This was a paper I co-wrote with a bunch of other contributors working in the trust/reputation and security space: "Reputation-based systems: a security analysis" (PDF). It is a position paper on security issues in reputation systems.
A nice thing that we did in this paper was that we identified concrete use cases for reputation systems to frame our discussions, rather than talking in general but unusable terms that papers of this sort can tend to become. The use cases covered are online markets, P2P networks, spam filters and PKI (my primary area of contribution). The principal threats were then derived from looking at threats to the reputation systems used in these use cases.
Here's the abstract:
ENISA Position Papers represent expert opinion on topics ENISA considers to be important emerging risks or key security components. they are produced as the result of discussion among a group of experts who were selected for their knowledge in the area. the content was collected via wiki, mailing list and telephone conferences and edited by enisa.
This paper aims to provide a useful introduction to security issues affecting Reputation-based Systems by identifying a number of possible threats and attacks, highlighting the security requirements that should be fulfilled by these systems and providing recommendations for action and best practices to reduce the security risks to users.
Examples are given from a number of providers throughout the paper. These should be taken as examples only and there is no intention to single out a specific provider for criticism or praise. The examples provided are not necessarily those most representative or important, nor is the aim of this paper to conduct any kind of market survey, as there might be other providers which are not mentioned here and nonetheless are equally or more representative of the market.
This paper is aimed at providers, designers, research and standardisation communities, government policy-makers and businesses.
Showing posts with label enisa. Show all posts
Showing posts with label enisa. Show all posts
24 March 2008
Reputation-based systems: a security analysis
Blogged with the Flock Browser
Labels:
enisa,
reputation,
security,
trust
Subscribe to:
Posts (Atom)