Aggregating Trust Using Triangular Norms in the KeyNote Trust Management System Simon N. Foley, Wayne Mac Adams, Barry O’Sullivan Cork Constraint Computation Centre, Department of Computer Science, University College Cork, Ireland [s.foley,w.macadams,b.osullivan]@cs.ucc.ie Abstract. A Trust Management model that provides a measure of the degree to which a principal is trusted for some action is proposed. At the heart of the model is the notion that triangular norms and conorms pro- vide a natural and consistent interpretation for trust aggregation across delegation chains. It is argued that specifying how trust is aggregated is as important as specifying a degree of trust value in an attribute certifi- cate and, therefore, in stating the degree to which a principal trusts an- other, the principal should also state how that trust may aggregate across delegation chains. The model is illustrated and has been implemented us- ing a modified, but backwards-compatible, version of the KeyNote Trust Management system. 1 Introduction Trust Management [1,4,9,20], as originally defined by [5], is an approach to con- structing and interpreting trust relationships between principals such as users, groups, roles, hardware-devices, etc. These well placed trust relationships [25], defined in terms of relatively static attributes that are perceived by a trusting party, are constructed as a graph of credentials encoding the conditions under which a principal is willing to trust some action. Trust Management systems are intended to support decentralized security: individual trust statements are encoded as cryptographic certificates that can be safely distributed across the network and reasoned over without the need for trusted authorization servers mediating over centralized policy state. While a Trust Management system determines whether a principal is trusted (authorized) for some action, reputation (trust) schemes such as [14,18] are used to provide some measure of the degree of trust between principals. For example, Slashdot Karma gives a measure of an individual’s standing in that message board community. Many Trust Management systems provide a binary decision— whether or not a principal is trusted—and do not consider the degree to which a principle is authorized for an action. In this paper a model is developed whereby a Trust Management decision is given in terms of a measure/degree of trust. There is much published research on how reputation trust between principals might be measured and is not the focus of this paper. In this paper we assume