A Trust Management System for the IoT domain
This addresses security challenges for IoT systems with many dynamic, unknown parties, but appears incremental as it builds on existing trust management concepts.
The paper tackles the problem of securing interactions in large-scale IoT environments where traditional access control is infeasible, by proposing a trust- and risk-based system that incorporates user relationships and device ownership to compute trust.
In modern internet-scale computing, interaction between a large number of parties that are not known a-priori is predominant, with each party functioning both as a provider and consumer of services and information. In such an environment, traditional access control mechanisms face considerable limitations, since granting appropriate authorizations to each distinct party is infeasible both due to the high number of grantees and the dynamic nature of interactions. Trust management has emerged as a solution to this issue, offering aids towards the automated verification of actions against security policies. In this paper, we present a trust- and risk-based approach to security, which considers status, behavior and associated risk aspects in the trust computation process, while additionally it captures user-to-user trust relationships which are propagated to the device level, through user-to-device ownership links.