Towards a Decision Model Based on Trust and Security Risk Management

From choosing the daily lunch menu to buying or selling stock options, decisions have to be made every day. In general, due to incomplete information, making a decision carries a risk. Typically, such risks are mitigated through risk management. However, risk is not the only element involved in the decision process. When the decision to be made concerns an interaction between two entities, trust plays an important role. Trust, in such an interaction, is a prediction of one entity's reliance on the other entity to perform a certain action. In this paper we formulate a trust reference model and take a first step towards a decision model by combining the trust model with an existing risk model. The decision model is illustrated by an example in the e-banking domain.

[1]  S. Marsh Optimism and pessimism in trust , 2007 .

[2]  Mogens Nielsen,et al.  On the Formal Modelling of Trust in Reputation-Based Systems , 2004, Theory Is Forever.

[3]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[4]  David Ingram,et al.  Risk Models for Trust-Based Access Control(TBAC) , 2005, iTrust.

[5]  Claudia Keser,et al.  Can We Manage Trust? , 2005, iTrust.

[6]  Vitaly Shmatikov,et al.  Reputation-Based Trust Management ∗ , 2003 .

[7]  Kurt Rothermel,et al.  Architecture and Algorithms for a Distributed Reputation System , 2003, iTrust.

[8]  N. Luhmann,et al.  Trust: Making and Breaking Cooperative Relations , 1990 .

[9]  Vladimiro Sassone,et al.  A framework for concrete reputation-systems with applications to history-based access control , 2005, CCS '05.

[10]  Audun Jøsang,et al.  Exploring Different Types of Trust Propagation , 2006, iTrust.

[11]  M. Augier,et al.  Administrative Behavior: A Study of Decision‐Making Processes in Administrative Organizations , 2002 .

[12]  Gary Klein,et al.  Naturalistic Decision Making , 2008, Hum. Factors.

[13]  Audun Jøsang,et al.  Simulating the Effect of Reputation Systems on E-markets , 2003, iTrust.

[14]  Ken Moody,et al.  Combining Trust and Risk to Reduce the Cost of Attacks , 2005, iTrust.

[15]  Karla Borja,et al.  The Neuroeconomics of Distrust: Sex Differences in Behavior and Physiology. , 2005, The American economic review.

[16]  José A. Montenegro,et al.  A Representation Model of Trust Relationships with Delegation Extensions , 2005, iTrust.

[17]  Jens Riegelsberger,et al.  The mechanics of trust: A framework for research and design , 2005, Int. J. Hum. Comput. Stud..

[18]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .

[19]  Robert Kurzban,et al.  The neurobiology of trust. , 2008, Annals of the New York Academy of Sciences.

[20]  Yong Chen,et al.  Trust Propagation in Small Worlds , 2003, iTrust.

[21]  Haralambos Mouratidis,et al.  Adapting Secure Tropos for Security Risk Management during Early Phases of the Information Systems Development , 2010 .

[22]  P. Zak,et al.  Oxytocin is associated with human trustworthiness , 2005, Hormones and Behavior.

[23]  Ewald A. Kaluscha,et al.  Empirical research in on-line trust: a review and critical assessment , 2003, Int. J. Hum. Comput. Stud..

[24]  Jeremy V. Pitt,et al.  Reinventing Forgiveness: A Formal Investigation of Moral Facilitation , 2005, iTrust.

[25]  Paul Resnick,et al.  Reputation systems , 2000, CACM.

[26]  P. Zak,et al.  The Neurobiology of Trust , 2004, Scientific American.

[27]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..

[28]  Vladimiro Sassone,et al.  A Formal Model for Trust in Dynamic Networks , 2003 .

[29]  Sotirios Terzis,et al.  Engineering Trust Based Collaborations in a Global Computing Environment , 2004, iTrust.

[30]  Vladimiro Sassone,et al.  A formal model for trust in dynamic networks , 2003, First International Conference onSoftware Engineering and Formal Methods, 2003.Proceedings..

[31]  Christian Damsgaard Jensen,et al.  Trust Transfer: Encouraging Self-recommendations Without Sybil Attack , 2005, iTrust.

[32]  Ketil Stølen,et al.  Using Risk Analysis to Assess User Trust: A Net-Bank Scenario , 2004, iTrust.

[33]  Nicolas Mayer,et al.  Design of a Modelling Language for Information System Security Risk Management , 2007, RCIS.

[34]  Georg Lausen,et al.  Analyzing Correlation between Trust and User Similarity in Online Communities , 2004, iTrust.

[35]  Robert Wilensky,et al.  Robust Reputations for Peer-to-Peer Marketplaces , 2006, iTrust.

[36]  Lewis Hassell,et al.  Affect and Trust , 2005, iTrust.

[37]  Lea Kutvonen,et al.  Trust Management Survey , 2005, iTrust.

[38]  Susan Wiedenbeck,et al.  On-line trust: concepts, evolving themes, a model , 2003, Int. J. Hum. Comput. Stud..

[39]  Lea Viljanen,et al.  Towards an Ontology of Trust , 2005, TrustBus.

[40]  Nicolas Mayer,et al.  Alignment of Misuse Cases with Security Risk Management , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[41]  Haralambos Mouratidis,et al.  Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development , 2008, CAiSE.

[42]  Audun Jøsang,et al.  Analysing the Relationship between Risk and Trust , 2004, iTrust.

[43]  Valérie Issarny,et al.  Enhanced Reputation Mechanism for Mobile Ad Hoc Networks , 2004, iTrust.

[44]  D. Collard,et al.  Trust : making and breaking cooperative relations , 1989 .

[45]  Daniel J. Essin,et al.  Patterns of trust and policy , 1998, NSPW '97.

[46]  Catholijn M. Jonker,et al.  Modelling Trade and Trust Across Cultures , 2006, iTrust.