Trust and Privacy in Digital Business

Why have e-business trust and security often been evasive and unsuccessful? This keynote paper attempts to answer this question by looking at an autonomic approach to communications services for on-line businesses. It reviews the issues and challenges, and presents a rationale for security, privacy, interception, forensics of digital evidence and trust in an autonomic communications and computing environment. A combination of security, privacy enhancing technologies, trustworthy computing interfaces and techniques, advocacy, and greater understanding of the socio-economic and technical aspects of this new electronic phenomena must be covered to establish a sound e-business operating environment on a global level. Some possible solutions pertaining to this environment are also reviewed and examples of some key research areas outlined. Finally a brief overview of directions for innovative research is presented and followed by concluding remarks.

[1]  Douglas R. Stinson,et al.  Provably Secure Distributed Schnorr Signatures and a (t, n) Threshold Scheme for Implicit Certificates , 2001, ACISP.

[2]  Doug Terry,et al.  Epidemic algorithms for replicated database maintenance , 1988, OPSR.

[3]  Muthucumaru Maheswaran,et al.  Evolving and managing trust in grid computing systems , 2002, IEEE CCECE2002. Canadian Conference on Electrical and Computer Engineering. Conference Proceedings (Cat. No.02CH37373).

[4]  Elisa Bertino,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.

[5]  Anne-Marie Kermarrec,et al.  Probabilistic Reliable Dissemination in Large-Scale Systems , 2003, IEEE Trans. Parallel Distributed Syst..

[6]  Joan Feigenbaum,et al.  A practically implementable and tractable delegation logic , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[7]  Vladimiro Sassone,et al.  A formal model for trust in dynamic networks , 2003, First International Conference onSoftware Engineering and Formal Methods, 2003.Proceedings..

[8]  Sushil Jajodia,et al.  Revocations - A classification , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[9]  Stephen Hailes,et al.  Supporting trust in virtual communities , 2000, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.

[10]  Muthucumaru Maheswaran,et al.  Towards Trust-Aware Resource Management in Grid Computing Systems , 2002, 2nd IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGRID'02).

[11]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[12]  Russ Housley,et al.  An Internet Attribute Certificate Profile for Authorization , 2002, RFC.

[13]  Jean-Yves Le Boudec,et al.  The Effect of Rumor Spreading in Reputation Systems for Mobile Ad-hoc Networks , 2003 .

[14]  Karl Aberer,et al.  Managing trust in a peer-2-peer information system , 2001, CIKM '01.

[15]  Nicola Mezzetti Towards a model for trust relationships in virtual enterprises , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[16]  Stephen Hailes,et al.  A distributed trust model , 1998, NSPW '97.

[17]  Gail-Joon Ahn,et al.  Injecting RBAC to secure a Web-based workflow system , 2000, RBAC '00.

[18]  Gail-Joon Ahn,et al.  Role-based access control on the web , 2001, TSEC.

[19]  Sihan Qing,et al.  Threshold Undeniable RSA Signature Scheme , 2001, ICICS.

[20]  Gunther Teubner,et al.  Substantive and Reflexive Elements in Modern Law , 2021, Luhmann and Law.

[21]  Robbert van Renesse,et al.  APSS: proactive secret sharing in asynchronous systems , 2005, TSEC.

[22]  Morrie Gasser,et al.  An architecture for practical delegation in a distributed system , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[23]  Ravi S. Sandhu,et al.  Framework for role-based delegation models , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[24]  Nicola Mezzetti,et al.  A Socially Inspired Reputation Model , 2004, EuroPKI.

[25]  A. Clement,et al.  Situating Privacy Online , 2004 .

[26]  Muthucumaru Maheswaran,et al.  Integrating trust into grid resource management systems , 2002, Proceedings International Conference on Parallel Processing.

[27]  Steven Hand,et al.  Managing Trust and Reputation in the XenoServer Open Platform , 2003, iTrust.

[28]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[29]  Fred B. Schneider,et al.  COCA: a secure distributed online certification authority , 2002 .

[30]  Ravi S. Sandhu,et al.  Rationale for the RBAC96 family of access control models , 1996, RBAC '95.

[31]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[32]  Robert H. Deng,et al.  Cryptanalysis of the Lee-Hwang Group-Oriented Undeniable Signature Schemes , 2002, IACR Cryptol. ePrint Arch..

[33]  Emil C. Lupu,et al.  Role-based security for distributed object systems , 1996, Proceedings of WET ICE '96. IEEE 5th Workshop on Enabling Technologies; Infrastucture for Collaborative Enterprises.

[34]  Sangrae Cho,et al.  ROLE-BASED EAM USING X.509 ATTRIBUTE CERTIFICATE∗ , 2003 .

[35]  William E. Johnston,et al.  Certificate-based Access Control for Widely Distributed Resources , 1999, USENIX Security Symposium.

[36]  Anne-Marie Kermarrec,et al.  Lightweight probabilistic broadcast , 2003, TOCS.