Multilateral security a concept and examples for balanced security

security considers different and possibly conflicting security requirements of different parties and strives to balance these requirements. This paper introduces the concept of multilat- eral security giving some example problems and solutions. It fo- cuses on a personal reachability and security management system that was developed to overcome the caller ID conflict. The proto- type and its relation to multilateral security are described. Further, some major real world assessments of the prototype and the ex- periences gained are discussed. The paper concludes with a col- lection of technical design strategies for multilateral security that were considered important for the success of the project and some remarks on further challenges.

[1]  Ulrich Pordesch,et al.  Simulationsstudie "Mobile und sichere Kommunikation im Gesundheitswesen" , 1999, Datenschutz und Datensicherheit.

[2]  Martin Reichenbach,et al.  Individual management of personal reachability in mobile communication , 1997, SEC.

[3]  Bob Blakley,et al.  The Emperor's old armor , 1996, NSPW '96.

[4]  Kai Rannenberg Recent Development in Information Technology Security Evaluation - The Need for Evaluation Criteria for Multilateral Security , 1993, Security and Control of Information Technology in Society.

[5]  Dogan Kesdogan,et al.  Stop-and-Go-MIXes Providing Probabilistic Anonymity in an Open System , 1998, Information Hiding.

[6]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[7]  Hannes Federrath,et al.  Strategies for the Placement of Security Functions in Telecommunication Systems , 1999 .

[8]  Reiner Sailer,et al.  Security Functions in Telecommunications – Placement & Achievable Security , 1999 .

[9]  Audun Jøsang,et al.  A Subjective Metric of Authentication , 1998, ESORICS.

[10]  Kai Rannenberg How Much Negotiation and Detail Can Users Handle? Experiences with Security Negotiation and the Granularity of Access Control in Communications , 2000, ESORICS.

[11]  Ulrich Pordesch Negotiating Security Among end Users: Concept and Test in a Simulation Study for the Public Health Service , 1998, Comput. Networks.

[12]  Dean Povey Optimistic security: a new access control paradigm , 1999, NSPW '99.