Abstract: According to the characteristics that object and subject vulnerabilities exist greatly in trust environment system, the vulnerability utilizing rules and trust relation embezzling rules are used to describe the state transition process of trust relations, the Trust Attack Model（TAM） is proposed. In the model a trust attacker uses object vulnerabilities to escalate trust levels, uses subject vulnerabilities to transit trust relations, and uses synthetically object and subject vulnerabilities to spread and pervade trust relations, therefore a longer attack reachable distance can be reached. Furthermore, a trust relation transitive closure generation algorithm of TAM whose time complexity is polynomial time is proposed, the algorithm can give all trust attack paths based on present vulnerabilities. Through an experiment based on modeling real vulnerabilities for a system, the results show that the model can make a comprehensive analysis to trust security and produce some detailed information such as trust attack graph, trust attack paths and so on. This model has good describing ability to characteristics of trust attack and shows interaction processes among attackers and trust entities. In addition, it can help an administrator to predict possible trust attacks, and then take the corresponding safety measures.

Key words: trust, trust security, trust attack, trust relation network, trust relation embezzling

摘要： 针对信任环境系统中存在的客观弱点和主观弱点，使用弱点利用规则和信任关系盗用规则来描述信任关系状态之间的转移过程，构建了信任攻击模型TAM。在该模型中，攻击者将客观弱点用于信任级别的提升，将主观弱点用于信任关系传递，将主、客观弱点的综合利用将导致信任关系的渗透与扩散，从而可导致攻击可达距离更大；提出了复杂度为多项式时间的TAM信任关系传递闭包生成算法，该算法可以给出当前弱点状态下的所有信任攻击路径。通过对真实弱点的建模，证明此模型可以对信任的安全性进行综合分析，生成信任攻击图、信任攻击路径等详细信息，展示攻击者和信任主体之间的交互过程，对攻击特征有更好的描述能力，帮助管理者预测所有可能的信任攻击，进而为相应的安全措施的制定提供依据。

关键词: 信任, 信任安全, 信任攻击, 信任关系网络, 信任关系盗用