Motivated by the effectiveness of correlation attacks against Tor, thecensorship arms race, and observations of malicious relays in Tor, we proposethat Tor users capture their trust in network elements using probabilitydistributions over the sets of elements observed by network adversaries. Wepresent a modular system that allows users to efficiently and convenientlycreate such distributions and use them to improve their security. The majorcomponents of this system are (i) an ontology of network-element types thatrepresents the main threats to and vulnerabilities of anonymous communicationover Tor, (ii) a formal language that allows users to naturally express trustbeliefs about network elements, and (iii) a conversion procedure that takes theontology, public information about the network, and user beliefs written in thetrust language and produce a Bayesian Belief Network that represents theprobability distribution in a way that is concise and easily sampleable. Wealso present preliminary experimental results that show the distributionproduced by our system can improve security when employed by users; furtherimprovement is seen when the system is employed by both users and services.
展开▼
