Tyrone Grandison scite author profile

Trust is an important aspect of decision making for Internet applications and particularly influences the specification of security policy i.e. who is authorised to perform actions as well as the techniques needed to manage and implement security to and for the applications. This survey examines the various definitions of trust in the literature and provides a working definition of trust for Internet applications. The properties of trust relationships are explained and classes of different types of trust identified in the literature are discussed with examples. Some influential examples of trust management systems are described. Keywords:Trust specification, trust management, security policy, authorisation, authentication MOTIVATIONInternet services are increasingly being used in daily life for electronic commerce, web-based access to information and inter-personal interactions via electronic mail rather than voice or faceto-face, but there is still major concern about the trustworthiness of these services. There are no accepted techniques or tools for specification and reasoning about the trust. There is a need for a high-level, abstract way of specifying and managing trust, which can be easily integrated into applications and used on any platform. Typical applications requiring a formal trust specification include content selection for web documents [1], medical systems [2], telecommuting [3], mobile code and mobile computing [4][5][6], as well as electronic commerce [7][8][9][10][11][12][13][14]. Our main motivation in studying trust specification and management is to use this as the starting point for subsequent refinement into security policies related to authorisation and management of security [15]. However, there are additional reasons as to why trust is an important concept for modern systems.The migration from centralised information systems to internet-based applications will mean that transactions have to span a range of domains and organisations [16], not all of which may be trusted to the same extent. Inconsistencies in current trust relationships highlight the need for a flexible, general-purpose trust management system that can navigate these (possibly) complex

show abstract

Trust Management Tools for Internet Applications

Grandison

Sloman

2003

142

View full text Add to dashboard Cite

Extending Relational Database Systems to Automatically Enforce Privacy Policies

Agrawal

Bird

Grandison

et al.

View full text Add to dashboard Cite

Specifying and Analysing Trust for Internet Applications

Grandison

Sloman

2003

View full text Add to dashboard Cite

Abstract:The Internet is now being used for commercial, social and educational interactions, which previously relied on direct face-to-face contact in order to establish trust relationships. Thus, there is a need to be able to establish and evaluate trust relationships relying only on electronic interactions over the Internet. A trust framework for Internet applications should incorporate concepts such as experience, reputation and trusting propensity in order to specify and evaluate trust. SULTAN (Simple Universal Logic-oriented Trust Analysis Notation) is an abstract, logic-oriented notation designed to facilitate the specification and analysis of trust relationships. SULTAN seeks to address all the above issues, although this paper focuses on our initial work on trust specification and analysis.

show abstract

Access control for smarter healthcare using policy spaces

Ardagna

Vimercati

Foresti

et al. 2010

Computers & Security

View full text Add to dashboard Cite

A fundamental requirement for the healthcare industry is that the delivery of care comes first and nothing should interfere with it. As a consequence, the access control mechanisms used in healthcare to regulate and restrict the disclosure of data are often bypassed in case of emergencies. This phenomenon, called "break the glass", is a common pattern in healthcare organizations and, though quite useful and mandatory in emergency situations, from a security perspective, it represents a serious system weakness. Malicious users, in fact, can abuse the system by exploiting the break the glass principle to gain unauthorized privileges and accesses. In this paper, we propose an access control solution aimed at better regulating break the glass exceptions that occur in healthcare systems. Our solution is based on the definition of different policy spaces, a language, and a composition algebra to regulate access to patient data and to balance the rigorous nature of traditional access control systems with the "delivery of care comes first" principle.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.