Search

EP-4742597-A2 - ASSESSING SUBJECTIVE TRUST

EP4742597A2EP 4742597 A2EP4742597 A2EP 4742597A2EP-4742597-A2

Abstract

This disclosure describes techniques that include assessing trust in a system based on subjective factors. In one example, this disclosure describes a method that includes determining, by the computing system, a prerequisite score for a network entity in a computer network; determining, by the computing system, a subjective score for the network entity based on one or more subjective factors for the network entity, wherein each of the one or more subjective factors for the network entity corresponds to a subjective characteristic of the network entity; determining, by a computing system, a trust score for the network entity based on the prerequisite score and the subjective score; and modifying, by the computing system, operation of the computer network based on the trust score for the network entity

Inventors

  • O'NEILL, Charles Damian
  • JAMES, SIMON
  • MCPEAKE, Kieran Gerald
  • SHORTER, Hayden Paul

Assignees

  • Juniper Networks, Inc.

Dates

Publication Date
20260513
Application Date
20230927

Claims (15)

  1. A computing system comprising processing circuitry and storage media, wherein the processing circuitry has access to the storage media and is configured to: determine a subjective score for a network device based on sentiment information associated with the network device and further based on information about how a trust score consumer values subjective factors; determine, based on the subjective score, a trust score for the network device; and modify operation of a computer network based on the trust score for the network device.
  2. The computing system of claim 1, wherein to determine the subjective score, the processing circuitry is further configured to: identify a set of weights to apply to the subjective factors; and determine the subjective score further based on the set of weights.
  3. The computing system of any of claims 1-2, wherein to determine the trust score, the processing circuitry is further configured to: identify one or more current characteristics of the network device; and determine the trust score further based on the one or more current characteristics.
  4. The computing system of any of claims 1-3, wherein to determine the trust score, the processing circuitry is further configured to: identify one or more reputational factors for the network device; and determine the trust score further based on the one or more reputational factors.
  5. The computing system of any of claims 1-4, wherein to determine the trust score, the processing circuitry is further configured to: identify a trust score plan from a plurality of trust score plans associated with the network device; and determine the trust score further based on the trust score plan.
  6. The computing system of claim 1, wherein the network device is a first network device, and wherein to determine the trust score, the processing circuitry is further configured to: determine a level of trust that a second network device has for the first network device; and determine the trust score further based on the level of trust that the second network device has for the first network device.
  7. The computing system of any of claims 1-6, wherein to modify the operation of the computer network, the processing circuitry is further configured to: enable the network device to process network traffic.
  8. The computing system of any of claims 1-6, wherein to modify the operation of the computer network, the processing circuitry is further configured to: modify operation of the computing network to route traffic away from the network device.
  9. The computing system of any of claims 1-8, wherein the subjective score is a first subjective score, wherein the trust score consumer is a first trust score consumer, wherein the trust score is a first trust score, and wherein the processing circuitry is further configured to: determine, by the computing system, a second subjective score for the network device further based on information about how a second trust score consumer values the subjective factors; and determine, by the computing system and based on the second subjective score, a second trust score for the network device.
  10. The computing system of claim 9, wherein the processing circuitry is further configured to: modify, by the computing system, operation of the computing network based on the second trust score to route traffic away from the network device.
  11. A method comprising: determining, by a computing system, a subjective score for a network device based on sentiment information associated with the network device and further based on information about how a trust score consumer values subjective factors; determining, by the computing system and based on the subjective score, a trust score for the network device; and modifying, by the computing system, operation of a computer network based on the trust score for the network device.
  12. The method of claim 11, wherein determining the subjective score includes: identifying a set of weights to apply to the subjective factors; and determining the subjective score further based on the set of weights.
  13. The method of claim 11 or claim 12, wherein determining the trust score includes: identifying one or more current characteristics of the network device; determining the trust score further based on the one or more current characteristics.
  14. The method of any of claims 11 to 13, further comprising steps corresponding to the functionality recited in any of claims 4-10.
  15. Computer-readable storage media comprising instructions that, when executed, cause one or more processors of a system to perform the method of any of claims 11-14.

Description

TECHNICAL FIELD The disclosure relates to computer networks and to trust levels attributed to entities in a network. BACKGROUND Devices or network entities in a network are typically relied upon to perform various operations on behalf of users of the network. Some network entities are more reliable than others. Some network entities are more secure than others. Zero-trust networking is an approach to network security in which network administrators assume that network entities should not be trusted by default, even if those network entities are in a private network or previously verified. Example types of network entities may include network nodes (e.g., endpoint devices, intermediate network devices, etc.), network services, or other types of real or virtual entities that can be identified on a computer network. Because network entities are not trusted by default in zero-trust networking, identity and integrity checks are routinely performed on network entities. SUMMARY This disclosure describes techniques that include assessing trust for devices (i.e., network entities) in a system using subjective information. In general, subjective information can, in at least some situations, help provide a more holistic assessment of a network or network entity's trustworthiness, and can help to ensure that decision-making aligns with the organization's priorities. As described herein, aspects of trust assessment may be customized for different stakeholders (e.g., users, operators, organizations). Since different stakeholders may have different priorities and values, it may be appropriate to customize trust assessments to reflect these differences and provide, for different stakeholders, corresponding different views of the trust assessment for a network entity. For example, one stakeholder might prioritize the reputation of the manufacturer of a network entity, while another might prioritize the level of innovation and investment in research and development of the manufacturer of the network entity. To customize trust assessments for different stakeholders, trust factors can be assigned a weight that reflects the importance of a given factor to a relevant stakeholder. For example, for a stakeholder that values sustainability, higher weights may be applied to factors pertaining to sustainability. In some examples, such weights may be derived from information received from stakeholders and used to determine the needs and priorities of stakeholders sharing a common role. Different trust scores may therefore be presented to stakeholders depending on preferences of the individual stakeholder, the identity of the stakeholder, and/or the stakeholder's role. In some examples, this disclosure describes operations performed by a computing system in accordance with one or more aspects of this disclosure. In one specific example, this disclosure describes a method comprising determining, by the computing system, a prerequisite score for a network entity in a computer network, wherein the prerequisite score is based on one or more prerequisite factors, and wherein each of the one or more prerequisite factors is a condition to be satisfied; determining, by the computing system, a subjective score for the network entity based on one or more subjective factors for the network entity, wherein each of the one or more subjective factors for the network entity corresponds to a subjective characteristic of the network entity; determining, by the computing system and based on the prerequisite score and the subjective score, a trust score for the network entity; and modifying, by the computing system, operation of the computer network based on the trust score for the network entity. In another example, this disclosure describes a system comprising processing circuitry and a storage device, wherein the processing circuity has access to the storage device and is configured to: determine a prerequisite score for a network entity in a computer network, wherein the prerequisite score is based on one or more prerequisite factors, and wherein each of the one or more prerequisite factors is a condition to be satisfied; determine a subjective score for the network entity based on one or more subjective factors for the network entity, wherein each of the one or more subjective factors for the network entity corresponds to a subjective characteristic of the network entity; determine, based on the prerequisite score and the subjective score, a trust score for the network entity; and modify operation of the computer network based on the trust score for the network entity. In another example, this disclosure describes a computer-readable medium comprising instructions that, when executed, configure processing circuitry of a computing system to: determine a prerequisite score for a network entity in a computer network, wherein the prerequisite score is based on one or more prerequisite factors, and wherein each of the one or more prerequisite factors is