论文信息 - Developing Electronic Trust Policies Using a Risk Management Model

Developing Electronic Trust Policies Using a Risk Management Model

Trust management systems provide mechanisms which can enforce a trust policy for authorisation and web content. However, little work has been done on identifying a process by which such a policy can be developed. This paper describes a mechanism for developing trust policies using a risk management model, and relates this to a conceptual framework of trust. The process uses an extended risk management model that takes into consideration beliefs about the principals being trusted and the impersonal structures and systems involved. The paper also applies the extended risk management model to a hypothetical case study in which an individual is making investments using an electronic trading service.

Dean Povey | D. Povey

[1] Joan Feigenbaum,et al. Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[2] Dennis Longley,et al. Information Security: Dictionary of Concepts, Standards and Terms , 1992 .

[3] Joan Feigenbaum,et al. REFEREE: Trust Management for Web Applications , 1997, Comput. Networks.

[4] Joan Feigenbaum,et al. KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[5] N. L. Chervany,et al. THE MEANINGS OF TRUST , 2000 .

[6] Audun Jøsang. Prospectives for Modelling Trust in Information Security , 1997, ACISP.

[7] William A. Wallace,et al. Computer supported risk management , 1995 .

[8] Adam Rifkin,et al. Weaving a Web of trust , 1997, World Wide Web J..

[9] Fred D. Davis,et al. TRUST FORMATION IN NEW ORGANIZATIONAL RELATIONSHIPS , 1996 .