) have been evolved, which become an emerging network architecture for healthcare organizations to improve the quality of service. There is no debate among security experts that the security of Internet-enabled medical devices is woefully inadequate. Although MSNs are mostly internally used, they still can leak sensitive information under insider attacks. Thus, there is a need for evaluating a node’s trust in MSNs based on the network characteristics. In this paper, we focus on MSNs and propose a statistical trust-based intrusion detection mechanism to detect malicious nodes in terms of behavioral profiling (e.g., camera usage, visited websties, etc). Experimental results indicate that our proposed mechanism is feasible and promising in detecting malicious nodes under medical environments.
Hussien Othman, Ehud Gudes and Nurit Gal-Oz. Advanced Flow Models for Computing the Reputation of Internet Domains
Abstract: The Domain Name System (DNS) is an essential component of the Internet infrastructure that translates domain names into IP addresses. Recent incidents verify the enormous damage of malicious activities utilizing DNS such as bots that use DNS to locate their command & control servers. We believe that a domain that is related to malicious domains is more likely to be malicious as well and therefore detecting malicious domains using the DNS network topology is a key challenge.
In this work we improve the flow model presented by Mishsky et al. [11] for computing domain reputation. This flow model is applied on a graph of domains and IPs that propagate a reputation score from one node to another through the edges that connect them.We suggest several flow models which are based on clustering. These clustering alternatives are designed to find stronger relations between domains and IPs. Based on these relations we propagate the scores using flow algorithms. We evaluate the algorithms using a large database received from a commercial company. The experimental evaluation of our new models have shown an improvement over previous work on flow models [11] in detecting malicious domains.

Information Sharing and Personal Data
Session Chair: Jaap Boender

Lothar Fritsch. Partial commitment – “Try before you buy” and “Buyer’s remorse” for personal data in Big Data & Machine learning
Abstract: The concept of partial commitment is discussed in the context of personal privacy management in data science. Uncommitted, promiscuous or partially committed user’s data may either have a negative impact on model or data quality, or it may impose higher privacy compliance cost on data service providers. Many Big Data (BD) and Machine Learning (ML) scenarios involve the collection and processing of large volumes of person-related data. Data is gathered about many individuals as well as about many parameters in individuals. ML and BD both spend considerable resources on model building, learning, and data handling. It is therefore important to any BD/ML system that the input data trained and processed is of high quality, represents the use case, and is legally processes in the system. Additional cost is imposed by data protection regulation with transparency, revocation and correction rights for data subjects. Data subjects may, for several reasons, only partially accept a privacy policy, and chose to opt out, request data deletion or revoke their consent for data processing. This article discusses the concept of partial commitment and its possible applications from both the data subject and the data controller perspective in Big Data and Machine Learning.

 

Anirban Basu, Mohammad Rahman, Rui Xu, Kazuhide Fukushima and Shinsaku Kiyomoto. VIGraph — a framework for verifiable information
Abstract: In order to avail of some service, a user may need to share with a
service provider her personal chronological information, e.g., identity, financial record, health information and so on. In the context of financial organisations, a process often referred to as the know your customer (KYC) is carried out by financial organisations to collect information about their customers. Sharing this information with multiple service providers duplicates the data making it difficult to keep it up-to-date as well as verify. Furthermore, the user has limited to no control over the, mostly sensitive, data that is released to such organisations. In this preliminary work, we propose an efficient framework — Verifiable Information Graph or VIGraph — based on generalised hash trees, which can be used for verification of data with selective release of sensitive information. Throughout the paper, we use personal profile information as the running example to which our proposed framework is applied.

 

Shuo Chen, Rongxing Lu and Jie Zhang. A Flexible Privacy-preserving Framework for Singular Value Decomposition under Internet of Things Environment
Abstract: The singular value decomposition (SVD) is a widely used matrix factorization tool which underlies many useful applications, e.g. recommendation system, abnormal detection and data compression. Under the environment of emerging Internet of Things (IoT), there would be an increasing demand for data analysis. Moreover, due to the large scope of IoT, most of the data analysis work should be handled by fog computing. However, the fog computing devices may not be trustable while the data privacy is the significant concern of the users. Thus, the data privacy should be preserved when performing SVD for data analysis. In this paper, we propose a privacy-preserving fog computing framework for SVD computation. The security and performance analysis shows the practicability of the proposed framework. Two applications are introduced to show how the framework could flexibly achieve the purposes of different applications, which indicates the flexibility of the design.

Reputation Systems
Session Chair: Steve Marsh

Christian Richthammer, Michael Weber and Günther Pernul. Reputation-Enhanced Recommender Systems
Abstract: Recommender systems are pivotal components of modern Internet platforms and constitute a well-established research field. By now, research has resulted in highly sophisticated recommender algorithms whose further optimization often yields only marginal improvements. This paper goes beyond the commonly dominating focus on optimizing algorithms and instead follows the idea of enhancing recommender systems with reputation data. Since the concept of reputation-enhanced recommender systems has attracted considerable attention in recent years, the main aim of the paper is to provide a comprehensive survey of the approaches proposed so far. To this end, existing work are identified by means of a systematic literature review and classified according to carefully considered dimensions. In addition, the resulting structured analysis of the state of the art serves as a basis for the deduction of future research directions.

 

Remi Bazin, Alexander Schaub, Omar Hasan and Lionel Brunie. Self-reported verifiable reputation with rater privacy
Abstract: Reputation systems are a major feature of every modern e-commerce website, helping buyers carefully choose their service providers and products. However, most websites use centralized reputation systems, where the security of the system rests entirely upon a single Trusted Third Party. Moreover, they often disclose the identities of the raters, which may discourage honest users from posting frank reviews due to the fear of retaliation from the ratees. We present a reputation system that is decentralized yet secure and efficient, and could therefore be applied in a practical context. In fact, users are able to retrieve the reputation score of a service provider directly from it in constant time, with assurance regarding the correctness of the information obtained. Additionally, the reputation system is anonymity-preserving, which ensures that users can submit feedback without their identities being associated to it. Despite this anonymity, the system still offers robustness against attacks such as ballot-stuffing and Sybil attacks.

Applications of Trust
Session Chair: Nurit Gal-Oz

Giuseppe Primiero and Jaap Boender. Managing software uninstall with negative trust
Abstract: A problematic aspect of software management systems in view of integrity preservation is the handling, approval, tracking and eventual execution of change requests. In the context of the relation between clients and repositories, trust can help identifying all packages required by the intended installation. Negative trust, in turn, can be used to approach the complementary problem induced by removing packages. In this paper we offer a logic for negative trust which allows to identify admissible and no-longer admissible software packages in the current installation profile in view of uninstall processes. We provide a simple working example and the system is formally verified using the Coq theorem prover.

 

Emmanouil Vasilomanolakis, Sheikh Mahbub Habib, Rabee Sohail Malik, Pavlos Milaszewicz and Max Mühlhäuser. Towards Trust-aware Collaborative Intrusion Detection: challenges and solutions
Abstract: Collaborative Intrusion Detection Systems (CIDSs) are an emerging field in cyber-security. In such an approach, multiple monitors collaborate by exchanging alert data with the goal of generating a complete picture of the monitored network. This can provide significant improvements in intrusion detection and especially in the identification of sophisticated attacks. However, the challenge of deciding in which extend a monitor can trust others, has not yet been holistically addressed in related work. In this paper, we firstly propose requirements for reliable trust management in CIDSs. Afterwards, we carefully investigate the most dominant CIDS trust schemes. The main contribution of the paper is mapping the results of the analysis to the aforementioned requirements, along with a comparison of the state of the art. Furthermore, this paper identifies and discusses the research gaps and challenges with regard to trust and CIDSs.

 

Natasha Dwyer and Stephen Marsh. Self-trust, Self-Efficacy and Digital Learning
Abstract: Self-trust is overlooked in trust research. However, self-trust is crucial to a learner’s success in a digital learning space. In this paper, we review self-trust and the notion of self-efficacy used by the education researchers. We claim self-efficacy is self-trust. We then explore what self-trust and its expression means to one group of learners and use this data to provide design suggestions.