Audun Jøsang Discusses His Work with Security Technologies

Emerging Research FRonts Commentary, February 2011

Audun Jøsang

Article: A survey of trust and reputation systems for online service provision

Authors: Josang, A;Ismail, R;Boyd, C
Journal: DECIS SUPPORT SYST, 43 (2): 618-644, MAR 2007
Addresses: Univ Queensland, Distributed Syst Technol Ctr, Level 7,GP S, Brisbane, Qld 4072, Australia.
Univ Queensland, Distributed Syst Technol Ctr, Brisbane, Qld 4072, Australia.

Audun Jøsang talks with and answers a few questions about this month's Emerging Research Front paper in the field of Engineering.

SW: Why do you think your paper is highly cited?

The article seems to resonate well with our fundamental need for safety in online environments, e.g. when navigating to find resources and making decisions about using them. Currently there is relatively little technology support available for assessing the reliability of entities and the quality of resources in online environments. In addition, experiments show that people have a higher tendency to deceive through online interaction than in face-to-face interaction. This creates a great deal of uncertainty and risk, but it is in this environment that online communities and markets must grow.

Traditional security technologies are important, but their focus is not broad enough to cover all relevant online security risks. Traditional information security assumes that information resources have an owner who wants to protect their confidentiality, integrity, and availability. Unfortunately this model does not fit well with risks on the open Internet. We can be harmed simply by accessing low-quality, misrepresented, or deceptive resources.

Even if deceptive resources do not affect our information systems directly, they can have a negative effect on our knowledge and our business processes. This type of harm is not addressed by the traditional interpretation of information security. Trust and reputation systems can provide the type of security required for this purpose and represent a crucial complement to traditional information security technologies, thereby making our approach to managing online security problems more general.

SW: Does it describe a new discovery, methodology, or synthesis of knowledge?

Being a survey article, it does not present any new scientific breakthroughs. The focus is more on articulating the fact that trust and reputation systems represent a new and significant innovation trend in security. This type of security that trust and reputation systems provide is no longer rational and managed by experts, but largely subjective and managed by the whole community. This is collaborative security; this is Security 2.0.

SW: Would you summarize the significance of your paper in layman's terms?

Our perception of trust works as a compass for safe navigation through a world of uncertainty. It helps us find peers with whom interaction and collaboration is most likely to be fruitful, and it helps us steer away from unacceptable risks and potential deceptions. While human intuition about trust often fails, it seems to quickly provide us with guidance in most situations, which has the effect of significantly saving time and cognitive effort.

Unfortunately we often find that our capability to reason about trust is not well adapted to online environments. Online trust and reputation systems, which are the focus of the article, cover a range of technologies that are aimed at making trust reasoning more powerful and reliable.

Audun Jøsang
Description: Slashdot reputation system architecture. General reputation system terminology is indicated on the left hand side, and Slashdot specific terminology on the right.

Diagram credit: By Audun Josang, 2011. Free to be published with this statement.

Trust is an individual's subjective assessment of reliability whereas reputation reflects a whole community's assessment of reliability. The two concepts are related and independent at the same time, as, for example, expressed by the following two plausible statements:

"I trust you because of your good reputation"
"I trust you despite your bad reputation"

Trust and reputation systems provide methods for assessing trust and reputation, from a subjective and from a community perspective. Such assessments help us making better decisions, e.g. when selecting online resources and transaction partners.

SW: How did you become involved in this research, and how would you describe the particular challenges, setbacks, and successes that you've encountered along the way?

My research on this topic commenced in 1997 when I started looking at computational trust, which uses mathematical models for assessing trustworthiness and for decision making based on trust. In particular, subjective logic was originally developed for this purpose. Since then, subjective logic has evolved into a general probabilistic logic that is suitable for reasoning in situations of uncertainty and incomplete information. Subjective logic is used commercially, e.g. in online social networks and for intelligence analysis. In its simplest form, subjective logic operates on opinions which consist of belief, disbelief, and uncertainty, in addition to a base rate parameter.

Then in 2002 I proposed applying Bayesian models for computing reputation scores in reputation systems. Most online reputation systems use rather simplistic mathematical models which are relatively vulnerable to strategic manipulation, so I proposed using more sophisticated reputation systems. Bayesian reputation systems are directly compatible with subjective logic which makes it easy to integrate trust and reputation computation.

Page: < 1 | 2 >


   |   BACK TO TOP