Advertisement

Towards Automated Evaluation of Trust Constraints

  • Siani Pearson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3986)

Abstract

In this paper we explore a mechanism for, and the limitations of, automation of assessment of trustworthiness of systems. We have implemented a system for checking trust constraints expressed within privacy policies as part of an integrated prototype developed within the EU Framework VI Privacy and Identity Management for Europe (PRIME) project [1]. Trusted computing information [2,3] may be taken into account as part of this analysis. This is the first stage of ongoing research and development within PRIME in this area.

Keywords

Service Side Access Control Policy Trusted Platform Module Automate Evaluation Policy Compliance 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    PRIME 2004: Privacy and Identity Management for Europe, European RTD Integrated Project under the FP6/IST Programme (2004), http://www.prime-project.eu.org/
  2. 2.
    TCG 2003: TCG Main Specification, v1.1b (2003), Available via: http://www.trustedcomputinggroup.org
  3. 3.
    TCG 2003: TCG TPM Specification, v1.2 (2003), Available via: http://www.trustedcomputinggroup.org
  4. 4.
    Sommer, D. (ed.): PRIME Architecture V1, D14.2b (2004), http://www.prime-project.eu.org/
  5. 5.
    Cranor, L., Langheinrich M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The Platform for Privacy Preferences Specification, v1.0, W3C (2002), http://www.w3.org/TR/P3P/
  6. 6.
    Kobsa, A.: Personalized hypermedia and international privacy. Communications of the ACM 45(5), 64–67 (2002), http://www.ics.uci.edu/~kobsa/papers/2002-CACM-kobsa.pdf CrossRefGoogle Scholar
  7. 7.
    Kobsa, A.: A Component Architecture for Dynamically Managing Privacy Constraints in Personalized Web-based Systems. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 177–188. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    UK Information Commissioner, Who Cares About Data Protection? Segmentation Research (2003), http://www.informationcommissioner.gov.uk/cms/DocumentUploads/Segmentation%20Research%20Findings.pdf
  9. 9.
    Leenes, R., Lips, M.: Social evaluation of early prototyoes. In: Fischer-Hübner, S., Pettersson, J.S. (eds.) Evaluation of early prototypes, PRIME deliverable D6.1.b, 1 (2004), http://www.prime-project.eu.org/public/prime_products/deliverables/
  10. 10.
    Fischer-Hübner, S., Pettersson, J.S. (eds.): Evaluation of early prototypes, PRIME deliverable D6.1.b, 1 (2004), http://www.prime-project.eu.org/public/prime_products/deliverables/
  11. 11.
    Pettersson, J.S. (ed.): HCI guidance and proposals, PRIME deliverable D6.1.c, (February 11, 2005), http://www.prime-project.eu.org/public/prime_products/deliverables/
  12. 12.
    Turner, C.W., Zavod, M., Yurcik, W.: Factors that Affect the Perception of Security and Privacy of E-Commerce Websites. In: Proc 4th International Conference on Electronic Commerce Research (2001)Google Scholar
  13. 13.
    Turner, C.W.: The online experience and consumers’ perceptions of e-commerce security. In: Proc. Human Factors and Ergonomics Society 46th Annual Meeting (2002)Google Scholar
  14. 14.
    Turner, C.W.: How do consumers form their judgments of the security of e-commerce web sites? In: Proc. Workshop on HCI and Security Systems, CHI 2003 (2003)Google Scholar
  15. 15.
    Casassa Mont, M., Pearson, S., Bramhall, P.: Towards Accountable Management of Privacy and Identity Management. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 146–161. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    IBM 2004: The Enterprise Privacy Authorization Language (EPAL), v1.1 specification (2004), http://www.zurich.ibm.com/security/enterprise-privacy/epal/
  17. 17.
    Casassa Mont, M.: Dealing with Privacy Obligations: Important Aspects and Technical Approaches. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 120–131. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Microsoft 2006: Next-Generation Secure Computing Base home page (2006), http://www.microsoft.com/resources/ngscb
  19. 19.
    Pearson, S. (ed.): Trusted Computing Platforms. Prentice-Hall, Englewood Cliffs (2002)Google Scholar
  20. 20.
    Cavoukian, A., Crompton, M.: Web Seals: A review of Online Privacy Programs. In: 22nd International Conference on Privacy and Data Protection (2000), http://www.privacy.gov.au/publications/seals.pdf
  21. 21.
    Resnik, P., Varian, H.R.: Recommender Systems. Communications of ACM (1997), http://www.acm.org/pubs/cacm/MAR97/resnick.html
  22. 22.
    Reputation Research Network 2004: Online papers on reputation and reputation research (2004), http://databases.si.umich.edu/reputations/index.html
  23. 23.
    Ball, E., Chadwick, D.W., Basden, A.: The Implementation of a System for Evaluating Trust in a PKI Environment. In: Petrovic, O., Ksela, M., Fallenbock, M., Kitti, C. (eds.) Trust in the Network Economy, Evolaris, vol. 2, pp. 263–279 (2003)Google Scholar
  24. 24.
    Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The KeyNote Trust-Management System RFC 2704 (1999), http://www.cis.upenn.edu/~angelos/keynote.html
  25. 25.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proc. 17th Symposium on Security and Privacy, pp. 164–173 (1996)Google Scholar
  26. 26.
    Chu, Y.-H., Feigenbaum, J., LaMacchia, B., Resnick, P., Strauss, M.: REFEREE: Trust Management for Web Applications. World Wide Web Journal 2, 127–139 (1997)Google Scholar
  27. 27.
    Herzberg, A., Mass, Y., Michaeli, J., Naor, D., Ravid, Y.: Access Control Meets Public Key Infrastructure. Security & Privacy (2000)Google Scholar
  28. 28.
    Bertino, E., Ferrari, E., Squicciarini, A.C.: Trust-X: A Peer-to-Peer Framework for Trust Establishment. IEEE Transactions on Knowledge and Data Engineering 16(7), 827–842 (2004)CrossRefGoogle Scholar
  29. 29.
    OASIS: eXtensible Access Control Markup Language (XACML), See: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
  30. 30.
    Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language (2001), Available via: http://www-dse.doc.ic.ac.uk/research/policies/index.shtml
  31. 31.
  32. 32.
    Berners-Lee, T.: Semantic Web Tutorial Using N3 (2003), http://www.w3.org/2000/10/swap/doc/Trust
  33. 33.
    Web of Trust, v0.1, http://xmlns.com/wot/0.1/
  34. 34.
    Synomos 2005: Synomos Align 3.0 (2005), http://www.synomos.com/
  35. 35.
    SenSage 2005: SenSage Web site (2005), http://www.sensage.com/

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Siani Pearson
    • 1
  1. 1.Trusted Systems LaboratoryHewlett Packard Research LabsBristolUK

Personalised recommendations