Evaluation of interaction messages in trust model within collaborative system

Aali, Nawal Ait; Baïna, Amine; Echabbi, Loubna

doi:10.1109/it4od.2016.7479262

Cited by 4 publications

(4 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In order to improve the efficiency of our trust model, we establish a comparative study between our model and the existing works, namely, TOrBAC, Multi-Trust OrBAC, Trust-OrBAC, and TrustBAC, which combine the trust management and the access control. In [55], we have studied, theoretically, if these models meet the requirements of collaborative systems. However, none of the cited models takes into consideration all the discussed requirements and constraints.…”

Section: Resultsmentioning

confidence: 99%

Trust Management in Collaborative Systems for Critical Infrastructure Protection

Aali

Baïna

Echabbi

2018

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

Due to the necessity of Critical Infrastructure (CI) Protection against different threats, several security policies must be applied among the organizations of CI. Based on our conducted study about the different constraints and requirements of the collaborative systems within CI, we reached a security solution: Tr-OrBAC. Its principle is to evaluate the trustworthiness of collaborating organizations based on relevant trust criteria aimed at enhancing collaboration decision-making. The taken decision presents the attribution of the access to the desired service based on calculated trust score which is the result of the combination of the trust criteria values. Generally, the desired services do not meet the same criticism, security requirements, sensitivity, etc. Also, the collaboration context varies from a set of collaborating organizations to another. In this sense, the importance of each trust criterion depends on the desired service and the collaboration context. In this paper, we focus on detailing the trust criteria used in our approach for collaborative system security. Then, we analyze the context variability with the trust evaluation process. In addition, we present a case study to demonstrate and illustrate the feasibility of our solution for CI protection, especially the electrical grid.

show abstract

Section: Resultsmentioning

confidence: 99%

Trust Management in Collaborative Systems for Critical Infrastructure Protection

Aali

Baïna

Echabbi

2018

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

show abstract

“…This cyberattack can be in the form of DDoS on the Power Grid [24], Web attack [31], or attack the point of Sale (POS) [30]. Apart from cyberattacks, there are also External attacks [33,34], Insider Threat [35,36], Unauthorized Access [37,38], Targeted attacks [39,40], Hybrid Threats [41], Hazardous Event [42], Nature Disasters [43], Social Engineering [44], Falsification Attacks [45], Breach Attack [46], Data Theft [47], and Data Tampering [48] commonly found in CIIP. If we quote directly from the literature, vulnerability also has many terms.…”

Section: Data Extractionmentioning

confidence: 99%

“…There is a lack of connection between CII managers, so it is necessary to control safeguards to avoid risks. Other vulnerabilities found in the literature are Misconfigured Security Control [32,37,47], Collaborative Systems [38,52], Financial Vulnerability [30,31], Operator Mistakes [35,44], Lack Traceability [48,54], Unsecure Framework [53], Internal Turmoil [34], Unresolved Risk [42], Unknown Machine Failure [43], Manual Negotiation of Access Control [49], IoT Interconnection [45], Insecure Communication Technology [46], No Defense In-Depth [36], Sensor Misconfiguration [29], and Design Vulnerability [39].…”

Section: Data Extractionmentioning

confidence: 99%

“…Based on the literature review carried out, it turns out that confidentiality has no impact on the security function. Although no principle of confidentiality was considered, security function preventive [29, 32, 38, 43-46, 48, 49, 54, 55], detective [32,39,40,45,46,55], corrective [32,45,55], deterrent [32,38], recovery [32,55] and compensation [29,32,38,45,46,48,54,55] were found. This condition is different from Integrity which has correlation with corrective and recovery, and Availability with its correlation to all security function.…”

Section: Security Function On Critical Information Infrastructure Pro...mentioning

confidence: 99%

See 1 more Smart Citation

Review of Security Principles and Security Functions in Critical Information Infrastructure Protection

Putro¹,

Sensuse²

2022

IJSSE

View full text Add to dashboard Cite

There is quite a lot of research on Critical Information Infrastructure Protection (CIIP), but what threats and vulnerabilities are considered in the security principle offered is unknow. Likewise, the security functions provided have not been measured. This study is a review of CIIP using the Kitchenham framework. From 31 scientific publications and 5 CIIP standards, it was found that there were 13 threats and 16 vulnerabilities were categorized into three security principles. As a result of measuring security functions on CIIP, we found that only 25% provide all security functions.

show abstract