DistOS-2011W Reputation

From Soma-notes

Members

  • Waheed Ahmed
  • Trevor Gelowsky
  • Michael Du Plessis
  • Nicolas Lessard

The problem

Emerge vs. Impose reputation on the system

What currently exists?

  • Digital signatures
    • Certificates signed by trusted organizations

Public-key infrastructure

Introduction

In order to build secure chain of trust Public-Key Infrastructure is used for internet based communication. It consists of various things like security policy , Certificate authority , registration authority , certificate distribution system PKI enabled applications.

Uses and Need

With development of modern e-commerce based businesses which has minimal customer face-to-face interactions is demanding more security and integrity. The online web based stores where huge amount of transactions take place needs to ensure customers that there information is confidential and processed through a secure channel. This is where implementation of PKI steps in to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation,and authentication.

Dissemination

Random Ramblings on Reputation Management and Distribution

This system has unique distribution requirements as compared to most distributed systems in general. In this system, we cannot assume that there will be a universally agreed-upon definition of good, or bad. Similarly, the system must be self-policing. It would be up to each and every group of autonomous systems to decide which updates to accept and reject. Updates themselves also should not cause the network to DDoS itself. Lastly, it would be impossible for every system to know what the reputation for a given system is. Therefore the system must disseminate information in some way that is query-able and localizes reputation information where required.

To this end, we need a way of spreading information that while reliable, does not depend on one universally agreed-upon set of reputations.

For example, on an internet-scale operating system it would be entirely reasonable for one group of systems to not want to accept updates, or want to avoid communication with a given series of systems.

Any solution would assume that the problems of attribution are solved.

Current Examples of Reputation Dissemination

The first protocol that immediately comes to mind in this situation is a gossip-based protocol. These protocols are designed to operate in highly decentralized, large-scale systems.

Here's a nice overview:

Examples are as follows:

Another possibility is using "Reputation chains"

Maintaining History

Querying Reputation

Since this won't be the actual page the paper is written on, I'm going to dump possibly relevant links here. If they actually get used I'll make them into proper references.

http://www.kirkarts.com/wiki/images/1/13/Resnick_eBay.pdf - Trust Among Strangers in Internet Transactions: Empirical Analysis of eBay’s Reputation System (maybe not too relevant)

http://portal.acm.org/citation.cfm?id=544741.544809 - An Evidential Model of Distributed Reputation Management

http://portal.acm.org/citation.cfm?id=775152.775242&type=series%EF%BF%BD%C3%9C -- The EigenTrust Algorithm for Reputation Management in P2P Networks

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.2297&rep=rep1&type=pdf -- A Robust Reputation System for Mobile Ad-hoc Networks

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.125.8729&rep=rep1&type=pdf -- EigenRep: Reputation Management in P2P Networks


Possible implementations

Conclusion

References