A Formal Model of Trust and Security for Task-Oriented Information System

Abstract

Trust and security are two important concepts in information security, but the difference between them is fuzzy. This paper proposes a new formal definition of trust for task-oriented information system. The new definition includes detailed information about trust itself. It defines trust of a component as the relationship of the expected behaviors and the trusted prerequisites, and puts forward a formal directed-graph model to express it. With the directed-graph model, it expands trust chain to trust tree and trust forest, use them to give a formal description of trust and security of information system, it also discusses trusted module, and brings forward a multi-layer trusted structure to design trusted module.