Abstract
This paper describes trust in information security as a subjective human belief. On this background, four formal models for trust which have been proposed in the recent years are analysed with the purpose of determining their strong and weak sides. From this we try to define general criteria for the feasibility of modelling trust.
This research was supported by Norwegian Research Council Grant No.116417/410.
This research was carried out while the author was visiting the ISRC at QUT.
This is a preview of subscription content, log in via an institution.
Preview
Unable to display preview. Download preview PDF.
References
Michael Burrows, Martín Abadi, and Roger Needham. A logic of authentication. Technical report, DEC Systems Research Center, February 1989. Research Report 39.
T. Beth, M. Borcherding, and B. Klein. Valuation of trust in open networks. In ESORICS 94. Brighton, UK, November 1994.
Gary Becker. The economic approach to human behavior. University of Chicago Press, 1976.
M.S. Cohen. An expert system framework for non-monotonic reasoning about probabilistic assumptions. In L.N. Kanal and J.F. Lemmer, editors, Uncertainty in Artificial Intelligence. North-Holland, 1986.
EC. Information Technology Security Evaluation Criteria (ITSEC). The European Commission, 1992.
Donald P. Green and Ian Shapiro. Pathologies of Rational Choice Theory: A Critique of Applications in Political Science. Yale Univ. Press, 1994.
ISO. Evaluation Criteria for IT Security (Common Criteria), documents N-1401/1404. ISO/IEC JTC1/SC 27, 1996.
ITU. X.509, The Directory — Authentication Framework. International Telecommunications Union, 1989.
A. Jøsang. The right type of trust for distributed systems. In C. Meadows, editor, Proc. of the 1996 New Security Paradigms Workshop. ACM, 1996.
Lars Rasmussen and Sverker Jansson. Simulated social control for secure internet commerce. In Catherine Meadows, editor, Proceedings of the 1996 New Security Paradigms Workshop. ACM, 1996.
G. Shafer. A Mathematical Theory of Evidence. Princeton University Press, 1976.
G.J. Simmons and C. Meadows. The role of trust in information integrity protocols. Journal of Computer Security, 3(1):71–84, 1995.
Paul F. Syverson. On key distribution protocols for repeated authentication. Operating Systems Review, 27(4), October 1993.
USDoD. Trusted Computer System Evaluation Criteria (TCSEC). US Department of Defence, 1985.
R. Yahalom, B. Klein, and Th. Beth. Trust relationships in secure systems — a distributed authentication perspective. In Proceedings of the 1993 IEEE Symp. on Research in Security and Privacy, pages 150–164, 1993.
P.R. Zimmermann. The Official PGP User's Guide. MIT Press, 1995.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1997 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jøsang, A. (1997). Prospectives for modelling trust in information security. In: Varadharajan, V., Pieprzyk, J., Mu, Y. (eds) Information Security and Privacy. ACISP 1997. Lecture Notes in Computer Science, vol 1270. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0027928
Download citation
DOI: https://doi.org/10.1007/BFb0027928
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-63232-0
Online ISBN: 978-3-540-69237-9
eBook Packages: Springer Book Archive