While it is difficult to apply conventional security services to a system without a central authority, trust management offers a solution for information assurance in such a system. In this paper, we have developed a policyoriented decision model based on object trust management to assist users in selecting reliable and secure information in an open system. In the proposed model, an object represents a topic or issue under discussion, and it may have multiple versions, each of which represents

more »

... subject's opinion towards the characteristics of that object. The developed trust-based decision model assists a user to select one object version with desired level of quality and security features from available versions of a given object. The model balances both positive and negative aspects of an object version, and an evaluator can explicitly specify, in form of a policy specification, which features of an object version are not acceptable and which features are favorable. A high-level policy language, called Selector, expresses the policy specification in an unambiguous way. Selector consists of primary and residual policy statements. It supports recursive function calls, and the invoked external functions are defined separately from the language itself. The proposed decision model doesn't guarantee to select the "best" version for a given object. Rather it ensures that the selected version meets a user's requirement for information integrity.