Common Operational Picture
Domain Description - The decentralized Common Operation Picture (COP) application consists of a set of organizations sharing real-time information with each other during an emergency response situation using a common operational picture. Since critical decisions made by each participating organization are based upon the real-time data received from other participant peers, it is important for each peer to establish trust relationships with each other in order to be able to judge the veracity and reliability of this data. Trust management thus plays a very significant role in this application.
Each organization in the COP application is composed of three types of modules: information gathering sources that observe events and report information to the command and control module, a command and control module that makes decisions based on both information received directly from its information gathering sources and information reported by other peers, and display units at the emergency location that receive instructions from the command and control module.
 |
"Common Operational Picture in PACE" |
Problems/Threats - COP is an application that typically consists of neutral or friendly participants. Given this and the fact that participating peers are supposed to be cooperating in an emergency situation, one would assume that peers typically do not lie to each other about the location and information about resources and emergencies. However, each peer is autonomous and may choose to hide or reveal information in accordance with its own agenda. A peer may also choose to misrepresent its trust in other countries according to its vested interests. Or a group of organizations with similar ideology could collude to disrupt existing relationship between two organizations.
Implementation Description - In the COP prototype that we built, all modules for all of the peers are built in the PACE style. Since the focus of this evaluation is the trust relationships between different organizations, it is assumed that there is implicit trust between all modules that belong to the same organization. Therefore each participant organization is represented only by its command and control module.
Four different reputation-based trust models within four separate COP prototypes were implemented and integrated. Next, the behavior of these models and how they manage to address the inherent issues and the potential threats to the application were examined by actually executing threat scenarios. Essentially, each of these reputation-based trust models rely on their past experience and recommendations received from other trusted participants to counter misrepresentation and collusion attacks. Additionally some of these models rely on an explicit notification mechanism that can be used by a peer to warn other peers of any malicious or lying peer.