Abstract
Trust management systems provide mechanisms which can enforce a trust policy for authorisation and web content. However, little work has been done on identifying a process by which such a policy can be developed. This paper describes a mechanism for developing trust policies using a risk management model, and relates this to a conceptual framework of trust. The process uses an extended risk management model that takes into consideration beliefs about the principals being trusted and the impersonal structures and systems involved. The paper also applies the extended risk management model to a hypothetical case study in which an individual is making investments using an electronic trading service.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
M. Blaze, J. Feigenbaum, and J. Lacey. Decentralized trust managment. In Proceedings of the 1996 Symposium on Security and Privacy, pages 164–173, 1996.
Matt Blaze, Joan Feigenbaum, and Angelos D. Keromytis. Keynote: Trust management for public-key infrastructures. In Cambridge 1998 Security Protocols International Workshop, England, 1998.
Yang-Hua Chu, Joan Feigenbaum, Brian LaMacchia, Paul Resnick, and Martin Strauss. Referee: Trust management for web applications. In Proceedings of the 6th International WWW Conference, 1997.
Dennis Longley, Michael Shain, and William Caelli. Information Security: Dictionary of Concepts, Standards and Terms. Macmillan, 1992.
Common Criteria for Information Technology Security Evaluation-Part 1: Introduction and general model, May 1998.
Standards Australia/Standards New Zealand. AS/NZS 4360:1999 Risk Management, 1999.
Communications Security Establishment (CSE) Government of Canada. A guide to Security Risk Managment for Information Technology Systems MG-2, 1992. URL: http://www.cse.dnd.ca/cse/english/Manuals/mg2int-e.htm.
Dennis Longley, Michael Shain, and William Caelli. Information Security: Dictionary of Concepts, Standards and Terms, pages 450–453. Macmillan, 1992.
D. Harrison McKnight, Larry L. Cummings, and Norman L. Chervany. Trust formation in new organizational relationships. In Information and Decision Sciences Workshop, October 1995. URL: http://www.misrc.umn.edu/wpaper/wp96-01.htm.
D. Harrison McKnight and Norman L. Chervany. The meanings of trust. Technical report, MISRC Working Papers Series, 1996. URL: http://www.misrc.umn.edu/wpaper/wp96-04.htm.
Rohit Khare and Adam Rifkin. Weaving a web of trust. World Wide Web Journal, 2(3), 1997.
Audun Jøsang. Prospectives for modelling trust in information security. In Vijay Varadharajan, editor, Proceedings of the 1997 Australasian Conference on Information Security and Privacy. Springer-Verlag, 1997.
Audun Jøsang. A model for trust in security systems. In Proceedings of the Second Nordic Workshop on Secure Computer Systems, 1997.
W3C. Platform for Internet Content Selection (PICS) technical specification. URL: http://www.w3.org/PICS/.
Giampiero E.G. Beroggi and William A. Wallace, editors. Computer supported risk management. Kluwer Academic Publishers, 1995.
Google Inc. Why use Google?, 1999. URL: http://www.google.com/why_use.html.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Povey, D. (1999). Developing Electronic Trust Policies Using a Risk Management Model. In: Secure Networking — CQRE [Secure] ’ 99. CQRE 1999. Lecture Notes in Computer Science, vol 1740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46701-7_1
Download citation
DOI: https://doi.org/10.1007/3-540-46701-7_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66800-8
Online ISBN: 978-3-540-46701-4
eBook Packages: Springer Book Archive