ABSTRACT:

This talk introduces a formal semantics based calculus of trust and its application in quantifying the risk associated with trust in PKI and IdM. Trust is "a basic fact of social life." Decisions made in the real world are based on the mixture of bounded rational calculation and trust. In order to meet people's various needs to securely interact on the Web, many formal trust models have been developed. However, without accurately defined semantics, trust may be misused, especially in the context of social networks-based trust. Therefore, it is important to explicitly and formally define trust in modeling. Because trust is a complex social phenomenon, the formal semantics of trust should be built on the concepts developed in social sciences. In this talk, first, I will examine the concepts developed in social sciences; secondly, I will introduce the formal semantics of trust, based on those social concepts; thirdly, I will introduce a formal semantics based calculus of trust, which extends logical model of trust with uncertainty theories; finally, I will demonstrate how to apply the trust calculus, to quantitatively evaluate the risk associated with trust in public key certificate chains. This research shows by examples that after introducing formal representation and quantification of trust in certificate chains, for using one-path certification, the shortest certification path need not be the most trustworthy certification path, and that a chain with an acceptably high level of trust should be constructed for validation; for using multi-path certification, multiple independent certification paths provides much more reliable and certain public key certification validation.