Risk Aware Decision Framework for Trusted Mobile Interactions September 2005 Daniele Quercia and Stephen Hailes CS department University College London.

Slides:

Advertisements

Similar presentations

The 20th International Conference on Software Engineering and Knowledge Engineering (SEKE2008) Department of Electrical and Computer Engineering

Advertisements

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee

SEBGIS 2005, Agia Napa, Cyprus, October 31 - November 4, 2005 MECOSIG Adapted to the Design of Distributed GIS F. Pasquasy, F. Laplanche, J-C. Sainte &

Issues of Security and Privacy in Networking in the CBA Karen Sollins Laboratory for Computer Science July 17, 2002.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.

Survivability of Mobile Code Land Warfare Requirements for IMPACT Agent Systems IMPACT Symposium -12 August 1999 University of Maryland at College Park.

Towards Security and Privacy for Pervasive Computing Author ： Roy Campbell,Jalal Al-Muhtadi, Prasad Naldurg,Geetanjali Sampemane M. Dennis Mickunas.(2002)

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

Security Models for Trusting Network Appliances From ： IEEE ( 2002 ) Author ： Colin English, Paddy Nixon Sotirios Terzis, Andrew McGettrick Helen Lowe.

23/03/2007 mail-to: site: A Security Framework for Smart Ubiquitous.

Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 Florina Almenárez, Andrés Marín, Daniel Díaz, Juan Sánchez

CS 561, Sessions 28 1 Uncertainty Probability Syntax Semantics Inference rules.

1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.

Introduction to Computer Technology

UN Economic Commission for Europe 23rd UN/CEFACT FORUM 7-11 April rd UN/CEFACT FORUM – Geneva Tahseen A. Khan Project Proposal : Trusted Third Party.

1 D r a f t Life Cycle Assessment A product-oriented method for sustainability analysis UNEP LCA Training Kit Module k – Uncertainty in LCA.

Architectural Design.

Dr. Howard Eisner Professor Emeritus, GWU SEDC CONFERENCE, April 2014 SYSTEM ARCHITECTING – VIEWS vs. FUNCTIONS vs. ALTERNATIVES.

An Intelligent Broker Architecture for Context-Aware Systems A PhD. Dissertation Proposal in Computer Science at the University of Maryland Baltimore County.

Mobile cloud computing: survey 1. Introduction  In recent years, applications targeted at mobile devices havs started becoming abundant with applications.

Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity for Critical Infrastructure Course Flow Diagrams May 2-3, 2013 Support.

Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Social Computing Networks: A New Paradigm for Engineering Pervasive Software Systems Naeem Esfahani Sam Malek 32th International Conference on Software.

CSE 303 – Software Design and Architecture

Architecture-Based Runtime Software Evolution Peyman Oreizy, Nenad Medvidovic & Richard N. Taylor.

9/14/2012ISC329 Isabelle Bichindaritz1 Database System Life Cycle.

IIASA Yuri Ermoliev International Institute for Applied Systems Analysis Mathematical methods for robust solutions.

Argumentation and Trust: Issues and New Challenges Jamal Bentahar Concordia University (Montreal, Canada) University of Namur, Belgium, June 26, 2007.

HCI in Software Process Material from Authors of Human Computer Interaction Alan Dix, et al.

The roots of innovation Future and Emerging Technologies (FET) Future and Emerging Technologies (FET) The roots of innovation Proactive initiative on:

Integrated Risk Management Charles Yoe, PhD Institute for Water Resources 2009.

A security framework combining access control and trust management for mobile e-commerce applications Gregor v.Bochmann, Zhen Zhang, Carlisle Adams School.

21-22 May 2004IMPROQ 2004 / Impact of SW Processes on Quality Workshop 1 Quality for Components: Component and Component- Based Software Quality Issues.

Information Systems Engineering. Lecture Outline Information Systems Architecture Information System Architecture components Information Engineering Phases.

Software Engineering Principles. SE Principles Principles are statements describing desirable properties of the product and process.

1 DISTRIBUTION A. Approved for Public Release; Distribution Unlimited. 88ABW , 23 May Integrity  Service  Excellence ADT 101: Introduction.

Agents that Reduce Work and Information Overload and Beyond Intelligent Interfaces Presented by Maulik Oza Department of Information and Computer Science.

1 Service Sharing with Trust in Pervasive Environment: Now it’s Time to Break the Jinx Sheikh I. Ahamed, Munirul M. Haque and Nilothpal Talukder Ubicomp.

ReSeTrus Development of a digital library technology based on redundancy elimination and semantic elevation, with special emphasis on trust management.

A Quantitative Trust Model for Negotiating Agents A Quantitative Trust Model for Negotiating Agents Jamal Bentahar, John Jules Ch. Meyer Concordia University.

July 14 th SAM 2008 Las Vegas, NV An Ad Hoc Trust Inference Model for Flexible and Controlled Information Sharing Danfeng (Daphne) Yao Rutgers University,

Formalizing End-to-End Context-Aware Trust Relationships in Collaborative Activities Dr Ioanna Dionysiou Department of Computer Science School of Sciences.

Dynamic Trust Models for Ubiquitous Computing Environments Colin English, Paddy Nixon, Sotirios Terzis, Andrew McGettrick, Helen Lowe Department of Computer.

Time-Space Trust in Networks Shunan Ma, Jingsha He and Yuqiang Zhang 1 College of Computer Science and Technology 2 School of Software Engineering.

International Atomic Energy Agency Regulatory Review of Safety Cases for Radioactive Waste Disposal Facilities David G Bennett 7 April 2014.

An Ontology-based Approach to Context Modeling and Reasoning in Pervasive Computing Dejene Ejigu, Marian Scuturici, Lionel Brunie Laboratoire INSA de Lyon,

Providing web services to mobile users: The architecture design of an m-service portal Minder Chen - Dongsong Zhang - Lina Zhou Presented by: Juan M. Cubillos.

Computer Science and Engineering 1 Mobile Computing and Security.

Uncertainty in Mechanics of Materials. Outline Uncertainty in mechanics of materials Why consider uncertainty Basics of uncertainty Uncertainty analysis.

February 19, February 19, 2016February 19, 2016February 19, 2016 Azusa, CA Sheldon X. Liang Ph. D. Software Engineering in CS at APU Azusa Pacific.

STRUDEL: Supporting Trust in the Dynamic Establishment of peering coaLitions April 2006 Daniele Quercia, Manish Lad, Stephen Hailes, Licia Capra, and Saleem.

Risk-Aware Mitigation for MANET Routing Attacks Submitted by Sk. Khajavali.

MOTET: Mobile Transactions using Electronic Tickets September 2005 Daniele Quercia and Stephen Hailes CS department University College London

June 10, 2016 // Computer-Mediated Communication Trust, Trustworthiness and Reputation In Computer-Mediated Communication.

Designing a framework For Recommender system Based on Interactive Evolutionary Computation Date : Mar 20 Sat, 2011 Project Number :

1 Life Cycle Assessment A product-oriented method for sustainability analysis UNEP LCA Training Kit Module k – Uncertainty in LCA.

CIS-2005 : Xi’an - China 1 A New Conceptual Framework within Information Privacy: Meta Privacy Mr. Geoff Skinner Dr Song Han Prof. Elizabeth Chang Curtin.

8th INTERNATIONAL CONFERENCE AND WORKSHOPS ON QUALITY ASSURANCE IN HIGHER EDUCATION IN AFRICA MULTIDIMENSIONS OF INNOVATION IN HIGHER EDUCATION IN AFRICA:

Presented by Edith Ngai MPhil Term 3 Presentation

World-Leading Research with Real-World Impact!

Software Connectors – A Taxonomy Approach

Learning with Technology In, About, Through, and Despite Context

Chapter 27 Security Engineering

Smart Learning concepts to enhance SMART Universities in Africa

Architectural Requirements for the Effective Support of Adaptive Mobile Applications Lawrence Li ICS 243F.

Architectural Requirements for the Effective Support of Adaptive Mobile Applications Lawrence Li ICS 243F.

Chapter 5 Architectural Design.

Presentation transcript:

Risk Aware Decision Framework for Trusted Mobile Interactions September 2005 Daniele Quercia and Stephen Hailes CS department University College London SECOVAL 2005

Daniele Quercia SECOVAL 2005 D. Quercia and S. HailesRisk Aware Decision Framework for Trusted Mobile Interactions 2 Outline Mobile software concerns and solutions; Previous work on Trust Management and Expected Utility (EU); Scenario; Composing elements of the model; Analysis of the model.

Daniele Quercia3 Introduction Mobile devices need to adapt to changing context. How? They load software (sw) components from each other. D. Quercia and S. HailesRisk Aware Decision Framework for Trusted Mobile Interactions SECOVAL 2005 Problem: Security concerns when loading sw components (e.g., viral components and components not running as expected).

Daniele Quercia4 Conventional Solution Devices accept only digitally signed sw components. That’s acceptable as long as … … #(sw providers) is low; …  globally trustworthy Certification Authority. D. Quercia and S. HailesRisk Aware Decision Framework for Trusted Mobile Interactions SECOVAL 2005

Daniele Quercia5 Our Proposal A device uses a local decision framework to load software components. D. Quercia and S. HailesRisk Aware Decision Framework for Trusted Mobile Interactions SECOVAL 2005 model decision-making under uncertainty; integrate user’s risk attitudes; compute risk probabilities from trust mechanisms. Such framework has desirable properties:

Daniele Quercia6 Related Work – Trust Management Frameworks Marsh: computational trust concept. Abdul-Rahmal and Hailes: use of recommendations. Mui et al.: reputation concept. D. Quercia and S. HailesRisk Aware Decision Framework for Trusted Mobile Interactions SECOVAL 2005 formal trust model; risk-based decision module.

Daniele Quercia7 Related Work – Expected Utility D. Quercia and S. HailesRisk Aware Decision Framework for Trusted Mobile Interactions SECOVAL 2005 (a) ACTIONS (b) STATES No Rain Take Umbrella Do not take Umbrella (c) OUTCOME MATRIX Rain No Wet Wet (f) Decision Rule Max Overall Utility Function: Action  Utility (d) Probability Function: State  Probability  (No Rain)  (Rain) (e) Elementary Utility Function: Outcome  Utility u(Wet) u(No Wet)

Daniele Quercia8 Scenario: Secure Conference While Alice conferences on the move, her PDA guarantees secure communication across all traversed space. D. Quercia and S. HailesRisk Aware Decision Framework for Trusted Mobile Interactions SECOVAL 2005 Abstract Situation 123 Component Loader Component Supplier Semantics, Timeframe Details, Service Level Bob Alice

Daniele Quercia9 Scenario – Expected Utility Elements D. Quercia and S. HailesRisk Aware Decision Framework for Trusted Mobile Interactions SECOVAL 2005 (a) ACTIONS (b) STATES CS delivers C within R 1 Take C Do not take C (c) OUTCOME MATRIX CS delivers C within R 2 CS delivers C within R 3 Ask User Carry on seamles- sly Carry on with limited disruptions Give up Alice interacts with GUI (f) Decision Rule (d) Probability Function (e) Elementary Utility Function

Daniele Quercia10 D. Quercia and S. HailesRisk Aware Decision Framework for Trusted Mobile Interactions SECOVAL 2005 (f) Decision Rule IN: - actions - nearby component suppliers. OUT:max of expected utility.  action a and component supplier h, the expected utility is outcome utility state probability

Daniele Quercia11 D. Quercia and S. HailesRisk Aware Decision Framework for Trusted Mobile Interactions SECOVAL 2005 (e) Elementary Utility Function o value(o) utility(o) Logarithmic elementary utility function (user attitudes are risk-averse). To enhance tractability, 2 order Taylor approximation We determine the application dimensions (e.g., absence of disruptions, spared user time, security gap) i th dimension importance factors: w i (user preferences); D i (o) (function of outcome and application).

Daniele Quercia12 D. Quercia and S. HailesRisk Aware Decision Framework for Trusted Mobile Interactions SECOVAL 2005 (d) Probability Function  h (s): component loader’s belief that a certain state s will take place when interacting with the component provider h. Component loader receives Service Level= (d p, Confidence Level (CL)) computes each state probability (for a given h):  We need  and  :  Trust and  CL   Uncertainty   

Daniele Quercia13 Discussion Uncertainty is … …source of risks; …reduced through assurance (e.g, devices load only provable authored software) and trust (e.g., devices rely on trustworthiness assessments to make informed decisions). Assurance-based approaches are preferable, but not always possible! D. Quercia and S. HailesRisk Aware Decision Framework for Trusted Mobile Interactions SECOVAL 2005

Daniele Quercia14 Conclusion We have proposed a conceptual model of decision- making for software component loading, which… …integrates trust mechanisms and risk assessment; …consider user risk attitudes. Assumptions to be relaxed: constant risk-averse preferences; normal distribution for probability function. D. Quercia and S. HailesRisk Aware Decision Framework for Trusted Mobile Interactions SECOVAL 2005