Audun Jøsang Discusses His Work with Security Technologies
Emerging Research FRonts Commentary, February 2011
Page: < 1 | 2 >
The challenges for trust and reputation systems are many, in particular the difficulty of achieving adequate robustness. We must not forget that these systems themselves can be the target of attacks, which, for instance, could result in false trust measures and reputation scores. Early assessments of reputation systems were often based on simplistic threat assumptions. Only recently have assessments been conducted with more realistic assumptions about threats, and it has been quite sobering to realize how challenging it is to build high robustness into trust and reputation systems.
A good example of a robust and successful reputation system is the one used on Slashdot.org which has had to adapt in order to provide effective protection against a changing threat picture. Readers can comment on articles posted on Slashdot, and the quality of the comments can in turn be rated by other readers who act as moderators. The resulting scores are used by readers to filter out low-quality comments.
"Our perception of trust works as a compass for safe navigation through a world of uncertainty. It helps us find peers with whom interaction and collaboration is most likely to be fruitful, and it helps us steer away from unacceptable risks and potential deceptions..."
Shortly after going online in 1997 Slashdot established a team of 25 moderators to deal with rating noise. As the number of Slashdot users and the amount of noise increased, the moderation team grew to 400 moderators. In order to create a more democratic and healthy moderation scheme, automated moderator selection was introduced, and the emerging Slashdot reputation system became an integral part of the Slashdot website.
The Slashdot reputation system actually consists of two layers called M1 and M2, where M1 is for rating comments to articles and M2 is for moderating M1 raters. Slashdot staff are also able to moderate any rating or participant in the Slashdot community, thereby making Slashdot staff omnipotent and able to manually stabilize the system in case it is being attacked by extreme volumes of noise. This represents a third layer which can be called the control level. The three-layer structure of the Slashdot reputation system is illustrated in the diagram.
The Slashdot reputation system directs and stimulates the massive collaborative effort of moderating thousands of postings every day. The system is constantly being tuned and modified and can be described as an ongoing experiment in search of the best practical way to promote quality postings, discourage noise, and to make Slashdot as readable and useful as possible for a large community.
Reputation systems are currently being used on a large number of e-commerce and social websites, but most are not as robust as the Slashdot system, and therefore are relatively vulnerable to strategic manipulation. On this background it seems surprising that they still can provide significant value and that they have become so widespread. One might therefore say that reputation systems follow the paradoxical "Yhprum's Law," (inverse of Murphy's Law), which is described as: "Something that shouldn't work sometimes does work."
One possible explanation of why trust and reputation systems are useful despite their weaknesses is that they do provide an incentive for good behavior for most participants in a community, and also that they serve as a kind of social glue. A reputation system provides an interface through which participants can communicate and relate to each other, which gives them an enriched experience, i.e., it feels good to get the community’s attention when being rated, and reciprocally it also gives a sense of satisfaction to rate others. This in itself is valuable.
Where do you see your research leading in the future?
Trust and reputation are closely related to identity because they are identity attributes. Traditional identity attributes such as name, address, and role are relatively stable, and most importantly, they do not change as a function of who is looking at the identity. Trust and reputation attributes, on the other hand, are dynamic, and may depend on who is looking at them, i.e., they are subjective. This brings a new dimension to identity, which will be important in security models for open service provision and access.
Do you foresee any social or political implications for your research?
Traditional media are controlled by commercial and political interest groups. Now we have an alternative in the form of Web2.0, but a problem with the open Internet is its chaotic and uncontrolled structure, which makes it difficult to determine the reliability of information found there. These are two extremes, either well-structured information produced by professionals with their commercial and political bias, or a flood of unstructured crowd-sourced information with uncertain origin and reliability.
Trust and reputation systems can create an order in this chaos by bringing Security2.0 to Web2.0. This order will be partly subjective and partly community based, not based on the monolithic view that global search engines provide, nor on the marketing-oriented view that personalization and individual targeting provide. This subjective and community-based view brings a radically different order to the Web.
Audun Jøsang
Professor
University of Oslo
Oslo, Norway
and
Adjunct Professor
Queensland University of Technology
Brisbane, Queensland, Australia
Page: < 1 | 2 >
KEYWORDS: INFORMATION; TRUST; REPUTATION; TRANSITIVITY; COLLABORATION; E-COMMERCE; SECURITY; DECISION.