An architectural approach for assessing system trust based on security policy specifications and security mechanisms.
DOI: 10.1145/1626195.1626214 Conference: Proceedings of the 2nd International Conference on Security of Information and Networks, SIN 2009, Gazimagusa, North Cyprus, October 6-10, 2009
We investigate trust relationships between and within a security policy and a security mechanism to assess system trust of software application. It has been recognized that trust assessment of security systems in dynamic environments with multiple entities, each with its own changing needs from the security mechanisms, is a complex task. In this paper, we propose a novel architectural approach to assess system trust of service oriented environments. The primary goal of this architecture is to show a way for constructing an automated system for trust assessment of web services. Particularly, we consider beliefs of an entity about a specific security mechanism of a service and the behavior of the service. In addition, we present new trust metrics for assessing system trust of a web service. Furthermore, trust and trust related issues in literature are reviewed to make clear the pros of our approach for trust assessment.
Conference Paper: A Model of Security Information Flow on Entities for Trust Computation.[Show abstract] [Hide abstract]
ABSTRACT: Service oriented environments are computer network systems that are highly dynamic and change with time. Entities in such environments have different security needs from services. Management of security information in dynamic environments with multiple entities, each with its own changing needs, is a complex task. The complexity mainly arises from a lack of trust to security information collected from entities and services. Therefore, the trust assessment about services, which is a crucial task, depends on the propagation of security information. In this paper, a new model of security information flow over entities is proposed for trust computation about services. The model is presented together with a simple scenario to clarify the proposed model.10th IEEE International Conference on Computer and Information Technology, CIT 2010, Bradford, West Yorkshire, UK, June 29-July 1, 2010; 01/2010
Data provided are for informational purposes only. Although carefully collected, accuracy cannot be guaranteed. The impact factor represents a rough estimation of the journal's impact factor and does not reflect the actual current impact factor. Publisher conditions are provided by RoMEO. Differing provisions from the publisher's actual policy or licence agreement may be applicable.