Selection and architecture-based composition of trust models in decentralized applications

Open decentralized applications consist of independent entities, also called peers, that directly interact with each other in the absence of a centralized authority. Peers make local autonomous decisions towards their goals that may possibly conflict with those of other peers in the system. An open decentralized system does not regulate the entry of peers; thus, malicious peers may be present who may seek to subvert other peers. In the absence of a centralized trusted authority that can protect peers from these malicious peers, it becomes the responsibility of each peer to adopt suitable measures to protect itself.; Trust relationships between peers have been found to provide effective protection against malicious peers. Trust management has therefore received considerable attention from researchers. However, a survey of existing trust management systems reveals two main shortcomings. First, there is a lack of guidance on how to actually compose trust-centric decentralized applications. Second, there is no platform that can enable a comprehensive analysis and comparison of these trust models and provide systematic guidance to application developers regarding the choice of a trust model for a particular application. The objective of this dissertation is to address these two shortcomings. This dissertation first introduces PACE which stands for the Practical Architectural approach for Composing Egocentric trust. PACE is a software architectural style that provides systematic guidance on how to construct trust-enabled decentralized peers such that they can be better secured against malicious attacks. PACE has been evaluated along several dimensions and has been shown to support different types of trust models in different decentralized domains. PACE-based tools have also been developed to support application development in the PACE style.; This dissertation also presents SIFT, a simulation-based platform that uses threat scenarios to analyze and compare different types of reputation models under different application settings. Results from SIFT simulations have revealed interesting insights about the interplay of trust model and application parameters. These insights have been applied to some existing trust models to demonstrate how SIFT simulations can provide much-needed guidance towards the selection of an appropriate trust model for a given application condition as well as point towards possible refinements to trust models in the future.