2nd International ICST Workshop on the Value of Security through Collaboration

Research Article

A Unified Framework for Trust Management

  • @INPROCEEDINGS{10.1109/SECCOMW.2006.359574,
        author={Weiliang  Zhao and Vijay  Varadharajan and George  Bryan},
        title={A Unified Framework for Trust Management},
        proceedings={2nd International ICST Workshop on the Value of Security through Collaboration},
  • Weiliang Zhao
    Vijay Varadharajan
    George Bryan
    Year: 2007
    A Unified Framework for Trust Management
    DOI: 10.1109/SECCOMW.2006.359574
Weiliang Zhao1,*, Vijay Varadharajan2,*, George Bryan1,*
  • 1: School of Computing and Mathematics, University of Western Sydney
  • 2: Department of Computing, Macquarie University
*Contact email: wzhao@scm.uws.edu.au, vijay@ics.mq.edu.au, g.bryan@scm.uws.edu.au


In this paper, we propose a unified framework for trust management that can cover a broad variety of trust mechanisms including reputations, credentials, local data and environment parameters. The proposed trust management framework leverages established standards and it covers a broad variety of situations in different environments. This framework can provide utilizing and enabling tools for trust management. Under this framework, different trust mechanisms can be assembled together when multiple mechanisms of trust are necessary. Here, we refer to our trust management system as TrustEngine. The TrustEngine follows the initial ideas of PolicyMaker to separate generic mechanisms of trust management from application-specific policies which are defined by each application. TrustEngine has a generic set of functions, interfaces, and data storage for trust management in distributed environments. TrustEngine is an open system and it can easily include new trust components. We describe the architecture and implementation details of TrustEngine. We provide an application scenario to illustrate the usage of TrustEngine in the real world. We believe that the development of trust management in real applications can be automated to substantially higher level based on our proposed framework